TechSpot

Trojan.Win32.Obfuscated.bl

By karltin
Jan 31, 2007
  1. hi howard!
    I read this thread coz I need help with removing Trojan.Win32.Obfuscated.bl from my PC. Can you please give me steps (in its simplest form as I am not very good at this) on how I can get rid of this?
    PLEASE! I really need help ASAP. Thanks!
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    Please read this thread here: Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT and AVG logs as attachments into this thread.

    Cheers :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  3. karltin

    karltin TS Rookie Topic Starter Posts: 25

  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hey,

    Most of the stuff I see in your HJT log that's bad is like all this Poker stuff.

    Have it fix the following entries:

    O4 - HKCU\..\Run: [logobolt] C:\DOCUME~1\135CAL~1\APPLIC~1\TRAYSO~1\Kind free.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (HKCU)
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - [https]casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [http]www.popcap.com/games/popcaploader_v6.cab

    Go into Add/Remove Programs in Control Panel and uninstall anything having to do with poker or kind free.

    Then post fresh HJT and AVG logs as attachments into this thread.

    Regards :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  5. karltin

    karltin TS Rookie Topic Starter Posts: 25

    hi!

    i read on here (same problem as mine) that all this needs to be done on safe mode. do i have to do the same when i do the HJT again?

    thanks!
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Yes karltin,
    go into the SAFE MODE and do your cleaning, then reboot your system and post a new HJT and AVG log
     
  7. karltin

    karltin TS Rookie Topic Starter Posts: 25

    hey thanks! :) been sat here waiting for a reply :)

    hi again!

    here's the new HJT and AVG log...


    View attachment 13194

    View attachment hijackthis.log

    thanks!

    I've just restarted my PC and once I was connected to the iternet my Zonealarm antivirus came up, still, with the Trojan.Win32.Obfuscated.bl
    I guess all the scanning that I did didn't remove it.
    Can someone please help me. Thanks!

    Hi kitty!
    I've done HJT scan again just to make sure that I've deleted all kind free.exe, and I found one. Here's the new HJT log...

    View attachment 13197
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system has a lop infection.

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Post a fresh HJT log after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    It appears that you ran HJT in safe mode. What Tmagic650 meant was do your cleaning that I told you earlier in safe mode, then reboot into normal mode and run HJT in normal mode. So boot into safe mode, do the cleaning, then reboot into normal mode and post a HJT log.

    Regards :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  10. karltin

    karltin TS Rookie Topic Starter Posts: 25

    @ howard
    Hi! I've downloaded NoLop and did a scan but it didn't find anything.

    @ kitty
    Hi! I've done lots of scanning in safe mode and normal mode that I'm not sure anymore which I did last.
    The problem I had was everytime I connected to the internet, my ZoneAlarm comes up with the virus, but after doing the last HJT scan and when I connected to the internet, it didn't do it again. I'm gona restart now and see what happens..

    ummm..I've just rebooted, I think it's gone.
    Thanks for your help! :)
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just to be sure, please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. karltin

    karltin TS Rookie Topic Starter Posts: 25

  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is clean as a whistle.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. karltin

    karltin TS Rookie Topic Starter Posts: 25

    hey, thanks again for all the help! it's very much appreciated! :)
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I forgot to add, you need to delete all files in AVG Antispyware quarantine.

    Then do the following.

    Turn off system restore.(XP/ME only) See how HERE.

    Then, turn system restore back on. This will have deleted all your old restore points and anything nasty that`s in them. It will also create a new, clean restore point.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Cool. Let us know if you got any more problems :wave:

    Regards :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  17. karltin

    karltin TS Rookie Topic Starter Posts: 25

    done it!
    again, many thanks to all of you! :D
     
  18. karltin

    karltin TS Rookie Topic Starter Posts: 25

    hi! i do have another problem :(

    my pc's gone really slow and i dont know why. and every time it's restarted a fax installer always comes up at startup. i dont even have a fax machine :suspiciou
    it gives a message saying windows installer can't continue coz a cd is needed. i always have to cancel whenever this happens and it's really annoying coz i duno how to get rid of it.
    can anyone help me?
    thanks!
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. karltin

    karltin TS Rookie Topic Starter Posts: 25

  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Click start/run and type msconfig into the run box and press the enter key.

    Click the startup tab, look for and untick(disable) anything to do with fax software etc. Click apply/ok and restart your computer.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. karltin

    karltin TS Rookie Topic Starter Posts: 25

    hi! did what you told me to but didn't find anything that has to do with fax. it's ok, i googled my prob and found this.
    thanks so much for the help tho! :grinthumb
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news and thanks for letting us know.

    Regards Howard :)

    This thread is for the use of karltin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. karltin

    karltin TS Rookie Topic Starter Posts: 25

    Hi again!

    I have a totally different problem this time and im hoping that someone can help me..

    i've been editing videos which aren't that big (max 10mins), and everytime i do something which requires waiting for a few minutes (e.g. loading, saving, etc.), my pc stops completely. and sometimes a blue screen shows up (see attachment)..

    View attachment 32745

    ..this isn't the first time it's happened, it did a few times before but i ignored it.
    but it did it loads of times yesterday and today. last it happened i was doing a disk cleanup.

    it says on it to disable any new software, and i have. i dont know what else to do.

    would be grateful for any help. thanks!
     
  25. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Have you, or windows update, recently updated your display adapter drivers (video card drivers)?

    Typically the main cause will be some type of memory issue - video memory, RAM memory, or pagefile memory

    Edit: I would like to add that I found over 20 articles from Microsoft with that code for solutions to different issues.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...