Obfuscator.xz detected w/ MSE

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #11

    I have not done a clean install yet. It would be a big process, so if I can avoid it safely, that would be great.

    Downloading and running AdwCleaner now, and will post the report when it's completed.
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #12

    Also, please download RogueKiller:
    Tlcharger RogueKiller (Site Officiel)


    When you get to the website, go to where it says:
    (Download link) Lien de téléchargement
    Select the version that applies to your system: x64
    Click the dark-blue button that applies.

    Save to the Desktop.


    Close all windows and browsers
    Right-click RogueKiller and select: Run as Administrator

    Press: SCAN


    When done, a report opens on the Desktop: RKreport.txt


    Please provide the RKreport.txt (Mode: Scan) in your reply.
    (Please do not delete anything! Thanks!)
      My Computer


  3. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #13

    Here's the report from AdwCleaner. Will download and run RogueKiller now.

    # AdwCleaner v2.115 - Logfile created 03/24/2013 at 08:57:26
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : home - HOME-PC
    # Boot Mode : Normal
    # Running from : C:\Users\home\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\home\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\home\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16521

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1693 octets] - [24/03/2013 08:57:26]

    ########## EOF - C:\AdwCleaner[R1].txt - [1753 octets] ##########
      My Computer


  4. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #14

    Here's the RKreport.
    Obfuscator.xz detected w/ MSE Attached Files
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #15

    Please run AdwCleaner once again, and this time use the Delete option.

    On RogueKiller, do you engage in any activity with: wireless-rtr.stanford.edu?
    Might be doing couses on-line?

    Last, for your peace of mind, please run ESET once again, just like in Post #3.
    It should take less time now.

    When you do so, Under Scan Settings, make sure that the option Remove found threats is checked, and the option Scan Archives is checked.

    When the scan completes, click: List Threats

    Please copy and provide the information presented in your reply. (If no malware is found, a list is not presented.)

    Need to go out and get some lunch, will be back around 2:00PM Central Time (USA).

    Are you near St. Louis? If so, I am also.
      My Computer


  6. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #16

    Never engaged in any activity with wireless-rtr.stanford.edu that I am aware of. That has me worried.

    I'll do everything else as instructed and post the results. Thanks again.
      My Computer


  7. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #17

    Here's the report from AdwCleaner. Will run ESET now and get back with results.

    # AdwCleaner v2.115 - Logfile created 03/24/2013 at 10:14:55
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : home - HOME-PC
    # Boot Mode : Normal
    # Running from : C:\Users\home\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\home\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\home\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16521

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js

    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\user.js ... Deleted !

    [OK] File is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1822 octets] - [24/03/2013 08:57:26]
    AdwCleaner[R2].txt - [1882 octets] - [24/03/2013 10:14:39]
    AdwCleaner[S1].txt - [1934 octets] - [24/03/2013 10:14:55]

    ########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########
      My Computer


  8. Posts : 2,470
    Windows 7 Home Premium
       #18

    Let's press on with RogueKiller and get rid of those entries that concern you.

    •Please quit all programs
    •Right-click the RogueKiller file and select: Run as Administrator
    •Wait until the Prescan finishes
    •Press: Scan
    •Once again at the RogueKiller console, click the DNS tab.
    •Make sure the entries there are checked, if there is an option to do so.
    •Then, press the [DNSFix] button.

    Last, an RKreport (Mode: DNSFix) is created on the Desktop.

    Please post the report in your reply.
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #19

    Also download farbar's MiniToolBox:
    Downloading MiniToolBox
    Save to your Dsktop and double-click to run it.

    Check the following boxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries

    Click: Go
    Please post the Result.txt (appears on the Desktop) in your reply.
      My Computer


  10. Posts : 14
    Windows 7 Home Premium 64bit.
    Thread Starter
       #20

    ESET finally finished, it took over 4 1/2 hours, and I just realized I forgot to turn off MSE this time. It found the two Ask toolbars again, and I'm pretty sure it deleted them, but accidentally closed it before checking the threat list. Been up all night with this issue, and I'm getting too tired to function. I'll run it again and check to make sure it was done correctly.

    Ran RogueKiller again, nothing showed up under the DNS tab. I ran DNSFix, here's the log.

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : home [Admin rights]
    Mode : DNSFix -- Date : 03/24/2013 15:15:21
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    Finished : << RKreport[2]_DN_03242013_02d1515.txt >>
    RKreport[1]_S_03242013_02d0904.txt ; RKreport[2]_DN_03242013_02d1515.txt



    Going to install and run the MiniToolBox now, and will post the results.
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:48.
Find Us