having possible issues related to VirTool:Win32\Obfuscator.XZ

[FishChicken]

hi, so about 2 weeks ago i dled a cracked version of the crysis series and it turned out that the cracked had contained the VirTool:Win32\Obfuscator.XZ malware (picked up by MSE) and subsequently steam stopped working properly (not sure if related). i removed the files that MSE said contained the obfuscator.XZ and things started working better again, but recently the same issues arose again, but MSE doesn't pick up anything when i run a full scan. is there a way to properly scan for and remove it?

 

[cottonball]

FishChicken,

Besides being illegal, cracked software is a prime source for infecting your system.

This forum, as well as other reputable malware removal forums, do not support the use of illegal software, otherwise it is construed as aiding and abetting theft.

If you wish to receive help, then you must remove all cracked software and any cracking tools from the computer.

When done, download CKScanner:
http://downloads.malwareremoval.com/CKScanner.exe

Important: - Save it to your Desktop

Double-click CKScanner.exe, then, click: Search For Files
When a list appears, click: Save List To File
A message box verifies the file saved.

Double-click the CKFiles.txt on your Desktop, and copy/paste the contents in your reply.

 

[FishChicken]

hi, thanks for the reply
yeah i removed any of the cracked software etc from my comp and i ran the scanner, but this is all it came up with

 

[cottonball]

Please run the following online scanner...

This may take a while, so run the following when you can be home.

:info: The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, uncheck: Remove found threats
Next, click on: Advanced Settings


Make sure these options are checked:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

Click: Scan


When the scan is completed, if threats are found, in the Scan Results prompt:

• Click on: List of threats found
• Click on: Export to text file
• Save to the Desktop and name it ESET Scan Results
• Click on: Back
• Place a check on: Uninstall application on close
• Click on: Finish, and close the program.

Please provide the ESET report in your reply to determine if any further action is necessary.

 

[FishChicken]

here's the list

 

[cottonball]

ESET is showing some adware/junkware in the system, so, please do the following:

:info: Download AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/

• Save the program to the Desktop
• Close all open programs and internet browsers.
• Right-click on adwcleaner.exe and select: Run As Administrator
• At the program console, click on: Delete
• When the program is done, the computer is rebooted automatically, and a text file opens after the restart.

Please post the AdwCleaner report in your reply. <<<---




:info: Also use the Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Right-click JRT.exe and select: Run as Administrator
The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.

 

[FishChicken]

here are the reports:

 

[cottonball]

Please do the following...this tool normally detects hard to find malware.

:info: Download the Farbar Recovery Scan Tool
Select the 64-bit version.
Save to the Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---

 

[FishChicken]

here you go

 

[cottonball]

Are you still having issues possibly related to VirTool:Win32\Obfuscator.XZ?

VirTool:Win32/Obfuscator detections are programs/files modified to prevent detection by AntiVirus scanners.

From working on a few cases where VirTool:Win32/Obfuscator was detected, noticed that cracks, keygens and serials were used.

 

[FishChicken]

I don't think so, my computer's stopped stalling and i'm starting to think that the problem with steam i mentioned before wasn't related to the malware. i'll probably post that issue in a different part of the forum (since steam support is pretty useless).
but yeah thanks for the help!

 

[cottonball]

That's fine.

Do stay away from cracked/pirated software. Malware authors prey on users looking to circumvent software protection mechanisms.