MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

cottonball · 19 Mar 2013

The installed game does not appear to be flagged as malicious. It is the ISO for the game that is being flagged.

It was located in Drive E:\Torrents\Sleeping.Dogs-SKIDROW\sr-sddvd2.iso a variant of Win32/Packed.VMProtect.AAA trojan

ESET has it quarantined.
Is drive E:\ a fixed drive?

~~~~
Another issue is pointed out by SAS:
Rootkit.Agent/Gen
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE

Do need that RogueKiller RKreport to see what it shows.

Will be back later...

VistaKing · 19 Mar 2013

LSASS.EXE correct folder is C:\Windows\System32

This needs to be removed

Code:

C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE

Delete that ISO

@Cottonball

I believe E:\ is either a second HDD or 3rd partition

Zibeltor · 19 Mar 2013

Here are the two new screens. And regarding Sleeping Dogs, I just tried to uninstall it and can't, getting this error message: Runtime Error (at 175:1185):

Cannot open file C:\Users\Carl\AppData\Local\Temp\is-MQEF8.tmp\1.bmp

I kind of doubt that file is the evil virus though? I mean, thousands of people downloaded that file without incident...

@Cottonball: I appreciate the help, but I'm honestly so tired of fruitlessly running scans all (of the last three) days. I have no idea what vistaking is on to, but I wanna let him run down his theory first.

Edit: I went ahead and deleted the offending iso. When you say "this needs to be removed" you just want me to go into my directory, find that file, press delete and everything well be fixed? O.o

VistaKing · 19 Mar 2013

Theory ? The keys I'm telling you to look at is where programs are placed to run as soon as the PC starts .

Thousands of people do if that but I guess you're the lucky one and got the virus you're trying to remove .

If you do not want my help all you have to do is say it and not speculate some type of theories that I am having you look at . Any program that anyone would tell u to scan with will look for those keys that I asked you to look at .

Zibeltor · 19 Mar 2013

I didn't mean to imply that you didn't know what you were doing Vistaking. It says you are the Windows 7 guru right under your name. I was saying that I don't know what you're doing. Just because I don't know what you're doing doesn't mean I wont follow your advice. :P

I went ahead and deleted the iso. Should I go ahead and delete that other, much longer thing? (C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\07CCC227213AC080954CC1FC7C451E72\AMD64_MICROSOFT-WINDOWS-LSA_31BF3856AD364E35_6.1.7601.22099_NONE_04A88CE28CC4EB33\LSASS.EXE )

EDIT: Well, I went ahead and looked for the much longer thing, but couldn't find any such thing to delete. I have included the screen cap for your perusal.

VistaKing · 19 Mar 2013

Zibeltor

Your MSE is the one who discovered the virus . Do a quick scan inside MSE if possible now that you went ahead and deleted the .iso file .

Zibeltor · 19 Mar 2013

Alrighty, I'm running the scan now. I just found out I mispoke when I said it was MSE that found the virus. x.x It wasn't Microsoft Security Essentials; it was another program called Microsoft Safety Scanner. Anyway, I'm running the Microsoft Safety Scanner to see if it can find that virus again. Thanks so much for your help vistaking! I'll edit this post when the scan is finished.

VistaKing · 19 Mar 2013

Zibeltor

You have mentioned that you had blue screens . Follow the tutorial below

Blue Screen of Death (BSOD) Posting Instructions

Zibeltor · 19 Mar 2013

x.x I came back to check the scan, but my computer had already blue screened again. I'll run the scan again, and try to edit this post with the bluescreen info that the other thread requested. I'm a little busy right now though, so i might not get to it until later tonight.

VistaKing · 19 Mar 2013

Take your time . We are here to help

ADDED :
Noticed you also have Daemon Tools . We've came across a lot with members here having it and having blue screens. Do the steps below

Daemon Tools uses SCSI Pass Through Direct (SPTD), which is a well known BSOD causer. Uninstall Daemon Tools . Then download SPTD standalone installer

Download

FOR 64-bit OS

Download

FOR 32-bit OS
and execute the downloaded file as guided below :
Double click to open it.
Click this button only:

Note

If it is grayed out, as in the picture, there is no more SPTD in your system, and you just close the window.