About “Trojan:Win32/Obfuscator.LZ!MTB” infection

The Trojan:Win32/Obfuscator.LZ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Obfuscator.LZ!MTB virus can do?

Executable code extraction
Creates RWX memory
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Trojan:Win32/Obfuscator.LZ!MTB?


File Info:
crc32: 93A683DC
md5: c2fe92a2074f58c81d623858b28f5b38
name: tmplmsm_v96
sha1: 7ad299f52825fa1703cad555857bdd1d431326a3
sha256: 3fd7ceb7988688a8ca3b67769a8d19c6b553ba708687b0a9fe1b5aef51e4c089
sha512: b885dabdf0747778c0eedceaa4a6f2fc037f869fbb1db06b8982cbae2aefb7067a5b0554d539bcccc07ab5b3d61c6ff7e6142f20be646f0b4904cb66d86ef7ff
ssdeep: 12288:05Lgn0PC6NT4OhLPkjXhgECrfobaQsdqO76Qa+OCQkkkkkksk0vk2kkvBrZupk9:05NqCTrIzhb0omQsqO7mSuZBk
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 Yellow GetCaught Corporation. All rights reserved.
FileVersion: 3.7.8.665 Let-7328236 
CompanyName: Yellow GetCaught Corporation
ProductName: Yellow GetCaughtxae ProvideLetxae tail past
ProductVersion: 3.7.8.665
FileDescription: Yellow GetCaught ProvideLet
OriginalFilename: Trouble five.DLL
Translation: 0x0409 0x04b0

Trojan:Win32/Obfuscator.LZ!MTB also known as:

FireEye	Generic.mg.c2fe92a2074f58c8
McAfee	GenericRXKZ-JB!C2FE92A2074F
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Trojan.GenericKDZ.67853
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKDZ.67853
Kaspersky	Trojan-Banker.Win32.Cridex.oje
MicroWorld-eScan	Trojan.GenericKDZ.67853
Rising	Spyware.Zbot!8.16B (TFE:dGZlOgW29/C5d1m/CA)
Emsisoft	Trojan.GenericKDZ.67853 (B)
F-Secure	Trojan.TR/AD.ZLoader.dfarq
DrWeb	Trojan.PWS.Panda.13701
Jiangmin	Trojan.Banker.Cridex.aaz
Avira	TR/AD.ZLoader.dfarq
Antiy-AVL	Trojan[Banker]/Win32.Cridex
Microsoft	Trojan:Win32/Obfuscator.LZ!MTB
Arcabit	Trojan.Generic.D1090D
ZoneAlarm	Trojan-Banker.Win32.Cridex.oje
TACHYON	Banker/W32.Cridex.549376
BitDefenderTheta	Gen:NN.ZedlaF.34128.Hu8@am4z8fki
ALYac	Trojan.GenericKDZ.67853
MAX	malware (ai score=83)
Malwarebytes	Trojan.ZLoader
Panda	Trj/GdSda.A
ESET-NOD32	Win32/Spy.Zbot.ADI
Tencent	Malware.Win32.Gencirc.10cdd435
Yandex	TrojanSpy.Zbot!W1VpHWV6h2w
SentinelOne	DFI – Suspicious PE
Fortinet	W32/Agent.BEVR!tr
Ad-Aware	Trojan.GenericKDZ.67853
AVG	Win32:Malware-gen

How to remove Trojan:Win32/Obfuscator.LZ!MTB?

Trojan:Win32/Obfuscator.LZ!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X