I have problem "Trojan.Win32.Obfuscated.bl" in my computer.

Status
Not open for further replies.
N

neowing

Posts: 308   +1
Hello ?
I didn't know that I was infected "Trojan.Win32.Obfuscated.bl"
I used zonealarm security suite, it detected trojan but it didn't remove or go to quantine. Therefore, I am going to use "hijackthis" to remove it but I don't know how to use it. I attached file here, please help me to get ride of this virus or adawere.

View attachment hijackthis.log
 
Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If, after reading the above thread, you decide to clean your system, read this thread here: Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT and AVG logs as attachments into this thread.

Cheers :)

This thread is for the use of neowing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
 
I am sorry for my own reply, it's been 3 days.
I need help to get ride of "Trojan"
And I want to know if there are Information of "Trojan.Win32.Obfuscated.bl".
 
Your computer has a Lop infection.

Delete all files in AVG Antispyware quarantine.

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

Regards Howard :)

This thread is for the use of neowing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Oops. sorry for not replying. but I'll let Howard take it from here as I don't really know how to fix a lop infection yet (I'm still in training :)).
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SignChin.exe
ANTI KIND LONG.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [binpuremodebias] C:\Documents and Settings\All Users\Application Data\Phone fast bin pure\SignChin.exe

O4 - HKCU\..\Run: [Dataamok] C:\DOCUME~1\MOONSU~1\APPLIC~1\INTERL~1\ANTI KIND LONG.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\All Users\Application Data\Phone fast bin pure<Delete the entire folder.
C:\DOCUME~1\MOONSU~1\APPLIC~1\INTERL~1<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let us know how your system is running.

Regards Howard :)

This thread is for the use of neowing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of neowing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Jess_123
My num pad + doesn't work ...
Replies
0
Views
278
Jess_123
Jess_123
E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
219
p51d007
p51d007
Cal Jeffrey
Cyberpunk 2077 gets big send off with one last update that includes a working metro
Replies
18
Views
506
erickmendes
erickmendes

Latest posts

Back