Virtool win32 Obfuscator.xz detected w/ MSE

VistaKing · 22 Mar 2013

Quadra, try right clicking on the CKscanner.exe and choose Run as Administrator .

Quadra · 22 Mar 2013

@VistaKing Thanks, got it to work, just left mouse alone and let it do its thing. Posted results in my previous post via an edit.

VistaKing · 22 Mar 2013

The programs that Cottonball has you use you would need to right click on them and choose Run as administrator. That is only needed in Windows 7 and Vista . Windows XP doesn't require that .

cottonball · 22 Mar 2013

Quadra,

ESET is normally effective at finding cracks, serials and keygens on a system, and your report presents a quandary.

I am not into gaming, but, there is a CheatEngine showing there, and numerous entries identifying a Win32/GameHack application in C:\Users\Squall\Downloads\

You mention:

These are modifications for the games I own.

What kind of modification? Are these "modifications" legal?

Any unauthorized user of copyrighted or patented material is considered engaging in software piracy.

The next step is to run ESET once again, and check the option: Remove found threats

I need to talk to someone her that has first hand knowledge of the policies of this forum.
In forums where I also work, assisting anyone suspected of having obtained their software illegally is not allowed.

Quadra · 22 Mar 2013

@ Cottonball I will run ESET as instructed.

In regards to Cheatengine and the modifications they are legal. I use them to modify certain values in my games. For example I may be playing a game where I want my character to be invincible or wear certain armor or use a certain weapon. I'll use cheatengine (in the case of invincibility) to find the address for my characters health and change that value to the point where my character cannot die.

Here's a simple description of CheatEngine and its uses. Cheat Engine - Wikipedia, the free encyclopedia
Here's a description of the modifications. Trainer (games) - Wikipedia, the free encyclopedia

Quadra · 23 Mar 2013

Results of second ESET using threat removal.

C:\Users\All Users\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application
C:\ProgramData\Codecv\bhoclass.dll a variant of Win32/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\4f79ed8629923[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRHE5WVN\optimizerpro[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\codecc_extension.exe multiple threats cleaned by deleting - quarantined
C:\Users\Squall\AppData\Local\Temp\Addons\{A4951A8C-DEB0-54C5-B62E-96927F76387A}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
E:\Users\Administrator\Desktop\Port\GOT+8Tr-LNG.exe a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
E:\Users\Administrator\Downloads\GOT-1100+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG(1).rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT-1300+8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\Downloads\GOT_8Tr-LNG.rar a variant of Win32/Packed.VMProtect.AAH trojan deleted - quarantined
E:\Users\Administrator\ps3tools\ps3tools\tools\PKG_ContentID.exe probably unknown NewHeur_PE virus deleted - quarantined

Jacee · 23 Mar 2013

Please download Farbar Service Scannerand run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Quadra · 23 Mar 2013

Hello Jacee,

As requested Farbar log:

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 23-03-2013 at 14:28:11
Running from "E:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
E:\Windows\System32\nsisvc.dll => MD5 is legit
E:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
E:\Windows\System32\dhcpcore.dll => MD5 is legit
E:\Windows\System32\drivers\afd.sys => MD5 is legit
E:\Windows\System32\drivers\tdx.sys => MD5 is legit
E:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
E:\Windows\System32\dnsrslvr.dll => MD5 is legit
E:\Windows\System32\mpssvc.dll => MD5 is legit
E:\Windows\System32\bfe.dll => MD5 is legit
E:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
E:\Windows\System32\SDRSVC.dll => MD5 is legit
E:\Windows\System32\vssvc.exe => MD5 is legit
E:\Windows\System32\wscsvc.dll => MD5 is legit
E:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
E:\Windows\System32\wuaueng.dll => MD5 is legit
E:\Windows\System32\qmgr.dll => MD5 is legit
E:\Windows\System32\es.dll => MD5 is legit
E:\Windows\System32\cryptsvc.dll => MD5 is legit
E:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

georgehagi · 23 Mar 2013

all i guess is it must be false positive if it is really reloaded upload because MSE detects every crack also as virus while they do not harm or act like any trojan which sends your private infos to someone else that is why i removed MSE from my PC

cottonball · 23 Mar 2013

Quadra,

Back to:
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

Let's do some searching...

Please download SystemLook.

64-bit:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Save to your Desktop.

Right-click on SystemLook.exe, and select: Run As Administrator

Copy the content inside the following quote box into the main textfield:

:filefind
E:\Users\Administrator\Desktop\FNIS\fa\NBA.2k13-RELOADED.ISO
E:\Program Files (x86)\2k Sports\NBA 2k13\rld.dll

lick the Look button to start the scan.

When finished, a notepad window opens with the results.

Please post the SystemLook.txt (found on the Desktop) in your reply