Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Obfuscator.xz detected w/ MSE

24 Mar 2013   #11
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

I have not done a clean install yet. It would be a big process, so if I can avoid it safely, that would be great.

Downloading and running AdwCleaner now, and will post the report when it's completed.


My System SpecsSystem Spec
.
24 Mar 2013   #12
cottonball

Windows 7 Home Premium
 
 

Also, please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)


When you get to the website, go to where it says:
(Download link) Lien de téléchargement
Select the version that applies to your system: x64
Click the dark-blue button that applies.

Save to the Desktop.


Close all windows and browsers
Right-click RogueKiller and select: Run as Administrator

Press: SCAN


When done, a report opens on the Desktop: RKreport.txt


Please provide the RKreport.txt (Mode: Scan) in your reply.
(Please do not delete anything! Thanks!)
My System SpecsSystem Spec
24 Mar 2013   #13
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

Here's the report from AdwCleaner. Will download and run RogueKiller now.

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 08:57:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\home\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\home\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1693 octets] - [24/03/2013 08:57:26]

########## EOF - C:\AdwCleaner[R1].txt - [1753 octets] ##########
My System SpecsSystem Spec
.

24 Mar 2013   #14
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

Here's the RKreport.


Attached Files
File Type: txt RKreport[1]_S_03242013_02d0904.txt (2.3 KB, 4 views)
My System SpecsSystem Spec
24 Mar 2013   #15
cottonball

Windows 7 Home Premium
 
 

Please run AdwCleaner once again, and this time use the Delete option.

On RogueKiller, do you engage in any activity with: wireless-rtr.stanford.edu?
Might be doing couses on-line?

Last, for your peace of mind, please run ESET once again, just like in Post #3.
It should take less time now.

When you do so, Under Scan Settings, make sure that the option Remove found threats is checked, and the option Scan Archives is checked.

When the scan completes, click: List Threats

Please copy and provide the information presented in your reply. (If no malware is found, a list is not presented.)

Need to go out and get some lunch, will be back around 2:00PM Central Time (USA).

Are you near St. Louis? If so, I am also.
My System SpecsSystem Spec
24 Mar 2013   #16
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

Never engaged in any activity with wireless-rtr.stanford.edu that I am aware of. That has me worried.

I'll do everything else as instructed and post the results. Thanks again.
My System SpecsSystem Spec
24 Mar 2013   #17
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

Here's the report from AdwCleaner. Will run ESET now and get back with results.

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 10:14:55
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\home\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\home\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js

C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1822 octets] - [24/03/2013 08:57:26]
AdwCleaner[R2].txt - [1882 octets] - [24/03/2013 10:14:39]
AdwCleaner[S1].txt - [1934 octets] - [24/03/2013 10:14:55]

########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########
My System SpecsSystem Spec
24 Mar 2013   #18
cottonball

Windows 7 Home Premium
 
 

Let's press on with RogueKiller and get rid of those entries that concern you.

•Please quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Once again at the RogueKiller console, click the DNS tab.
•Make sure the entries there are checked, if there is an option to do so.
•Then, press the [DNSFix] button.

Last, an RKreport (Mode: DNSFix) is created on the Desktop.

Please post the report in your reply.
My System SpecsSystem Spec
24 Mar 2013   #19
cottonball

Windows 7 Home Premium
 
 

Also download farbar's MiniToolBox:
Downloading MiniToolBox
Save to your Dsktop and double-click to run it.

Check the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
Click: Go
Please post the Result.txt (appears on the Desktop) in your reply.
My System SpecsSystem Spec
24 Mar 2013   #20
In Need Of Help

Windows 7 Home Premium 64bit.
 
 

ESET finally finished, it took over 4 1/2 hours, and I just realized I forgot to turn off MSE this time. It found the two Ask toolbars again, and I'm pretty sure it deleted them, but accidentally closed it before checking the threat list. Been up all night with this issue, and I'm getting too tired to function. I'll run it again and check to make sure it was done correctly.

Ran RogueKiller again, nothing showed up under the DNS tab. I ran DNSFix, here's the log.

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : DNSFix -- Date : 03/24/2013 15:15:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()

¤¤¤ Driver : [NOT LOADED] ¤¤¤

Finished : << RKreport[2]_DN_03242013_02d1515.txt >>
RKreport[1]_S_03242013_02d0904.txt ; RKreport[2]_DN_03242013_02d1515.txt



Going to install and run the MiniToolBox now, and will post the results.
My System SpecsSystem Spec
Reply

 Obfuscator.xz detected w/ MSE




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
Unable to get rid of virtool.win32/obfuscator.XZ
Hello, I'm a new member. I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit? Avira detects it as a hidden...
System Security
Virtool win32 Obfuscator.xz detected w/ MSE
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security
MSE detected Obfuscator.xz NBA 2k13
I am currently having the same problem as Quadra and I was directed to making my own thread about it. The Obfuscator.xz is also shown to be in my NBA 2k13 files and so far I have run AdwareCleaner and am about to get hijackthis as a lot of people seem to use it. If anyone has any further...
System Security
Remove Obfuscator.xz Virus Tool
Hi to all, I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to clean the system it fails. So after a research in the forum I found that some users recomend to follow that guide: How to Remove VirTool:Win32/obfuscator.XZ Completely and Effectively (Step-by-step...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:19.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App