Trojan.fatobfus.2.gen?
Got infected with this trojan and bitdefender is unable to disinfect? Please advise.
Thanks.
Comments
-
Hello japsfx
Can you please post a scan report? Open BitDefender press on history,double click on scan finished entry , more info and copy and paste the scan report in your next post.
Best regards
Niels0 -
Hope these info helps:
-----------------------------------------------------------------
Virus Statistics
Scan path C:\
\
J:\
Folders : 1276
Files : 26725
Memory processes scanned : 53
Archives : 567
Runtime packers : 645
Identified viruses : 2
Infected files : 4
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 19
Scan time : 00:18:19
Scan speed (files/sec) : 24
Spyware Statistics
Registry keys scanned : 1730
Registry keys infected : 0
Cookies scanned : 255
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 34652717
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Summary:
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 1) Detected: Application.WinZix.A
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 1) Disinfection failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 1) Move failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 11) Infected: Trojan.FatObfus.2.Gen
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 11) Disinfection failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C4D88235d01=>(Instyler o)=>(Instyler Module 11) Move failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 1) Detected: Application.WinZix.A
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 1) Disinfection failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 1) Move failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 11) Infected: Trojan.FatObfus.2.Gen
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 11) Disinfection failed
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\C7F18235d01=>(Instyler o)=>(Instyler Module 11) Move failed0 -
Hello japsfx
This info helps. First close Firefox. Check also if firefox.exe is not running. Go to start,run,type taskmgr press enter. Now press one time on the processname tab and now look if you find a process called firefox.exe if running select it and press on kill/quit task. Now go to start,my computer,double click on the icon of your hard disc after that go to the tools menu,folderoptions,display/view check the option show hidden files and folders.
Now navigate further to Documents and Settings, Local Settings\Application Data\Mozilla\Firefox\Profiles4o7aqzc.default\Cache(4)\ Rightclick now on the cache(4) folder and press on BitDefender Internet Security 2008 to scan the folder or drag and drop the folder to the activity graphic.
Best regards
Niels0 -
//-----------------------------------------------------------------
//
// ProductBitDefender Antivirus Plus v10
// Product10.2
//
// Created on: 07/11/2007 10:45:07
//
//-----------------------------------------------------------------
Virus Statistics
Scan path :\Downloads\WinZix-2.2.0.0-setup-0411.exe
Folders : 0
Files : 17
Memory processes scanned : 0
Archives : 2
Runtime packers : 0
Identified viruses : 2
Infected files : 2
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 0
Scan time : 00:00:02
Scan speed (files/sec) : 8
Virus definitions : 932919
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[ ] Scan boot sectors
[ ] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Documents and Settings\PRT SVR\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1194425107.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[ ] Registry keys
[ ] Cookies
Summary:\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Detected: Application.WinZix.A\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Disinfection failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Move failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Infected: Trojan.FatObfus.2.Gen\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Disinfection failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Move failed
Scanned files\Downloads\WinZix-2.2.0.0-setup-0411.exe OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 0) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Detected: Application.WinZix.A\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Disinfection failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 1) Move failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 2) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 3) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 4) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 5) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 6) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 7) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 8) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 9) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 10) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 11) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 12) OK\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Infected: Trojan.FatObfus.2.Gen\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Disinfection failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 13) Move failed\Downloads\WinZix-2.2.0.0-setup-0411.exe=>(Instyler o)=>(Instyler Module 14) OK
you see its a exe file and i dont install it but i must what must i do
thnks0 -
Hello ekodrom
Winzix is an untrustfull product which installs malware. I wouldn't recommend to use it. You can exclude it if you want but that is on your own responsibility. Try another decompress/archive program.
Best regards
Niels0 -
Hello ekodrom,
If you want, you can send me the file\Downloads\WinZix-2.2.0.0-setup-0411.exe for analysis, but it's almost sure that there is a malware inside. As Niels said, you should try to avoid running that file.
Have a nice day!0 -
Hey guys, I'm having the same problem with the Trojan.fatobfus.2.gen..
Disinfection and Deletion fails.
Here's my log-file:
Scan Paths:Path0000: C:\System Volume Information
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No
Target selection options:Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : No
Scan runtime packers : No
Scan emails : No
Scan all files : No
Heuristic Scan : No
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : None
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 945139
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 2870
Infected items : 1
Suspicious items : 0
Resolved items : 0
Individual viruses found : 1
Scanned directories : 91
Scanned boot sectors : 0
Scanned archives : 32
Input-output errors : 0
Scan time : 00:00:04:12
Files per second : 11
Scanned processes summaryScanned : 0
Infected : 0
Scanned registry keys summaryScanned : 0
Infected : 0
Scanned cookies summaryScanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{F5F23ABB-F126-4AF7-9620-361D1F492872}\RP56\A0015088.exe=](Instyler o)=](Instyler Module 5) Trojan.FatObfus.2.Gen Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status0 -
Hello Myros,
Right-click on "MyComputer" -> "Properties" -> click "System Restore" -> check the "Turn off System Restore on all drives" box -> click on "Apply"
Afterwards uncheck the "Turn off System Restore on all drives" box -> click on "Apply"
You should do all these steps with BitDefender disabled.
Have a nice day!0 -
Thank you, Lirima. That did the trick!
0 -
Please help,
I seem to be ifected by this virus and a second one called MemScan:Trojan.Virtumod.AMA. I have noticed that other users have included their log in order to receive help.
My log report is below. The Trojan.fatobfus.2.gen was also present on a previous report in C:\Program Files\DivoCodec\minime.exe and C:\Program Files\3wPlayer\minime.exe
the latter two however, have not shown on this report as I have unistalled these programs and possibly rid the virus. Can this trojan cause harm to my computer or is it just the annoying pop-ups that appear even when I am not connected to the internet (broadband). Please advise, getting frustrated!!!!!
Statistics
Scan path : C:\\
Folders : 4646
Files : 130807
Archives : 1883
Packed files : 8870
Identified viruses : 2
Infected files : 2
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 29
Scan time : 00:40:29
Scan speed (files/sec) : 53
Virus definitions : 878099
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 7
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Skip Proc.exe Infected Trojan.FatObfus.2.Gen
C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Skip Proc.exe Disinfection failed
C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Skip Proc.exe Move failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20071002 122911.aawqff=>(Embedded EXE g) Infected MemScan:Trojan.Virtumod.AMA
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20071002 122911.aawqff=>(Embedded EXE g) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20071002 122911.aawqff=>(Embedded EXE g) Move failed0
