Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Strange toolbar installed without Your permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer

VirTool.Obfuscator

VirTool.Obfuscator is a piece of malware that can use different techniques to hide itself on an infected computer and perform different privacy violating actions of which you may not be aware. This happens because the infection can enter into the computer’s system encrypted and bundled with other programs which are not regarded as malicious or infectious. As a result, the threat modifies the registry to start up whenever the computer is booted up. Once the machine starts running, the infection gets to work. Hopefully, after you have read this review, you will decide to scan the system and check whether the system is infected with VirTool.Obfuscator or other malware.

Below the text you will the lists of the threats’ components, and all of them should be removed during the process of removal. Some of them, if not deleted, can download malware or connect to remote computers and do damage to the computer; therefore, it is important to remove VirTool.Obfuscator completely so that no elements of the latent infection is left. To understand the importance of VirTool.Obfuscator’s removal, you should know that this troublemaker creates new processes, deletes the system’s ones, copies files; can communicate with other computers through the Internet, access email accounts and their contact lists and send spam emails.

Additionally, the threat can pop up different alert messages, create a browser helper object in the internet browser, connect to the Internet and visit different websites without your consent. These and other criminal actions are performed by files such as balloon.exe, acer.exe, ServiceLayer.exe, Cfrong.exe, services.exe, winlogon.exe and others. Here, pay attention to the winlogon.exe file, because the threat uses this name to conceal its intentions. The authentic winlogon.exe is an indispensable file, because it is responsible for handling login data, locking the system, and so on. In the Windows Task Manager, the file should be used by “system”, and the location of the file should be in a folder system32. This means that before taking any measures to terminate a process or remove any piece of malware, make sure that you are certain about the necessity of removing a file or stopping a process.

To avoid any confusion, we suggest using a reliable spyware removal application so that you do not have to search for different and randomly named files attributed to the obnoxious intruder. If you apply a professional and powerful antispyware program, it will remove VirTool.Obfuscator straightaway. Additionally, the computer will be protected against further infections, which may try to enter the system without your approval. The scanning of the computer is highly recommended if some disorders or slowdowns of some processes are noticed on the computer. Thus, if you get suspicious about your computer and data’s security, install a reputable spyware removal tool and remove any malware detected.

Download Spyware Removal Tool to Remove* VirTool.Obfuscator
  • Quick & tested solution for VirTool.Obfuscator removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove VirTool.Obfuscator

Files associated with VirTool.Obfuscator infection:

vlc.exe
ntload.dll
yg56.exe
av.exe
tempo-setup2.exe
msa.exe
VSweep.exe
1327825314.exe
baloon.exe
shsysapl.dll
ACER.exe
gob03y.exe
globo.exe
2180053964.exe
servicelayer.exe
netdriver.dll
msauc.exe
hdwbgnudht.dll
qychlykios.dll
vnopemeial.dll
cfrog.exe
brastk.exe
tybazqxw.exe
qvsbilat.exe
efofgliz.exe
reset5e.dll
uigen.dll
rixizipe.exe
zgryfqzu.exe
monuismart.dll
pcfwxsby.exe
sysrest32.exe
scredir32.dll
dat27.tmp
lsass.exe
winlogon.exe
y4rmu.exe
wamregps32.dll
svhost.exe
control.ocx
gyal.exe
ieso0.dll
CDClose.dll
fool0.dll
msshell.exe
msne.exe
MMKAFNFW1076.dll
0zumqx3i56.exe
MMSHYLQE1060.dll
1sass.exe
4tox8d2jkrp.exe
MD3d6b.exe
defender32.exe
16140934.exe
18355614.exe
98365606.exe
Antvrs.exe
Malwarrior.exe
Winspywareprotect.exe
B.tmp
dbutil.dll
setup62.exe
219.tmp
as2008xp.exe
AndromedaAv.exe
xrt_jgmv.exe
sih.exe
wpv091242765100.exe
services.exe
wpv101242765100.exe
feefdfkd.dll
1ztwvzh.exe
reader_s.exe
3231324746.exe
afnoinkdsfe.dll
orkutkut.exe
spools.exe
595786128.exe
441897954.exe
1691941376.exe
sjg9s8guigjs.dll
3253075254.exe
yhs783ijfo3fe.dll
svchost32.exe
userinit.exe
402792673.exe
205075004.exe
22497.exe
hdddriver.dll
malwaredef.exe
440059563.exe
1725032906.exe
mdqhqxcejju.dll
hditohpcyc.dll
jxwwldgtxf.dll
winscenter.exe
frmwrk32.exe
moduleie.dll
rqfhwfzomc.dll
jfbsqprfdh.dll
iemodule.dll
IAPro.exe
odb.exe
ayrjgbkkec.dll
xrt_ojgr.exe
msginfo.dll
vlc.exe
msgaplmnt.dll
afahwxal.exe
video1019.cfg.exe
a.exe
b.exe
xrt_jdks.exe
video1152.cfg.exe
admappdb.dll
lphcamfj0evag.exe
FieryAds.dll
cftmon.exe
q2l0zaatdu.exe
8eac5uw1z0.exe
afmw1bft9by.exe
MMSADZFB1050.dll
MMMHXGGD1047.dll
mjsgrclw20vm.exe
1uw0wo.exe
r3god.dll
kavo0.dll
amvo0.dll
key_lgr.dll
MYCENT~1.DLL
CommLayer.dll
ywg32.dll
MMSHYLQE1061.dll
dat16.tmp
ttBAIBAI1069.dll
msepbe.dll
frntrn.dll
1a.exe
amb1avl.exe
servises.exe
appset.dll
zobenyhe.exe
pkn5tu9l.exe
218541024.exe
ntload.dll

VirTool.Obfuscator DLL's to remove:

MYCENT~1.DLL
ntload.dll
shsysapl.dll
netdriver.dll
hdwbgnudht.dll
qychlykios.dll
vnopemeial.dll
reset5e.dll
uigen.dll
monuismart.dll
scredir32.dll
wamregps32.dll
ieso0.dll
CDClose.dll
fool0.dll
MMKAFNFW1076.dll
MMSHYLQE1060.dll
dbutil.dll
feefdfkd.dll
afnoinkdsfe.dll
sjg9s8guigjs.dll
yhs783ijfo3fe.dll
hdddriver.dll
mdqhqxcejju.dll
hditohpcyc.dll
jxwwldgtxf.dll
moduleie.dll
rqfhwfzomc.dll
jfbsqprfdh.dll
iemodule.dll
ayrjgbkkec.dll
msginfo.dll
msgaplmnt.dll
admappdb.dll
FieryAds.dll
MMSADZFB1050.dll
MMMHXGGD1047.dll
r3god.dll
kavo0.dll
amvo0.dll
key_lgr.dll
CommLayer.dll
ywg32.dll
MMSHYLQE1061.dll
ttBAIBAI1069.dll
msepbe.dll
frntrn.dll
appset.dll
ntload.dll

VirTool.Obfuscator processes to kill:

yg56.exe
av.exe
tempo-setup2.exe
msa.exe
VSweep.exe
1327825314.exe
baloon.exe
ACER.exe
gob03y.exe
globo.exe
2180053964.exe
servicelayer.exe
msauc.exe
cfrog.exe
brastk.exe
tybazqxw.exe
qvsbilat.exe
efofgliz.exe
rixizipe.exe
zgryfqzu.exe
pcfwxsby.exe
sysrest32.exe
lsass.exe
winlogon.exe
y4rmu.exe
svhost.exe
gyal.exe
msshell.exe
msne.exe
0zumqx3i56.exe
1sass.exe
4tox8d2jkrp.exe
MD3d6b.exe
defender32.exe
16140934.exe
18355614.exe
98365606.exe
Antvrs.exe
Malwarrior.exe
Winspywareprotect.exe
setup62.exe
as2008xp.exe
AndromedaAv.exe
xrt_jgmv.exe
sih.exe
wpv091242765100.exe
services.exe
wpv101242765100.exe
1ztwvzh.exe
reader_s.exe
3231324746.exe
orkutkut.exe
spools.exe
595786128.exe
441897954.exe
1691941376.exe
3253075254.exe
svchost32.exe
userinit.exe
402792673.exe
205075004.exe
22497.exe
malwaredef.exe
440059563.exe
1725032906.exe
winscenter.exe
frmwrk32.exe
IAPro.exe
odb.exe
xrt_ojgr.exe
vlc.exe
afahwxal.exe
video1019.cfg.exe
a.exe
b.exe
xrt_jdks.exe
video1152.cfg.exe
lphcamfj0evag.exe
cftmon.exe
q2l0zaatdu.exe
8eac5uw1z0.exe
afmw1bft9by.exe
mjsgrclw20vm.exe
1uw0wo.exe
1a.exe
amb1avl.exe
servises.exe
zobenyhe.exe
pkn5tu9l.exe
218541024.exe
vlc.exe

Remove VirTool.Obfuscator registry entries:

RUNNING PROGRAM\zobenyhe.exe
RUNNING PROGRAM\Explorer.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ servises
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ amb1avl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ inudhya
RUNNING PROGRAM\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1uw0wo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ mjsgrclw20vm
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ afmw1bft9by
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 8eac5uw1z0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ q2l0zaatdu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ autoload
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphcamfj0evag
RUNN
Disclaimer

Comments

  1. K.Aria Nov 19, 2010

    i have done all of this but it keep coming back. I believe it is using a virtual machine against me . what ever I do it just vaporizes and it is still controlling everything.

  2. renato_fu9@hotmail Dec 7, 2011

    Tankes.

  3. nev3rb0tay May 24, 2012

    rat cam on bai viet

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.