Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

18 Mar 2013   #1

Windows 7 Home Premium 64bit
MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

How do I get rid of this sucker?

My System SpecsSystem Spec
18 Mar 2013   #2

Microsoft Windows 7 Home Premium 64-bit 7600

a quick google showed this thread as first hit...

Infected by virtool.win32/obfuscator.XZ

loads of info there, good luck.
My System SpecsSystem Spec
18 Mar 2013   #3

Windows 7 Home Premium 64bit

Yeah, I read that thread. The dds tool that Jacee recommends though...none of those mirrors work anymore. :/

Scratch that, I found dds. I have included the two logs she asked that guy for, but I don't really know what she was looking for or what made her decide to recommend combo fix. :/

Attached Files
File Type: txt attach.txt (8.6 KB, 10 views)
File Type: txt dds.txt (19.5 KB, 11 views)
My System SpecsSystem Spec

18 Mar 2013   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1

virtool.win32/obfuscator.XZ ...This is a "backdoor Trojan" ...

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

Please uninstall all P2P programs!

Next, we're going to flush the DNS cache and restore MS's Hosts file.
Copy and paste these lines in Note pad.

@Echo on
attrib -h -s -r hosts
echo localhost>HOSTS
attrib +r +h +s hosts
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

After doing the above, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
18 Mar 2013   #5

Windows 7 Home Premium 64bit

I did all the steps you recommended, and ESET found something, but I'm 99% sure that's not what's been causing my blue screens.

Attached Files
File Type: txt ESETScan.txt (118 Bytes, 22 views)
My System SpecsSystem Spec
18 Mar 2013   #6

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Hi Zibeltor

Lets use SuperAntispyware to remove that


Once you’ve launched the application on the infected machine, you should see a welcome screen, and you can just click the button to start it up.

Pick your language

Click on scan your computer

Select the locations to scan, and choose to Perform Complete Scan (there’s no point in a quick scan on an infected machine).

The application will scan through the system and find anything bad on the system, and then let you remove it all easily
My System SpecsSystem Spec
18 Mar 2013   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

E:\Torrents\Sleeping.Dogs-SKIDROW\sr-sddvd2.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
Ah-ha! Problem ... VMProtect Software Protection » VMProtect.AAA, VMProtect.AAD

If it's not paid for, then it's pirated.
My System SpecsSystem Spec
18 Mar 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Nice a program using an old MS Office logo as their software logo .
My System SpecsSystem Spec
19 Mar 2013   #9

Windows 7 Home Premium 64bit

Thank you for your help VistaKing. I'm running the scan now. I'll edit this post when I have results to show you.
My System SpecsSystem Spec
19 Mar 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Lets see if we could remove that . If it locates any cookies that's ok that not malware . You may delete those as well .
My System SpecsSystem Spec

 MSE found virtool.win32/obfuscator.XZ but couldn't get rid of it.

Thread Tools

Similar help and support threads
Thread Forum
Trying to get rid of virtool:win32/obfuscator.xz
Read a couple threads and got a little head start. I ran Adwcleaner and am attaching the log from that and currently running TFC. I want to make sure its 100% gone and any other malware too. Would the next step be running an ESET scan?
System Security
Unable to get rid of virtool.win32/obfuscator.XZ
Hello, I'm a new member. I've got this nasty virus and I cannot get rid of it. Microsoft security essentials keeps detecting it every time I run a complete scan even though it says it is in quarentine. It does not detect it in safe mode. Maybe it is a rootkit? Avira detects it as a hidden...
System Security
Virtool win32 Obfuscator.xz detected w/ MSE
Hello, I realize there's a similar thread on the front page but have come to the understanding I should create my own thread. I recently ran a scan w/ MSE and came back w/ a hit for Virtool win32 Obfuscator.xz. MSE was unable to quarantine or remove it. I found what I think were the...
System Security
Infected by virtool.win32/obfuscator.XZ
Hi Got up this morning to a message that I had a problem. I scanned with MSE and it found virtool.win32/obfuscator.XZ but when I tried to 'clean' the system it seemed to fail. I found a similar post in this forum and so I ran F-secure and here is the report (I think this is what you...
System Security
Virtool win32 Obfuscator.xz detected
i have had this virus for some time now and then one day my mse stared popping up in my Google chrome saying virus and to clean my pc i said no a few time and then i hit yes it download win 7 clean pro which i remove in like 3 seconds but then the file Virtool win32 Obfuscator.xz stayed i got the...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:09.
Twitter Facebook Google+