Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

How to Remove Trojan.Win32.Obfuscated.gx

- - - - -

  • Please log in to reply
61 replies to this topic

#1
admin

admin

    Founder Geek

  • Administrator
  • 24,554 posts
How to remove Trojan.Win32.Obfuscated.gx

Fake Alert (Critical System Error):
"Your browser was infected by Trojan.Win32.Obfuscated.gx You need to clean your system immediately, in other case it can be crashed soon!
Click OK to download the high-tech antispyware protection software! (Recommended)"
Posted Image

This infection is usually installed by installing a fake codec:
Posted Image

It will serve relentless popups advertising for IEDefender. If you have installed IEDefender, you may have noticed it doesn't easily go away. These instructions should remove that as well. The motive of the infection is to get you to buy IEDefender. Presumably the malware author gets a referral fee for every copy sold. It works like this: Infect your system, display warning popups, install a rogue antispyware application, and then charge you to buy the program that claims to remove the infection they installed.

Removal Instructions:
ShadowPuterDude has authored an automated tool for removal of Trojan.Win32.Obfuscated.gx. You can find the download and instructions here.
  • NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
    Note: FixIEDef now supports Non-English Language Systems

  • Double-click FixIEDef.exe:
    Posted Image

  • That will open the About FixIEDef screen. Click OK to continue:
    Posted Image

  • Next, press the Scan! button:
    Posted Image

  • FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
    Posted Image

  • Wait for the scan to finish. It shouldn't take very long:
    Posted Image

  • After the !!! All Finished !!! message is displayed, click Exit:
    Posted Image

  • That's it! You're done, and the infection should be removed.

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlog...processutil.htm
If after running this tool the Trojan.Win32.Obfuscated.gx infection is still present, post a HiJackThis log in the Malware Removal Forum.

Mirrors: Alternate official download locations for FixIEDef.exe

http://it-mate.co.uk...ef/fixiedef.exe
http://hosts-file.ne...ef/fixiedef.exe
http://avant.it-mate...=Tools/FixIEDef
http://archives.myst...pyware/FixIEDef

=====================================================================
This is a self-help guide. Use at your own risk.

Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply.

Edited by admin, 12 January 2008 - 11:35 AM.
support for non-English

  • 0

Advertisements


#2
idontcare

idontcare

    New Member

  • Member
  • Pip
  • 3 posts
wow! 5 minutes is all it took to get a reply. thanks it seems to have worked. will definitely save this info. one more thing. where do i go to get the latest version of java that i need? so many different ones out there i have no clue which one (version 5 j2se or plain jane version 6 or whatever) that i need. thanks again for the quick help. so much faster than the tomcoyote forums.
  • 0

#3
admin

admin

    Founder Geek

  • Administrator
  • 24,554 posts
Glad we could help!

http://www.java.com/...load/manual.jsp
  • 0

#4
imwithavril2000

imwithavril2000

    New Member

  • Member
  • Pip
  • 1 posts
Thank you so much you guys. I just registered to your website so I could say thank you. I don't even know how I got this annoying virus. I think It got on my computer while I was looking for a video my friend told me was "so cool". It was the 2 girls 1 cup video. I'm still looking for a way to kill my friend for making me watch that video. Anyway thanks again for your help. It was so simple and safe. Now I know where to go If something similar happens again.
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and welcome imwithavril2000

Glad to hear the problem is sorted out and thanks for taking the time to register and let us know

Go easy on your friend :)
  • 0

#6
smoothdude11

smoothdude11

    New Member

  • Member
  • Pip
  • 1 posts
I just wanted to say thanks for the info. I got this virus when a friend told me to watch the BMG pain olympics. I hated it because everytime I opened a folder with internet explorer it would come up with that stupid screen, but I don't have that problem anymore. So thanks your instructions were very easy to follow.
  • 0

#7
Volgirl21

Volgirl21

    New Member

  • Member
  • Pip
  • 1 posts
OMG thank you so much! A friend of mine infected my computer also by looking for the 2 girls 1 cup video. I have since used the above program to disinfect my computer AND promptly created a guest account lol
  • 0

#8
Speedyspeedb

Speedyspeedb

    New Member

  • Member
  • Pip
  • 1 posts
Just registered to thank you guys so much for the removal program, been trying for days to remove the thing, downloading numerous fixes recommended and nothing helped, all of them took hours to scan and couldnt find anything. But this one fixed it in 30 secs....so just wanted to say thanks!
  • 0

#9
OMGTHANKS

OMGTHANKS

    New Member

  • Member
  • Pip
  • 1 posts
Thanks so much! I registered just to thank you for this. I went to dozens of other sites doing their manual removals and their programs.. nothing worked! This took care of my issue in under five seconds! You saved me :)

Edited by OMGTHANKS, 14 December 2007 - 03:06 AM.

  • 0

#10
emtecbri

emtecbri

    New Member

  • Member
  • Pip
  • 1 posts
:) Thank you so much!!! I've been trying for days to get obfuscated off my computer and that got it off in about 5 seconds. I got the trojan when my friend sent me that BME pain olympics video as well :) . Oh well, it's all gone now, and I love you! :) Thank you!!! :):);)
  • 0

Advertisements


#11
tom 8

tom 8

    New Member

  • Member
  • Pip
  • 2 posts
Hi there! I'm having a bit of a problem. I followed all the steps in the guide, but the virus does not seem to have gone away. I turned off all the other programs I had running, and then executed fixIEDef.bat. It did its thing, it actually got done within seconds which I thought was pretty fast. After I'd exited it and turned on Internet Explorer again, I got the same spam message as before.
I would have filed a HiJackThis log, but I got 404'd when I clicked the link. I don't know what's wrong. I really hope that I'm not totally screwed.

Edited by tom 8, 15 December 2007 - 01:29 AM.

  • 0

#12
Matt T

Matt T

    Member

  • Member
  • PipPipPip
  • 674 posts
Hey tom 8 and welcome to Geeks To Go! :)

Please read and follow the instructions [Here] and then post a log in the [Malware Forum].

A helper will be with you ASAP, but if it's been over 3 days without help, post a topic in the [Waiting Room]

Good luck
~Matt :)
  • 0

#13
dickblakemore

dickblakemore

    New Member

  • Member
  • Pip
  • 6 posts
Thank you for your advice as a result of which I have removed the 'obfuscated' trojan. I obviously collected it when I was looking at the Youtube website and was invited to download an ActiveX codec to enable me to see a video of a young guitar player. (I have included this information in case it is useful for other sufferers) I am very grateful for the effort that you and your colleagues have made.
  • 0

#14
Davidoyo

Davidoyo

    New Member

  • Member
  • Pip
  • 2 posts
I am having a problem removing Trojan.Win32.Obfuscated.gx even after following your instructions. I don't know what to do. This is a very annoying problem if you could help me get rid of i that would be greatly appreciated
  • 0

#15
admin

admin

    Founder Geek

  • Administrator
  • 24,554 posts
If the FixIEDef tool doesn't remove your infection it's important that you post a HijackThis log in the malware removal forum. These infections are constantly changing and identifying new variants will help yourself and others. :)
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.