virtool:win32/obfuscator tool.gp

[enddays]

Ran MSE this evening and it found    virtool:win32/obfuscator tool.gp  Avast did not detect it 

[polonus]

Hi enddays,

This is what MS say about this:

Technical Information (Analysis)
VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or  detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.
 
These obfuscation techniques are used on various kinds of malware. The malware that lies "underneath" may have virtually any purpose.

So the find can also be an obfuscated False Positive or a program that used these techniques to prevent it could be resource engineered or resource hacked.

If you still have the flagged file update to virustotals and see what av scanners flag it as real malware,
or upload it for analysis to wepawet.cs.ucsb.edu where you can see de-obfuscation and analysis to see if it is suspicious, malcode or false positive,

If genuine malcode upload to avast for analysis and adding for their signature base,

polonus

[enddays]

Hi polonus,

Thanks for the quick reply. Unfortunately I deleted the history in MSE and the file has gone. Sorry about that but I am still a bit of a novice with these things and won't repeat that action in the future   

[polonus]

Hi enddays,

That is the way we learn things. Well once bitten, twice shy. For reasons of this and similar I use a Firefox browser with NoScript and RequestPolicy extensions to stay clear of any scripted malcode surprises.
You experienced that the danger can now lure anywhere and on any site malcoders inject.
Maybe someone else will report further on these findings and their real or assumed threat.
But you did right to report here, thanks,

polonus

[enddays]

 " use a Firefox browser with NoScript and RequestPolicy extensions "    I am using Firefox atm, but am not sure what you mean by these extensions. Can you find the time to explain these please ? Thanks polonus

[DarkLegend]

They are add-ons that can be installed in firefox to increase your security. However, use caution as they are not by Mozilla and that means not all of them can be "trust worthy"

NoScript : https://addons.mozilla.org/en-US/firefox/addon/722

Request Policy : https://addons.mozilla.org/en-US/firefox/addon/9727

[enddays]

Thanks for the links DL. Personal question, do you use them ?

[DarkLegend]

Yes I do. I also use WOT (Web of Trust) which,in a search from google or w/e you use, gives an idea on whether or not the site is safe (I say idea as it is wrong at times as most things are).

Web of Trust : https://addons.mozilla.org/en-US/firefox/addon/3456

Here is DR.Web link checker. You can right click websites in a google search or whatever search engine you use and click the scan button. Their webserver  will connect to the page,scan it and report what it finds if anything at all.

Dr. Web : https://addons.mozilla.org/en-US/firefox/addon/938

I have used all of these add-ons that I have posted. I stopped using Dr.web do to technical issues... It kept giving me a 503 error on alot of the pages I tryed to scan.Which I think has to do with it being able to connect or scan the page, I am not sure.

But, You can try all of these that are posted here as they are safe if that is what you are wondering about.

[enddays]

Will try them now. Thanks for all the info