Computer Security & Viruses/Trojan.Win32.Obfuscated.wib

Advertisement

Expert: - 12/12/2008


Question
QUESTION: I have some strange virus i guess.... I have no idea why f-secure nor Spybot can get rid of it. actually spybot cant even locate it....? Need help... Here is the pop up i get when i dont use the computer for a while...  

"Message from message from F-secure anti-virus on on 12/8/2008"(note: It actually says "message from" and "on" twice...?)
   " Malicious code found in file C:\System Volume Information\_restore{126F4C0F-BA86-4D07-BC34-9FF0D3FC5BD8}\RP23\A0006044.0x.
Infection: Trojan.Win32.Obfuscated.wib
Action: failed. "

 Please help, or let me know where to go for help....

ANSWER: Hi Chris

F-secure is trying to delete the file located in your System Restore folder, but Windows will not allow it.  You don't say which version of Windows you are running, but the solution is to turn off System Restore, which will delete the file, reboot, then turn it back on.  

For XP:
http://support.microsoft.com/kb/310405

For Vista:
http://windowshelp.microsoft.com/Windows/en-us/help/f0688925-5abe-4caf-b49a-018f

Brian

---------- FOLLOW-UP ----------

QUESTION: I followed the instructions. turn off system restore, reboot, then turn system restore back on. as of yet i have had no problems... then again i just did it. we'll see what happens. thanks for the help, also as a follow up question. i was wondering why f-secure nor spybot would locate this problem when i ran the programs. f-secure would say that no viruses malware or spyware were located on any drives. and the same for spybot.... but that pop up i would get was an f-secure pop up. listed at the top of the window was an f-secure warning. BUT the window was not a standard f-secure window??.. It looked like an older version of a windows warning box with typos that i could not figure out... i don't understand that...?

Answer
Hi Chris

Spybot would not locate the trojan because it is generally an anti-spyware program, not an anti-virus.  The reason F-Secure located the file after the computer wasn't being used for a time is that the program probably scans during system idle.  I'm not sure why it would not detect it on a manually run scan...perhaps the settings need to be adjusted to run a full system scan on demand.  Maybe it is set to only scan certain files or folders.  That would explain it.  Finally, I have no idea what caused the typos.  An error in translation from Finnish, perhaps?  Assuming you regularly update the program, it's an error they may catch and patch one day.  If you need further help, just ask.  Cheers!

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.