Tech guides

Whether you need removal instructions for a specific virus or just a quick tech tip - here is where you'll find advice from our team of technicians. These guides will reflect the latest security threats and hottest topics on our Antivirus Forum.

 

 

How to remove Trojan.FatObfus.Gen


THREAT NAME
Trojan.FatObfus.Gen


CLEAN INSTRUCTION

1. Trojan.FatObfus is usually a downloader for the Swizzor trojan and Qhost trojan.

 

2.Go to Start, Run type regedit and press OK.

 

3. Navigate to the following keys:


- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser helper Objects


If you have an infection you should see there some keys that are pointing to files with random names
from the C:\Documents and Settings\Administrator\Local Settings\Temp (your temp directory).

Example of random names: d8a03198.exe or gmqnnljb.exe.

If you encounter those keys, then you should delete them and also you should delete the infected files too.

NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.


SYMPTOMS
1. You will see new programs in Task Manager.

2. The Internet Explorer start page will be modified.

 

3. An increased number of popups may appear.

 

4. You will not have access to several websites (usually antivirus websites).


DESCRIPTION
1. Trojan.FatObfus is an obfuscated file designed to hide the real intention of the malware.

2. Usually it is a downloader for several types of other malware, but the most encountered are
Swizzor variants and Trojan.Qhost.


Author:
The BullGuard Team

We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.