Home / Parasites / Trojans / VirTool.Obfuscator
Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Strange toolbar installed without Your permission
  • Slow internet connection
  • Annoying Pop-up's
  • Slow Computer

VirTool.Obfuscator

VirTool.Obfuscator is a piece of malware that can use different techniques to hide itself on an infected computer and perform different privacy violating actions of which you may not be aware. This happens because the infection can enter into the computer’s system encrypted and bundled with other programs which are not regarded as malicious or infectious. As a result, the threat modifies the registry to start up whenever the computer is booted up. Once the machine starts running, the infection gets to work. Hopefully, after you have read this review, you will decide to scan the system and check whether the system is infected with VirTool.Obfuscator or other malware.

Below the text you will the lists of the threats’ components, and all of them should be removed during the process of removal. Some of them, if not deleted, can download malware or connect to remote computers and do damage to the computer; therefore, it is important to remove VirTool.Obfuscator completely so that no elements of the latent infection is left. To understand the importance of VirTool.Obfuscator’s removal, you should know that this troublemaker creates new processes, deletes the system’s ones, copies files; can communicate with other computers through the Internet, access email accounts and their contact lists and send spam emails.

Additionally, the threat can pop up different alert messages, create a browser helper object in the internet browser, connect to the Internet and visit different websites without your consent. These and other criminal actions are performed by files such as balloon.exe, acer.exe, ServiceLayer.exe, Cfrong.exe, services.exe, winlogon.exe and others. Here, pay attention to the winlogon.exe file, because the threat uses this name to conceal its intentions. The authentic winlogon.exe is an indispensable file, because it is responsible for handling login data, locking the system, and so on. In the Windows Task Manager, the file should be used by “system”, and the location of the file should be in a folder system32. This means that before taking any measures to terminate a process or remove any piece of malware, make sure that you are certain about the necessity of removing a file or stopping a process.

To avoid any confusion, we suggest using a reliable spyware removal application so that you do not have to search for different and randomly named files attributed to the obnoxious intruder. If you apply a professional and powerful antispyware program, it will remove VirTool.Obfuscator straightaway. Additionally, the computer will be protected against further infections, which may try to enter the system without your approval. The scanning of the computer is highly recommended if some disorders or slowdowns of some processes are noticed on the computer. Thus, if you get suspicious about your computer and data’s security, install a reputable spyware removal tool and remove any malware detected.

Download Spyware Removal Tool to Remove* VirTool.Obfuscator
  • Quick & tested solution for VirTool.Obfuscator removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove VirTool.Obfuscator

Files associated with VirTool.Obfuscator infection:

ntload.dll
yg56.exe
av.exe
tempo-setup2.exe
msa.exe
VSweep.exe
1327825314.exe
baloon.exe
shsysapl.dll
ACER.exe
gob03y.exe
globo.exe
2180053964.exe
servicelayer.exe
netdriver.dll
msauc.exe
hdwbgnudht.dll
qychlykios.dll
vnopemeial.dll
cfrog.exe
brastk.exe
tybazqxw.exe
qvsbilat.exe
efofgliz.exe
reset5e.dll
uigen.dll
rixizipe.exe
zgryfqzu.exe
monuismart.dll
pcfwxsby.exe
sysrest32.exe
scredir32.dll
dat27.tmp
lsass.exe
winlogon.exe
y4rmu.exe
wamregps32.dll
svhost.exe
control.ocx
gyal.exe
ieso0.dll
CDClose.dll
fool0.dll
msshell.exe
msne.exe
MMKAFNFW1076.dll
0zumqx3i56.exe
MMSHYLQE1060.dll
1sass.exe
4tox8d2jkrp.exe
MD3d6b.exe
defender32.exe
16140934.exe
18355614.exe
98365606.exe
Antvrs.exe
Malwarrior.exe
Winspywareprotect.exe
B.tmp
dbutil.dll
setup62.exe
219.tmp
as2008xp.exe
AndromedaAv.exe
xrt_jgmv.exe
sih.exe
wpv091242765100.exe
services.exe
wpv101242765100.exe
feefdfkd.dll
1ztwvzh.exe
reader_s.exe
3231324746.exe
afnoinkdsfe.dll
orkutkut.exe
spools.exe
595786128.exe
441897954.exe
1691941376.exe
sjg9s8guigjs.dll
3253075254.exe
yhs783ijfo3fe.dll
svchost32.exe
userinit.exe
402792673.exe
205075004.exe
22497.exe
hdddriver.dll
malwaredef.exe
440059563.exe
1725032906.exe
mdqhqxcejju.dll
hditohpcyc.dll
jxwwldgtxf.dll
winscenter.exe
frmwrk32.exe
moduleie.dll
rqfhwfzomc.dll
jfbsqprfdh.dll
iemodule.dll
IAPro.exe
odb.exe
ayrjgbkkec.dll
xrt_ojgr.exe
msginfo.dll
vlc.exe
msgaplmnt.dll
afahwxal.exe
video1019.cfg.exe
a.exe
b.exe
xrt_jdks.exe
video1152.cfg.exe
admappdb.dll
lphcamfj0evag.exe
FieryAds.dll
cftmon.exe
q2l0zaatdu.exe
8eac5uw1z0.exe
afmw1bft9by.exe
MMSADZFB1050.dll
MMMHXGGD1047.dll
mjsgrclw20vm.exe
1uw0wo.exe
r3god.dll
kavo0.dll
amvo0.dll
key_lgr.dll
MYCENT~1.DLL
CommLayer.dll
ywg32.dll
MMSHYLQE1061.dll
dat16.tmp
ttBAIBAI1069.dll
msepbe.dll
frntrn.dll
1a.exe
amb1avl.exe
servises.exe
appset.dll
zobenyhe.exe
pkn5tu9l.exe
218541024.exe

VirTool.Obfuscator DLL's to remove:

MYCENT~1.DLL
ntload.dll
shsysapl.dll
netdriver.dll
hdwbgnudht.dll
qychlykios.dll
vnopemeial.dll
reset5e.dll
uigen.dll
monuismart.dll
scredir32.dll
wamregps32.dll
ieso0.dll
CDClose.dll
fool0.dll
MMKAFNFW1076.dll
MMSHYLQE1060.dll
dbutil.dll
feefdfkd.dll
afnoinkdsfe.dll
sjg9s8guigjs.dll
yhs783ijfo3fe.dll
hdddriver.dll
mdqhqxcejju.dll
hditohpcyc.dll
jxwwldgtxf.dll
moduleie.dll
rqfhwfzomc.dll
jfbsqprfdh.dll
iemodule.dll
ayrjgbkkec.dll
msginfo.dll
msgaplmnt.dll
admappdb.dll
FieryAds.dll
MMSADZFB1050.dll
MMMHXGGD1047.dll
r3god.dll
kavo0.dll
amvo0.dll
key_lgr.dll
CommLayer.dll
ywg32.dll
MMSHYLQE1061.dll
ttBAIBAI1069.dll
msepbe.dll
frntrn.dll
appset.dll

VirTool.Obfuscator processes to kill:

yg56.exe
av.exe
tempo-setup2.exe
msa.exe
VSweep.exe
1327825314.exe
baloon.exe
ACER.exe
gob03y.exe
globo.exe
2180053964.exe
servicelayer.exe
msauc.exe
cfrog.exe
brastk.exe
tybazqxw.exe
qvsbilat.exe
efofgliz.exe
rixizipe.exe
zgryfqzu.exe
pcfwxsby.exe
sysrest32.exe
lsass.exe
winlogon.exe
y4rmu.exe
svhost.exe
gyal.exe
msshell.exe
msne.exe
0zumqx3i56.exe
1sass.exe
4tox8d2jkrp.exe
MD3d6b.exe
defender32.exe
16140934.exe
18355614.exe
98365606.exe
Antvrs.exe
Malwarrior.exe
Winspywareprotect.exe
setup62.exe
as2008xp.exe
AndromedaAv.exe
xrt_jgmv.exe
sih.exe
wpv091242765100.exe
services.exe
wpv101242765100.exe
1ztwvzh.exe
reader_s.exe
3231324746.exe
orkutkut.exe
spools.exe
595786128.exe
441897954.exe
1691941376.exe
3253075254.exe
svchost32.exe
userinit.exe
402792673.exe
205075004.exe
22497.exe
malwaredef.exe
440059563.exe
1725032906.exe
winscenter.exe
frmwrk32.exe
IAPro.exe
odb.exe
xrt_ojgr.exe
vlc.exe
afahwxal.exe
video1019.cfg.exe
a.exe
b.exe
xrt_jdks.exe
video1152.cfg.exe
lphcamfj0evag.exe
cftmon.exe
q2l0zaatdu.exe
8eac5uw1z0.exe
afmw1bft9by.exe
mjsgrclw20vm.exe
1uw0wo.exe
1a.exe
amb1avl.exe
servises.exe
zobenyhe.exe
pkn5tu9l.exe
218541024.exe

Remove VirTool.Obfuscator registry entries:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ brastk
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Cognac
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ defender32.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Diagnostic Manager
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Internet Antivirus Pro
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Malware Destructor 2009
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MalWarrior
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ reader_s
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Somefox
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysav
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ tempo-setup2.exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Virus Sweeper
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ winmedia32
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WinSpywareProtect
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ xrt_Shell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\reset5e
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B2BA40A2-74F0-42BD-F434-12345A2C8953}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0zumqx3i56
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1327825314
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 16140934
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1725032906
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 18355614
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1uw0wo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1ztwvzh
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 440059563
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 4tox8d2jkrp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 8eac5uw1z0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 98365606
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ afmw1bft9by
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ amb1avl
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ autoload
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ C:\WINDOWS\system32\baloon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ C:\WINDOWS\system32\cfrog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ GlobalFlagorkutkut
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ gob03y
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ gyal
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ inudhya
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lphcamfj0evag
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ lsass driver
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ malwaredef
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ mjsgrclw20vm
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ msne
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ msshell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ntuser
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ odb
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ PromoReg
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ q2l0zaatdu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ reader_s
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ servicelayer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ services
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ servises
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Symantec Fillter Check
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysrest32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ y4rmu
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ yg56
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ~x}Name = GlobalFlagACER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Andromeda AV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Jack Jones installed
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catal
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
RUNNING PROGRAM\219.tmp
RUNNING PROGRAM\afahwxal.exe
RUNNING PROGRAM\Antvrs.exe
RUNNING PROGRAM\as2008xp.exe
RUNNING PROGRAM\av.exe
RUNNING PROGRAM\b.exe
RUNNING PROGRAM\B.tmp
RUNNING PROGRAM\brastk.exe
RUNNING PROGRAM\efofgliz.exe
RUNNING PROGRAM\Explorer.EXE
RUNNING PROGRAM\frmwrk32.exe
RUNNING PROGRAM\lsass.exe
RUNNING PROGRAM\msa.exe
RUNNING PROGRAM\pcfwxsby.exe
RUNNING PROGRAM\qvsbilat.exe
RUNNING PROGRAM\rixizipe.exe
RUNNING PROGRAM\tybazqxw.exe
RUNNING PROGRAM\video1152.cfg.exe
RUNNING PROGRAM\vlc.exe
RUNNING PROGRAM\winlogon.exe
RUNNING PROGRAM\winscenter.exe
RUNNING PROGRAM\zgryfqzu.exe
RUNNING PROGRAM\zobenyhe.exe
Disclaimer

Comments

  1. K.Aria Nov 19, 2010

    i have done all of this but it keep coming back. I believe it is using a virtual machine against me . what ever I do it just vaporizes and it is still controlling everything.

  2. renato_fu9@hotmail Dec 7, 2011

    Tankes.

  3. nev3rb0tay May 24, 2012

    rat cam on bai viet

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US