Fake Alert (Critical System Error):
"Your browser was infected by Trojan.Win32.Obfuscated.gx You need to clean your system immediately, in other case it can be crashed soon!
Click OK to download the high-tech antispyware protection software! (Recommended)"
This infection is usually installed by installing a fake codec:
It will serve relentless popups advertising for IEDefender. If you have installed IEDefender, you may have noticed it doesn't easily go away. These instructions should remove that as well. The motive of the infection is to get you to buy IEDefender. Presumably the malware author gets a referral fee for every copy sold. It works like this: Infect your system, display warning popups, install a rogue antispyware application, and then charge you to buy the program that claims to remove the infection they installed.
ShadowPuterDude has authored an automated tool for removal of Trojan.Win32.Obfuscated.gx. You can find the download and instructions here.
- NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
- Download FixIEDef.exe by ShadowPuterDude to the Desktop.
Note: FixIEDef now supports Non-English Language Systems
- Double-click FixIEDef.exe:
- That will open the About FixIEDef screen. Click OK to continue:
- Next, press the Scan! button:
- FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
- Wait for the scan to finish. It shouldn't take very long:
- After the !!! All Finished !!! message is displayed, click Exit:
- That's it! You're done, and the infection should be removed.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlog...processutil.htm
Mirrors: Alternate official download locations for FixIEDef.exe
This is a self-help guide. Use at your own risk.
Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply.
Edited by admin, 12 January 2008 - 11:35 AM.
support for non-English