Solved Virtool win32 Obfuscator.xz detected w/ MSE

Quadra, try right clicking on the CKscanner.exe and choose Run as Administrator .

@VistaKing Thanks, got it to work, just left mouse alone and let it do its thing. Posted results in my previous post via an edit.

The programs that Cottonball has you use you would need to right click on them and choose Run as administrator. That is only needed in Windows 7 and Vista . Windows XP doesn't require that .

Quadra,

ESET is normally effective at finding cracks, serials and keygens on a system, and your report presents a quandary.

I am not into gaming, but, there is a CheatEngine showing there, and numerous entries identifying a Win32/GameHack application in C:\Users\Squall\Downloads\

You mention:

These are modifications for the games I own.

Click to expand...

What kind of modification? Are these "modifications" legal?

Any unauthorized user of copyrighted or patented material is considered engaging in software piracy.

The next step is to run ESET once again, and check the option: Remove found threats

I need to talk to someone her that has first hand knowledge of the policies of this forum.
In forums where I also work, assisting anyone suspected of having obtained their software illegally is not allowed.

@ Cottonball I will run ESET as instructed.

In regards to Cheatengine and the modifications they are legal. I use them to modify certain values in my games. For example I may be playing a game where I want my character to be invincible or wear certain armor or use a certain weapon. I'll use cheatengine (in the case of invincibility) to find the address for my characters health and change that value to the point where my character cannot die.

Here's a simple description of CheatEngine and its uses. Cheat Engine - Wikipedia, the free encyclopedia
Here's a description of the modifications. Trainer (games) - Wikipedia, the free encyclopedia

Results of second ESET using threat removal.

C:\Users\All Users\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application
C:\ProgramData\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\4f79ed8629923[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\optimizerpro[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\codecc_extension.exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\Port\GOT+8Tr-LNG.exe a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
E:\Users\Administrator\Downloads\GOT-1100+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG(1).rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT_8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\ps3tools\ps3tools\tools\PKG_ContentID.exe probably unknown NewHeur_PE virus deleted - quarantined

Please download Farbar Service Scannerand run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Hello Jacee,

As requested Farbar log:

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 23-03-2013 at 14:28:11
Running from "E:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\mpssvc.dll => MD5 is legit
E:\Windows\System32\bfe.dll => MD5 is legit
E:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
E:\Windows\System32\SDRSVC.dll => MD5 is legit
E:\Windows\System32\vssvc.exe => MD5 is legit
E:\Windows\System32\wscsvc.dll => MD5 is legit
E:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
E:\Windows\System32\wuaueng.dll => MD5 is legit
E:\Windows\System32\qmgr.dll => MD5 is legit
E:\Windows\System32\es.dll => MD5 is legit
E:\Windows\System32\cryptsvc.dll => MD5 is legit
E:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

all i guess is it must be false positive if it is really reloaded upload because MSE detects every crack also as virus while they do not harm or act like any trojan which sends your private infos to someone else that is why i removed MSE from my PC

Quadra,

Back to:
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

Let's do some searching...

Please download SystemLook.

64-bit:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Save to your Desktop.

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content inside the following quote box into the main textfield:

:filefind
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

Click to expand...

lick the Look button to start the scan.

When finished, a notepad window opens with the results.

Please post the SystemLook.txt (found on the Desktop) in your reply

Hello Cottonball,

As you requested.

The log is a bunch of numbers and boxes

Dont know why it appears that way. Here's whats in the log though.

SystemLook 30.07.11 by jpshortstuff
Log created at 19:47 on 23/03/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO"
No files found.

Searching for "E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll"
No files found.

-= EOF =-

It's not locating those files .

Is that good or bad? Assuming good since MSE associated those w/ the virus.

You did manually delete the iso. That is why the ISO didn't show up .

How does the log look with ESET scan

About to run ESET.

ESET scan finished and found 0 infected files.

Cool. So I am in the clear? If so, should I mark the thread as solved?