We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Support

We’re here 24/7 to help you.


Email our support team and we'll get back to you within 24 hours.


 

 

How to remove Trojan.FatObfus.Gen


THREAT NAME
Trojan.FatObfus.Gen


CLEAN INSTRUCTION

1. Trojan.FatObfus is usually a downloader for the Swizzor trojan and Qhost trojan.

 

2.Go to Start, Run type regedit and press OK.

 

3. Navigate to the following keys:


- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser helper Objects


If you have an infection you should see there some keys that are pointing to files with random names
from the C:\Documents and Settings\Administrator\Local Settings\Temp (your temp directory).

Example of random names: d8a03198.exe or gmqnnljb.exe.

If you encounter those keys, then you should delete them and also you should delete the infected files too.

NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.


SYMPTOMS
1. You will see new programs in Task Manager.

2. The Internet Explorer start page will be modified.

 

3. An increased number of popups may appear.

 

4. You will not have access to several websites (usually antivirus websites).


DESCRIPTION
1. Trojan.FatObfus is an obfuscated file designed to hide the real intention of the malware.

2. Usually it is a downloader for several types of other malware, but the most encountered are
Swizzor variants and Trojan.Qhost.


Author:
The BullGuard Team