Malware

VirTool:Win32/Obfuscator.JZ removal tips

Malware Removal

The VirTool:Win32/Obfuscator.JZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What VirTool:Win32/Obfuscator.JZ virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Performs some HTTP requests
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

remtl.ca
shakepay.me
ocsp.digicert.com
mechathlon.ismu.ac.in
tamilcinemax.net
www.artemon.cz
airlux.bg
crl3.digicert.com
crl4.digicert.com
www.airlux.bg
www.2chemodana.com.ua
2chemodana.com.ua
www.aviafilm.com.ua

How to determine VirTool:Win32/Obfuscator.JZ?


File Info:

crc32: 44681283
md5: 05a76e1caa9f0abae9b01992e5c9dadc
name: 05A76E1CAA9F0ABAE9B01992E5C9DADC.mlw
sha1: 293c7473f5f35495ba572a31a29ae2e627c3cbdf
sha256: 4f34df937a0ef592a5cdbace15a16cf87fdc954ab8db2b094dc3bcdb251c3ce8
sha512: eb3e3f723fcc7bc214be1b9aa9c7156bec86384dd7317a4bdd4e2597fc1a2a9a99dd2a38e51f60d8b5ad359130fa0f40a7d48464dd7df34dc27551c45d5739ab
ssdeep: 3072:A/dgTkmPIWtZ3Z580Kj2ZOUB1f4rpzLJwpa:QdgTHPIWtZ3Z58Zj2Z5zO1w
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0409 0x04b0
ProductVersion: 1.00
InternalName: jk
FileVersion: 1.00
OriginalFilename: jk.exe
ProductName: jk

VirTool:Win32/Obfuscator.JZ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Adware.Symmi.3219
FireEyeGeneric.mg.05a76e1caa9f0aba
McAfeeGenericRXHS-EI!05A76E1CAA9F
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusNetWorm ( 700000151 )
BitDefenderGen:Variant.Adware.Symmi.3219
K7GWNetWorm ( 700000151 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/VB.BZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Adware-gen [Adw]
KasperskyTrojan.Win32.Cossta.agxv
AlibabaTrojanSpy:Win32/Cossta.2921ba45
NANO-AntivirusTrojan.Win32.Cossta.exetuk
AegisLabTrojan.Win32.Cossta.4!c
RisingSpyware.Bancos!8.2F8 (CLOUD)
Ad-AwareGen:Variant.Adware.Symmi.3219
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1138525
ZillyaTrojan.Cossta.Win32.10655
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
EmsisoftGen:Variant.Adware.Symmi.3219 (B)
IkarusTrojan.Win32.Cossta
AviraHEUR/AGEN.1138525
Antiy-AVLTrojan/Win32.Cossta
MicrosoftVirTool:Win32/Obfuscator.JZ
ArcabitTrojan.Adware.Symmi.DC93
ZoneAlarmTrojan.Win32.Cossta.agxv
GDataGen:Variant.Adware.Symmi.3219
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Cossta.R70895
BitDefenderThetaGen:NN.ZevbaF.34590.hm0@aWgxRxei
ALYacGen:Variant.Adware.Symmi.3219
MAXmalware (ai score=99)
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.4053435585
ESET-NOD32a variant of Win32/Spy.Bancos.ACM
TencentWin32.Trojan.Cossta.Frz
YandexTrojan.GenAsa!hYUXhyo6tb4
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_95%
FortinetW32/Bancos.AAO!tr
AVGWin32:Adware-gen [Adw]
Cybereasonmalicious.caa9f0
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.FRS.HgIASOgA

How to remove VirTool:Win32/Obfuscator.JZ?

VirTool:Win32/Obfuscator.JZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment