Trojan.Win32.Obfuscated.bl cant remove it

Status
Not open for further replies.
Hello! :wave:

I got F-Secure antivirus on my computer and yestoday it popped up with a message saying that i had the Trojan.Win32.Obfuscated.bl trojan. Now, i have tried to delete, disinfect and renaming it but everytime i do, this happends:

http://support.f-secure.com/enu/images/step5empty.gif

And 15min later the same message pop up and i end up with the same result; that i cant delete the trojan.

I've read those stickys and downloaded some of the software (AVG anti spyware and HJT) but it couldn't track the trojan. I need help fast i think, lately my icons and desktop has been relocated and i am writing an importent report at the moment which i of course will keep safe.

Anyhow, how do i get rid of this

Here is a log i got from HJT:
 
Hello and welcome to Techspot.

Your version of HJT is out of date. The current version is 1.99.1.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
aw :(

Okay, i have done everything that you said, read everything that you said and it took a bout 5h to get it all done! :bounce: But now i'm done :p.
I had one problem though, i couldn't open F-secure in safe mode. I tried everything, it wouldn't open. I clicked on the icon, nothing happend, i went to the folder and clicked directly on the program, nothing happend either.

Though, when i logged on to write this message i got the message about the very same trojan that was bothering me the other day. The message was from F-secure and again it couldn't delete it.

I've taken two logs, one from HJT and one from AD-Aware SE.

Here:

And thanks for replying that fast the first time! I appreciate it.
 
cant find anything on this one , do you recognise it?
O4 - HKCU\..\Run: [soap send] C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe
 
As tomrca points out, I can find no info for the chiccool.exe file.

If you don`t know exactly what it is, please do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe
* Click Open
* Please let me know the results.

Other than the above possibly dodgy entry, your HJT log is clean.

Regards Howard :)

This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
tomrca said:
cant find anything on this one , do you recognise it?
O4 - HKCU\..\Run: [soap send] C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe

No i dont regonize it. It was actually the first item i saw on the list that made me wonder. I havn't heard any of those names :S

howard_hopkinso said:
As tomrca points out, I can find no info for the chiccool.exe file.

If you don`t know exactly what it is, please do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe
* Click Open
* Please let me know the results.

Other than the above possibly dodgy entry, your HJT log is clean.

Regards Howard :)

This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

The server is full atm. Thanks on advantage i'll try later.
 
The fact that you don`t recognise it means it`s probably bad.

I therefore recommend you get rid of it by doing the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

chiccool.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [soap send] C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1\chiccool.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\JENSOG~1\APPLIC~1\INSIDE~1<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of Moondrinker only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back