1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Obfuscator and Foidan.B Trojan viruses

Discussion in 'Windows - Virus and spyware problems' started by Garry1963, Oct 13, 2013.

  1. Garry1963

    Garry1963 Member

    Joined:
    Aug 5, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Hi everyone,

    Just recently discovered these little nasties lurking on my hard drive in the WIN32 folders:

    WIN32/Obfuscator.VP
    WIN32/zbot
    WIN32/Foidan.B


    would it be safe to manually remove these from this folder?

    I noticed that my Microsoft Security Essentials programme had been uninstalled. I re-installed it and that is when it picked these critters up.

    I received Windows updates the night before and everything seemed to be not right after that. My Internet struggles to cope with loading some webpages.

    I also can't load my DVDFab application up now after clicking the desktop Icon. But I can load the other applications up. Tried everything even though the target path is pointing to the right programme for the DVDFab shortcut icon.

    Also System Restore is now inoperable, showing the message "Cannot create restore point, please restart computer" which is no use. Its amazing what damage these viruses can do.

    Can anyone please tell me how to fix the shortcut icon problem?

    Many thanks.
     
  2. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,147
    Likes Received:
    41
    Trophy Points:
    128
    I know in Windows 7 you can type rstrui.exe from the start box to get the restore program running.

    Or reboot into Safe Moded;Select 'Safe mode with command prompt'.
    At the command prompt, type rstrui.exe and press Enter.
     
    Last edited: Oct 13, 2013
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Garry1963,

    You have more than just a simple virus.

    VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

    Attempt to run and post DDS and I will attempt to help you clean up.

    DDS logs

    DDS is a diagnostic tool, which scans your computer and produces logs which can be analysed by your helper.

    To run a scan with DDS .....

    Download -> DDS and save it to your Desktop.

    Alternate Download -> HERE

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.

    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
    DDS.txt
    • Attach.txt


    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.

    Please note it is important that you post BOTH logs in your topic.

    Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


    Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS.


    2oG
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Agreed! Something uninstalled Microsoft Security Essentials and that action was not mentioned in any Obfuscator info. Something else may have installed these other tools as a smoke screen for the real threat.

    How to manually remove VirTool:Win32/Obfuscator
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You got the picture, Mez.. WIN32/zbot is a Trojan that has probably brought in a ton of stuff including a Rootkit... Obfuscator keeps you from seeing any of it.

    P.S. MSE has the ability to remove Obfuscator, that's why the Ttojan turned it off.
     
    Last edited: Oct 14, 2013

Share This Page