Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with VirTool:Win32/Obfuscator.XZ

  • Please log in to reply
1 reply to this topic

#1 rawstuff


  • Members
  • 1 posts
  • Gender:Male
  • Location:Netherlands
  • Local time:11:13 AM

Posted 11 May 2012 - 08:42 PM

I was stupid enough to download an unrated torrent (please don't judge me... i learned my lesson) and after a restart of my pc Malwarebytes started to block svchost.exe wich was connecting to a unknown ip adres.
I did several scans with MBAM, Kaspersky online and Sophos rootkit scanner, finally MSE detected the malware.
The malicious behaviour ended 10 minutes before the MSE scan was completed.

As i understand the file mentioned in the titel is a rootkit and uses encryption to stay hidden from scanners.
I'm not sure if my system is still infected, removing the source might not be enough to ensure a clean system.

I use Windows 7 64 bit.

Hopefully someone can help me,
Thanks in advance


Edited by rawstuff, 11 May 2012 - 08:45 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 11 May 2012 - 09:24 PM

It is tru that it wil hide or become obfuscated

VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

These obfuscation techniques are used on various kinds of malware. The malware that lies "underneath" may have virtually any purpose. Hence, there are no obvious symptoms that indicate the presence of this malware on an affected machine.


You can back up the registry { Windows 7 - Registry - Backup and Restore then Manually remove any of the files listed HERE ,under Manual Removal.

I you are not comfortable doing that,don't. Reply here and we will move you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users