Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

how to clean up obfuscator

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: how to clean up obfuscator

Unread postby Sia » June 21st, 2009, 2:40 pm

Hi and thanks
Was only away a couple of days! Unfortunately, internet connection down again, just popped over to a friend's to use theirs. Am way out in country no internet cafes etc round here. Hope to put more pressure on again tomorrow to mend line but can only do most urgent stuff on friend's pc in meantime. Will keep posted but will be slow responses sorry.
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm
Advertisement
Register to Remove

Re: how to clean up obfuscator

Unread postby Sia » June 22nd, 2009, 11:07 am

Hi Wingman
Intermittent connection up today.
Have downloaded and run flash disinfector with dongles in place.
Am still getting the virus message coming up after start up.
Thanks
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 25th, 2009, 8:49 am

Hi Sia,
Thanks for getting back to me. I apologize for my delay in responding, as you well know, things happen, so I appreciate you patience and
understanding.

Please tell me, Sia, do you normally have USB disk drive devices attached to the computer, when starting up? Devices that are shown as E:\ and F:\ drives?
Do you always get the AV message when you startup... with or without USB devices attached?
When you open your AV application... is there a report option... if so can you see any current reports from startup? If not is there an option to set the kind of "events" to report...
If so try setting it on the option that would report the most.

Please perform the following steps.

Step 1.
  1. Double click My Computer > click on the E:\ drive... to access the contents.
  2. Locate the file: setupSNK.exe or LaunchU3.exe
  3. Right-click on the file... is there an option in the Context Menu to scan with CA Antivirus?
  4. If Yes... allow CA to scan the file.
Post the results of the scan.
  1. Double click My Computer > click on the F:\ drive... to access the contents.
  2. Locate the file: LaunchU3.exe or setupSNK.exe
  3. Right-click on the file... is there an option in the Context Menu to scan with CA Antivirus?
  4. If Yes... allow CA to scan the file.
Post the results of the scan.

Step 2.
Please include in your next reply:
  1. Let me know if you are able to perform these instructions.
  2. Answers to my questions.
  3. Scan results from the CA Antivirus file scans
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby Sia » June 25th, 2009, 9:58 am

Hi
Yes, totally understand and no problem.
Internet back up and running fine now, so hopefully no more delays from my side.

I've had a look at the CA AV and although there is a section for reports which provides On Demand Scanner log, Real Time Scanner Log, and Email Scanner Log, there is nothing in any of them (I cleared them after giving reports on last on demand scan a couple of weeks ago so as to not get confused with old stuff in there). I've looked at all possible options through all the tabs and can't see a way to amend anything with the reports, apart from adding exclusions. The Advanced Options, by default, have Advanced Heuristic Scanning checked for On Demand and Real Time scans, but doesn't have Scan Network Files for the Real Time Scan. Should I check that?

The Scans are checked for Enable, Clean and Quarantine. Should I uncheck Clean to try producing more info before cleaning?

When starting up I don't usually have the dongles in place - one is only used to back up work on the main dongle. The CA AV message appears regardless and also regardless of whether I've gone on line or not (although connection is there as use wi-fi).

I have cut and pasted the files you asked me to locate on the dongles/drives but they don't appear. Am I doing something wrong?

Thanks
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 25th, 2009, 7:36 pm

Hi Sia,
Great to hear your ISP is working fine now. I've had ISP problems at one time or another...it can be very frustrating.

Don't worry about not seeing the files mentioned for scanning. Based on your response that you don't normally have any "devices" attached when starting
basically removes these as a possible cause for the AV message. Also Sia, no need to change your AV to look at "Network" file...

I would like you to alter your AV process to NOT CLEAN any problems found... but "only quarantine" the suspect file. Then when you get the message again at startup,
hopefully it will not remove the item and we can get a look at it.
Unfortunately I do not have CA Antivirus installed so I can't give you step by step instructions to change these settings.

Overall instructions... I would suggest:
  1. Changing or "unchecking" the CLEAN option for each scan type... just leave the ENABLE and QUARANTINE options checked.
  2. Restart your computer they way you normally do... that produces the AV message.
  3. If you get the AV message... and it has quarantined something... let Windows finish loading.
  4. Start your AV application... locate the Quarantine option...
  5. Open the Quarantined items and (if possible) copy/past the information in your next post.
If you can't copy and past... carefully jot down what information is presented... posting it in your next post.

Please include in your next reply:
  1. AV quarantine information or if none... state that as well.
  2. Other than the AV message at startup... how is the computer running?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby Sia » June 27th, 2009, 4:49 am

Hi Wingman

Although I deselected 'clean' from all scan types, the message still comes up that a threat has been detected and removed. There is also nothing reported in the report areas or in the quarantine.

Other than that the PC seems fine apart from often getting stuck at start up before Windows comes up.

Thanks
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 27th, 2009, 7:31 pm

Hi Sia,
Thanks for your efforts so far. Can you please tell me if this is the AV message that you get when you start your computer.
"CA Anti-Virus is protecting your PC. 1 threats detected and removed"
If not, please post back and let me know ... if it is ... please perform the following steps.

Step 1.
REG Query
  1. Open Notepad... Copy/paste the following text into the empty Notepad window.
    @echo off
    REG query HKLM\software\Computer Associates\Antivirus\Statistics /s >> "%userprofile%\desktop\avstat.txt"
    C:\Windows\notepad.exe "%userprofile%\desktop\avstat.txt"
    del %0
  2. Save the file as AVRUN.bat on your desktop. Save it with the file type... all types *.*.
    Image
    AVRUN.bat <<------------- you should see this on your desktop.
  3. Double click the file AVRUN.bat to execute.
    Notepad will open with the contents of the file avstat.txt. This file will be on your desktop, when completed
Please copy and paste, the entire contents of avstat.txt in your next reply.

Step 2.
Please include in your next reply:
  1. Any problems executing these instructions
  2. avstat.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby Sia » June 28th, 2009, 6:39 am

Hi Wingman

Yes that is the message.

I've done as requested. File saved and double-clicked to run but it comes up with:
Error: Invalid command-line parameters

It does open the avstat notepad window but there is nothing in it.

All the best

Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 28th, 2009, 8:50 am

Hi Sia,
Thanks for your efforts. I have to apologize...there was a mistake in the code I had you copy :oops:
Please try the steps again.

Step 1.
REG Query
  1. Open Notepad... Copy/paste the following text into the empty Notepad window.
    @echo off
    REG query "HKLM\software\Computer Associates\Antivirus\" /s >> "%userprofile%\desktop\avstat.txt"
    C:\Windows\notepad.exe "%userprofile%\desktop\avstat.txt"
    del %0
  2. Save the file as AVRUN.bat on your desktop. Save it with the file type... all types *.*.
    Image
    AVRUN.bat <<------------- you should see this on your desktop.
  3. Double click the file AVRUN.bat to execute.
    Notepad will open with the contents of the file avstat.txt. This file will be on your desktop, when completed
Please copy and paste, the entire contents of avstat.txt in your next reply.

Step 2.
Please include in your next reply:
  1. Any problems executing these instructions
  2. avstat.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby Sia » June 28th, 2009, 9:12 am

Hi

This time it comes up with message:

Error: the system was unable to find the specified registry key or .

Best
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 28th, 2009, 2:15 pm

Hi Sia,
This time the code was correct but that particular registry key is not found in your registry... so the .bat file worked but could not find the key.

I asked you to perform this task because I found a reference to the message you are getting and it was caused by a registry entry, created by the CA antivirus application.
Companies change the names of their products, change internal values etc... when updating or releasing new versions of their software.
Not knowing what CA registry entries you may have...there's no way of determining what entry in your registry, could be the culprit.
Rest assured, this message is caused by a CA antivirus application and NOT an infection.

My recommendation, if this message display is a nuisance... is for you to contact CA Support, provide the exact message displayed and ask if / how this can be eliminated.
I'm sorry that I can't be of more assistance with this issue.

The same is true for your delay or hanging when you start your computer...
Your problem does not appear to be "malware" related. The Malware Removal forum deals with removing malware.
I suggest you try a PC troubleshooting forum. Links for some are provided below.
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Registration is free, it only takes a few minutes. :)
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote

The good news is:
Congratulations... you system is clean :cheers:
Please follow these simple guidelines in order to help keep your computer clean and secure:

Create a new - clean SRP (System Restore Point)
Now that you're clean, it's a great time to create a new, clean SRP and remove any old entries that may possibly be compromised.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like All Clean... then press the Create... button.
  4. When finished... press the Close...button.
    Now you have a good clean SRP that can be used, if needed.
Remove old SRP entries
  1. Now... Go to Start > Run... type in: cleanmgr...press the OK...button.
    The Disk Cleanup window will show it is "calculating" the amount of space saved by compressing old files. This could take a few seconds, to minutes.
  2. When available... select the More Options... tab.
    In the System Restore section... at the bottom of the window...
  3. Press the Clean up...button. Reply Yes to the "Are you sure you want to delete all but the most recent restore point?" prompt.
  4. Press the X to close and exit.
    All existing restore points will be deleted... except the new one you just created.

Update your Antivirus programs and other security products regularly.
Avoid new threats that could infect your system. You can also check if any application updates are needed for your PC.
Secunia Software Inspector - Copyright © Secunia.
F-secure Health Check - Copyright © F-Secure Corporation.


Visit Microsoft often
Keep on top of critical updates , as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home


You can try...some free programs, that will help improve your computer's security.
These kinds of protection programs (adware, spyware, etc...) tend to overlap in coverages.
Many feel that having a "layered" protection scheme, is beneficial. Each individual has to decide what works best for their situation.
There are many available...here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You should already have this on your computer... You can execute this anytime, as an on-demand scanner.
Remember to check for updates, before running any scans. (I left download link here for convenience, in case you need it)
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

Spybot Search and Destroy
Download it from © Safer Networking Ltd. Just choose a mirror and off you go.
A Spybot tutorial can be found Here.

SpywareBlaster
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol...does not provide any real-time protection)

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd


Read, stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .

Stay Safe! 8)
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby Sia » June 28th, 2009, 5:37 pm

That's brilliant Wingman.
Late here, so will do all that tomorrow.
Thank you so much for your help and sticking with it.
All the best
Sia
Sia
Regular Member
 
Posts: 25
Joined: May 13th, 2009, 5:02 pm

Re: how to clean up obfuscator

Unread postby Wingman » June 28th, 2009, 6:19 pm

Glad to have been able to help. :D
Please perform the System Restore point creation as soon as possible, to ensure you have a good, clean,
restore point to use, should the need arise.

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: how to clean up obfuscator

Unread postby NonSuch » June 30th, 2009, 7:19 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware