TechSpot

Trojan.Win32.Obfuscated.bl cant remove it

By Moondrinker
Feb 5, 2007
  1. Hello! :wave:

    I got F-Secure antivirus on my computer and yestoday it popped up with a message saying that i had the Trojan.Win32.Obfuscated.bl trojan. Now, i have tried to delete, disinfect and renaming it but everytime i do, this happends:

    http://support.f-secure.com/enu/images/step5empty.gif

    And 15min later the same message pop up and i end up with the same result; that i cant delete the trojan.

    I've read those stickys and downloaded some of the software (AVG anti spyware and HJT) but it couldn't track the trojan. I need help fast i think, lately my icons and desktop has been relocated and i am writing an importent report at the moment which i of course will keep safe.

    Anyhow, how do i get rid of this

    Here is a log i got from HJT:
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your version of HJT is out of date. The current version is 1.99.1.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Moondrinker

    Moondrinker TS Rookie Topic Starter

    aw :(

    Okay, i have done everything that you said, read everything that you said and it took a bout 5h to get it all done! :bounce: But now i'm done :p.
    I had one problem though, i couldn't open F-secure in safe mode. I tried everything, it wouldn't open. I clicked on the icon, nothing happend, i went to the folder and clicked directly on the program, nothing happend either.

    Though, when i logged on to write this message i got the message about the very same trojan that was bothering me the other day. The message was from F-secure and again it couldn't delete it.

    I've taken two logs, one from HJT and one from AD-Aware SE.

    Here:

    And thanks for replying that fast the first time! I appreciate it.
     
  4. tomrca

    tomrca TS Rookie Posts: 1,000

    cant find anything on this one , do you recognise it?
    O4 - HKCU\..\Run: [soap send] C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    As tomrca points out, I can find no info for the chiccool.exe file.

    If you don`t know exactly what it is, please do the following.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe
    * Click Open
    * Please let me know the results.

    Other than the above possibly dodgy entry, your HJT log is clean.

    Regards Howard :)

    This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Moondrinker

    Moondrinker TS Rookie Topic Starter

    No i dont regonize it. It was actually the first item i saw on the list that made me wonder. I havn't heard any of those names :S

    The server is full atm. Thanks on advantage i'll try later.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The fact that you don`t recognise it means it`s probably bad.

    I therefore recommend you get rid of it by doing the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    chiccool.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [soap send] C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...