Infected by virtool.win32/obfuscator.XZ on Windows 7

Anytime you have a rootkit, the best option is to do a clean install. A rootkit generally creates a hidden partition on your HD & boots from that. So it's up & running even before Windows is running.

https://www.microsoft.com/security/p...FObfuscator.XZ

There are tools you can try to clean out the system with, however in many cases, the damage is done & some of the Windows files are corrupted, to the point that they cannot be repaired (depending on the rootkit). The best option would be to try to get your PC as clean as possible, save your personal files & do a clean install.

Clean Install Windows 7

TDSSKiller is a anti rootkit utility that may/may not be able to remove the infection.

Windows Defender Offline can also help to clean up your system. Be aware that this AV needs to be made on a clean PC, otherwise there is a risk the scanning engine will be compromised.

In the future you may wish to make a system image so if something like this hits again, you can restore your PC to the state it was in when you made the system image. Keep 2 or 3 on an external HD in case you accidentally make a image that contains a virus.

Backup Complete Computer - Create an Image Backup

Generally TDSSKiller is good at spotting them. And as I mentioned, may be able to clean the infection.

Windows Defender Offline will spot them too, but sometimes has trouble cleaning them out.

The other way you can check it to d/l & run GParted, a free bootable partition editor. You'll need to make a boot disk, then run it & look for a hidden partition. If you find one, usually at the end of the drive, between 1 - 10 MB, then it's highly likely you a rootkit.

GParted -- About

Thank you, a Happy New year to you also:)

Unallocated means there's nothing there. If TDSSKiller did find a rootkit on your previous scans, then this is probably the remnant. Otherwise, everything looks normal.

Most rootkits will show up as a partition 1 - 10 MB in size, and it will be listed as hidden & as a boot partition.

Hopefully everything is running well, assuming it is, keep a close watch on your system for strange behavior.

It would still be a good idea to run WDO if you haven't already, as this is a boot scanner & might find some things. Never hurts to be double sure when it comes to PC viruses.:)

Glad I could help. Please keep a close eye on your system for any suspicious behavior.

It would be a good idea to change your passwords on any websites you visited, from a clean PC (don't use yours, wait a couple weeks to see if anything suspicious happens).

Some VirTool:Win32/Obfuscator.XZ infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc.

Edit: I would also like to add that the only way you can be 100% sure everything is gone is to do a clean install. Judging by what MS wrote about the virus, you may never know if you got it all. Once it looks like everything is clean & running well, you may wish to consider saving all your personal files & the re-install when it's convenient.

VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

These obfuscation techniques are used on various kinds of malware. The malware that lies "underneath" may have virtually any purpose. Hence, there are no obvious symptoms that indicate the presence of this malware on an affected machine.