Trojan.Win32.Obfuscated.bl doesn't go away

Status
Not open for further replies.

Jaguarsworld

Posts: 8   +0
Hello, I have tried to remove Trojan.Win32.Obfuscated.bl by looking at some earlier threads on how to remove this Trojan and am not sure if I succeeded or not. I use Kaspersky, Adaware, AVG AntiSpyware. Here is my HIJACKTHIS log:
it is an attachment


Any Help in determining if I have the Trojan would be helpful. Thank YOu.
If someone can please help me, I would appreciate it.
 
Hello and welcome to Techspot.

I can find no info for this file elsecash.exe Unless you know for a fact it`s safe, please do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\DOCUME~1\Owner\APPLIC~1\proxydebug\elsecash.exe
* Click Open
* Please let me know the results.

I`d also like you to install, run and post an AVG Antispyware log as per the instructions in this thread HERE.

Regards Howard :wave: :wave:

This thread is for the use of Jaguarsworld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That file is an instance of the TROJAN

Hello Howard

Thank you for your prompt response, I apologize for not posting the avg scan report, I did have the report but forgot to post it. I followed all your instructions before my first post. In any case I checked that file and clicked on fix in Hijackthis because I already knew this was an instance of the trojan. I have included the avg report and a Kaspersky report in this post. I have also included a fresh Hijackthis log. Thanks for your Help
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

elsecash.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Stop Burn] C:\DOCUME~1\Owner\APPLIC~1\proxydebug\elsecash.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Owner\APPLIC~1\proxydebug<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of Jaguarsworld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Followed your Instructions

Hello,
I have followed all of your instructions. There was no instance of elsecash.exe and there was no proxydebug folder anymore. I think it is gone. I have attached the hijackthis log. I am curious though as to why Kaspersky detected this Trojan a few times at first but then did not detect it anymore while it was still there? Any ideas?

Thank YOU Very Much for all your help.
 
Your HJT log is clean.

I have no idea why Kaspersky would detect it, then not detect it, unless of course it was able to neutralise it in some way. Anyhow, it`s not showing up in your HJT log, so that`s good.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Jaguarsworld only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Win32.Trojan.Agent, Trojan.IrcHole, Trojan.Keygen.s cleaned but still have infection

Hello, I have posted here before and received help from you guys. Thank You Very Much. This is a different computer and I recently discovered a trojan on this machine (Win32.Trojan.Agent) I had kaspersky and it expired so I downloaded avast and it detected this threat. The original problem was that explorer.exe was attempting to access the internet and I would block it via Zonealarm, however I let it through once to see what it was and Avast immediately detected a trojan. When I started running all the tools and fixes from your preliminary removal instructions, I noticed there were a few other threats. I have followed all of your instructions and it appears that all the threats have been eliminated, however I still think I am infected. My logs are attached.
Panda found no rootkits and vundofix restarted the computer. Thank You in advance for the help.
 
Hi,

  1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\unins000.exe
    C:\WINDOWS\unins000.dat
    C:\WINDOWS\system32\byxvtsp.dll.vir
    Folder::
    C:\WINDOWS\wt
    C:\Program Files\WildTangent Games
    C:\Program Files\WildTangent
  2. Save this as CFScript on the desktop.
  3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of Jaguarsworld only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Followed Your Instructions Logs Attached

Thank you Momok, I followed your instructions and the logs are attached. Were the wild tangent and blawkhawk striker 2 infected? If so, I will delete the download and not use it anymore. Thank You again for your help
 
Win32:TratBHO [Trj] Trojan Horse Found

Avast has notified me that Win32:TratBHO [Trj] Trojan Horse has been found
I think I may be infected with something else but am not sure. Please help me out. Thanks in advance.
 
Can someone please Review my logs. Greatly Appreciated.

I also wanted to mention that the there is no rootkit based on the panda results
 
Status
Not open for further replies.
Back