Over 1 million tech questions and answers.

NOD32 cant delete WIN32/Delf.NJW trojan

Q: NOD32 cant delete WIN32/Delf.NJW trojan

Hi, I've been having difficulty getting rid of a WIN32/Delf.NJW trojan that my NOD32 scan picked up on. Each time it tries to delete the infected flile it is prevented from doing so... this is the error message:
"C:\Program Files\Webroot\Spy Sweeper\WRSSHP.EXE - Win32/Delf.NJW trojan - quarantined - error while deleting - file is locked up - error while deleting - file is locked up"

The infected file is in my Spysweeper software. I have tried turning this off so that the application is not running whilst NOD32 tries to delete it but it still showing up as a process running in task manager (ending process in task manager does not work either).

I do not know how to delte this file!
can anyone help?

This is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Portrait Displays\PerfectSuite\dthtml.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop" target="_blank" class="wLink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: PerfectSuite.lnk = C:\Program Files\Portrait Displays\PerfectSuite\dthtml.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147984478253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155312794968
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsslsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\PerfectSuite\dtsrvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12063 bytes

RELEVANCY SCORE 200
Preferred Solution: NOD32 cant delete WIN32/Delf.NJW trojan

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: NOD32 cant delete WIN32/Delf.NJW trojan

don't delete it
it is a false alarm

send a message to NOD support to get it fixed

Read other 3 answers
RELEVANCY SCORE 91.2

Hello, I did a McAfee 8.5 scan this morning, an AVG scan, spyware, and adware scan and everything came back clean. I then did a KASPERSKY ONLINE scan and it came back with 12 viruses. I used killbox to delete the viruses that Kaspersy identified; however, I could not get rid of the Trojan-clicker.Win32.delf.mi file located in C:\WINDOWS\system32\clusapih.dll.bak. Any help would be appreciated. Thanks, here is my HJTlog.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:25 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\rnathc... Read more

A:an't Delete Trojan-Clicker.Win32.Delf.mi

Read other 16 answers
RELEVANCY SCORE 83.6

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 77.6

I'm apparently infected with these trojans and they're in quarantine I believe, I can't delete them or remove the folders they're in from my system because I don't have permission to do so. My computer also seems to freeze and slow down a lot after browsing on the net or just working on the computer in general after an hour or two.

I won't be able to post a Panda scan since their scanner isn't compatible with Vista.


Quote:




Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 00:58:32
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Users\Kosta\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\dllhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie... Read more

A:Computer slows down:NOD32 detects Win32/Trojan and Win32/SpyAgent Trojan

*bump

Read other 2 answers
RELEVANCY SCORE 75.2

Hello,My name is Raj and I am a new member to this forum. Let me thank you, first of all, for all the help you all provide with solving these nasty issues. Now here is my situation.My problems started when my IE web pages did not load inspite of having good wireless connection. I ran AVG free and got the web browsing back. But then my CMD and regEdit tools would not work. I ran Spybot S&D but it did fix my issue. In addition my desktop stopped loading. I could use ctrl+alt+delete to get task manager and then use File -> Create New task to run explorer.exe. This would get my desktop back but only intermittently. Then I decided to buy Kaspersky. I was totally disappointed with it. It detected several malware but it could not cure Trojan-Clicker.win32.delf.cbe and Rootkit.win32.podnuha.a infections. It would try to delete these files, ask me to restart the computer and would not delete the files after the restart. Each time I restart the computer, it would detect these, try to delete, ask me to restart and the cycle continued. On top of the I lost my CMD and reggedit tools again. I tried to run dds.scr with the hope of getting you all the dds logs but my CMD tool does not work. In addtion whenever I tried to run 'cmd' I would lose my desktop (if I happend to get it back comehow).So instead of giving you attach.txt I can only give HT logs at this point. Hope you can help me out and I appreciate your help very much.ThanksRaj P.S : I could not attached the log... Read more

A:Trojan-Clicker.win32.delf.cbe and Rootkit.win32.podnuha.a infections

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 12 answers
RELEVANCY SCORE 75.2

Hello, I was told to post here by the moderator. Here's the scoop: I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot d... Read more

A:2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Hello dmacc01.If you still have the same issues, you may consider the following. But first, be absolutely aware that having the system without an antivirus program is an extremely dangerous thing.Let's have you create a restore point (at this time). 1. Right click the My Computer icon on the Desktop and click on Properties.2. Click on the System Restore tab.3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.5. we only want to monitor the drive with Windows o.s.If you are unable to activate System Restore or if the service is disabled, then.....from the Start button > RUN option .... type in services.msclook for System Restore serviceIf it is listed as off or inactive, press on the link at top left to Start it.Next, See and do as outlined here http://bertk.mvps.org/html/createrp.htmlAfter that, also do this:1. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT... Read more

Read other 4 answers
RELEVANCY SCORE 75.2

Hello, I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot disk it does not recognize my hard drive so ... Read more

A:2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Probably you best chance is to submit a HJT logPlease read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another r... Read more

Read other 3 answers
RELEVANCY SCORE 75.2

system spec

intel 6320
2gig ram
ATI HD240
unkown MB


recently i noticed my pc getting a lot slower than normal IE scrolling down on an email would cause the window to stutter where normaly it would be smooth. i ran a virus scan useing AVG (paid version) and it didnt come up with anything i also ran adaware and i tried to install spybot but it unable to connect to the server to install. i tried the same spybot exe on a seperate machine and it installed fine

the computer was still slow so i ran a kaspersky online scan which found a few trojans and backdoors (see attached txt) that AVG fails to detect.


DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by L.HALL at 20:30:22.25 on 24/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1443 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 74.4

Hi I have been overrun with adware etc in the last month or so. Have run through the steps in your preperation guide. Any help much appreciated.Thanks DaveLogfile of HijackThis v1.99.1Scan saved at 12:59:22, on 16/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\SMSC\Seticon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeC:\Program Files�... Read more

A:Infected With Win32.delf.trojan.b And Win32.centim

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:Daily Weather ForecastThen reboot your computer.Step #2Scan again with HijackThis and check the following items:O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exeAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #3We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Step #4Reboot Your System in Safe Mode:Restart the computer.As s... Read more

Read other 9 answers
RELEVANCY SCORE 72.4

hello,i've read most of the manuals here, and tried my best to scan and recover my pc. problem is, since i got infected by those trojans, i cannot use my antivirus/antispyware programs. they are instatnly closed as i open them. so i can't use AVG, Hijackthis, and others. i m not able to open websites that are connected to antivirus programs, with some exceptios.though i cant download and install them on my pc, even on safe mode - i managed to scan the pc online using Panda Active scan and bit defender. those have found hundreds of trojans and spywares on my computer. i have also used Search & Destroy ( with lil effect) and AdAware, but they weren't as effective as Panda and Bit Defender.although they have deleted quite a few, i stll cant access AVG , Hijackthis, and certain websites, including some of the forums here like HijackThis log Analysis (typical AVkiller.C work...).im writing this post from another computer, since i cannot enter the forum from mine.please advise me on how to clean my computer, and get rid once and for all of those pests. i've added some examples of the viruses found during the scan : (some could not be deleted)Panda's Active scan found: Virus:Trj/Downloader.MOW Disinfected C:\WINDOWS\system32\bxjoqoiabbjn.dll Bit Defender has discovered, but could not clean :C:\WINDOWS\system32\vpxyofsugazx.dllSuspected of: BehavesLike:Trojan.WinlogonHookC:\WINDOWS\system32\vpxyofsugazx.dllDisinfection failedC:\... Read more

A:Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More

i was directed to this forum by fozzie :[img] You have a nasty infection on hand Trojan-Downloader.Win32.Delf.pa (Trojan.Stwoyle) You will not be able to run HiJackThis unless a special tool will be utlised. Please post the panda report in the HiJackThis forum here and they will help you. This is a sophisticated tool which needs expertisewhat is this tool he is speaking of, and how can i utilise it?thank u for ur time.

Read other 11 answers
RELEVANCY SCORE 72.4

2 days ago I got into a nasty virus from a celebrity website that I grabbed a random image of 'Nicole Sherzinger' off of.

48+ hrs later and not even our battle scarred IT guy can get rid of it.

We have narrowed it down to a 'Delf.'

It will not let me go to mcafee, norton, ewido, or even to hijackthis.com (i got the hjt log from runalyzer).
Everytime we think we have it isolated it comes back.

Spybot always finds these and says it fixes them but does not:

Win32.delf.uc
Refpron
Win32.virut.bg
Win32.agent.icb
Win32.seneka.rtk
Win32.virut.ag

(sorry I posted the HJT log!!)

A:unusually ferocious trojan and/or combo of trojan and win32 variants...Delf?

Hello ,I have some good and bad news .The good is the IT guy is not crazy.. He'll never clean these.. The bad news is.............Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary. The virus disables Windows File Protection by in... Read more

Read other 11 answers
RELEVANCY SCORE 72

Help!! I have this Trojan on my computer but I cannot find any information on it. I see help for other Delf Trojans but not this one. Please help me to remove this. Thank you!

Here is my log file from HijackThis

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\... Read more

Read other answers
RELEVANCY SCORE 72

Hi i have just run kaspersky online scanner and i have found some threats on my computer, how do i get rid of them please?

C:\Program Files\SuperLogix\Super Utilities\SuperMenuHook.dll :Trojan.Win32.Delf.cmv
C:\Windows\system32\baksm.dat :Trojan.Win32.Delf.ceh
C:\Windows\system32\baksm.dll :Trojan.Win32.Delf.ceh
C:\Windows\system32\supermenuhook.dll :Trojan.Win32.Delf.ceh

Thanks.Andrew.

A:Trojan.win32.delf

that's an older establish program from a trusted web siteif you downloaded froma P2P source it may be malwarehttp://virusscan.jotti.org/http://www.virustotal.com/both of these services are good for submitting files for analysisShow Hidden Folders/FilesOpen My Computer.Go to Tools > Folder Options.Select the View tab.Scroll down to Hidden files and folders.Select Show hidden files and folders.Uncheck (untick) Hide extensions of known file types.Uncheck (untick) Hide protected operating system files (Recommended).Click Yes when prompted.Click OK.Close My Computer.

Read other 13 answers
RELEVANCY SCORE 72

I was browsing online using firefox and all of a sudden the browser close and an unknown program install itself name windows defender and perform a quick scan telling me that there was several viruses and that I should purchase their product. I knew right there in then I got a bug. A few seconds later the firewall and anti-virus was deactivated. Task manager didn't respond either. I disable the network card to disallowed any internet traffic. I ran spybot search and destroy, and found Trojan win32.delf.uv. along with 102 other items in the registry. I try removing it but it keeps coming back. I try going into safe mode to remove but a blue screen kept coming up with the error code; Stop: 0x0000007E (0XC0000005,0XB0537009,0XF789E3E0,0XF789E0DC). Any assistance is greatly appreciated.
 

Read other answers
RELEVANCY SCORE 72

Hi all,

I have a PC using XP Home Edition that is having trouble with a Trojan.
The PC cannot load either Internet Explorer for more than a few seconds (so no online virus check), or either regedit or msconfig in normal mode. Norton Internet Security 2005 and Norton Antivirus 2004 will not install either however, Norton Antivirus 2004 did find and delete hxdefdrv.sys, Backdoor.Hack.Defender, in its preinstall virus check.

I have run Adware and deleted the various files found. Adware has identified Win32.Delf.TrojanA and deleted it but this reinstalls itself on reboot.

HJT has been run in safe mode and the new log produced by Analyzer is set out below.

Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

Logfile of HijackThis v1.99.0
Scan saved at 16:21:09, on 15/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Sea... Read more

A:Win32.Delf.Trojan A & Others

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Ma... Read more

Read other 1 answers
RELEVANCY SCORE 71.2

Hi there,Well, to start off I just want to say that this trojan just doesn't seem to go away... I have the following programs, which I update and run on a regular basis:- Adaware SE Professional- Adwatch SE Professional- Spybot S&D- CCleaner- WinASO registry optimizer- Spyware Blaster- Index.dat suiteI understand that not all the programs above help my cause in the case of a trojan, but that's just so you know what tools I haveI run Avast Home licensed edition as my AV program.Avast detects various dll files in C:\windows as Win32:Trojano-1941 which I've been told is a more generic detection - the same files were detected as Trojan-Downloader.Win32.Delf.h by the Kaspersky online scan. I get random warnings about every hour that Avast has found another virus in a .dll file located in c:\windows - it changes names after I delete or "move to chest." In addition, two files in c:\documents and settings\mike\local settings\temp cannot be deleted, even with Total Commander in safe mode... ~DFA984.tmp and ~DF51CE.tmp. Not sure if these are a problem.... anywaysBelow I've posted the latest HiJackThis log and a log from Kasperksy.Logfile of HijackThis v1.99.1Scan saved at 7:56:24 AM, on 9/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:&... Read more

A:Trojan-Downloader.Win32.Delf.h

Hello gifro and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exeO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cabNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #4We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) o... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

This is a log runned in safemode since normalmode slows up and crashes..Aarrghhlllll !!! Please Help me out !!Logfile of HijackThis v1.99.1Scan saved at 4:05:34, on 30-12-2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\alt.exeC:\WINDOWS\alt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator.JARONXP.001\Bureaublad\stng259.exeC:\Documents and Settings\Administrator.JARONXP.001\Bureaublad\hijackthis_sfx\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explo... Read more

A:Trojan-clicker.win32.delf.eb

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 2 answers
RELEVANCY SCORE 71.2

Running Windows XP. Any help with this problem would be appreciated.

NOD32 Antivirus keeps telling me 'Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe. The file was moved to quarantine. You may close this window.' This is about a threat called 'Win32/Delf.OFG trojan'. Although it says it's been moved to quarantine, it keeps popping up with this notification every time I click 'hide'.

The file in question is: C:\WINDOWS\gfccra.rrn(and then, each time it pops up, a random number of 'x's after it).

Probably linked to this, a message occasionally pops up in the tray about some corrupt file or whatever and I should run chkdsk, which ran a few days ago anyway.

So, any help for what I can do to either stop the notifications, get rid of the malware/virus or just sort my computer out in general?

Thanks,

Ben

A:Help, I think I have a virus - 'Win32/Delf.OFG trojan'

Hello, C:\WINDOWS\gfccra.rrn(and then, each time it pops up, a random number of 'x's after it).What is that exact error message,thanks.I would like to run 3 more tools to see if we can get this.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick S... Read more

Read other 8 answers
RELEVANCY SCORE 71.2

Most of the files are deactivated by the virus scans. How can those be removed from the system entirely? Is there anything else, which needs immediate attention, and how do I go about it? Also, how can I make my computer faster?Thanks for your time!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:30:17 PM, on 10/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\TSI32\tsircusr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\CardReader2.0\OTiReader.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TSIRCSRV.EXEC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeC:\Program Files\Common Files\Logitech\QCDriv... Read more

A:Win32.delf Trojan-downloader!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum afresh My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the pro... Read more

Read other 19 answers
RELEVANCY SCORE 71.2

kaspersky found this =[detected: Trojan program Trojan-Clicker.Win32.Delf.lk File: F:\WINDOWS\system32\dmdskmgrmq.dll here is the hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:04:15 PM, on 12/12/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\csrss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\System32\Ati2evxx.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\Ati2evxx.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeF:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exeF:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeF:\Program Files\Logitech\SetPoint\SetPoint.exeF:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEF:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeF:\WINDOWS\System32\wdfmgr.exeF:\Program Files\Trend Micro\HijackThis\HijackThis... Read more

A:Trojan-clicker.win32.delf.lk

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 5 answers
RELEVANCY SCORE 71.2

Hi members,

I have this problem since last two days. I'm using Kaspersky and last two days, while I was using one of the software (.exe), Kaspersky popped up a message saying one of my files was infected with this Trojan-Dropper.Win32.Delf.ech

Kaspersky suggested to restart where it will delete the infected file. So I did. Then, I reinstalled the software and scanned it with Kaspersky. Everything is fine. But the moment I used this exe file again, the same warning appeared again. One of my friends suggested that I use ComboFix.exe but this problem still exist after all.

Anyone can solve this problem?? I'm desperately look for solutions here because I cannot use this exe file to run certain application. Other friends who use this exe file have no problem except me.

Thx.

A:Trojan-Dropper.Win32.Delf.ech

What program are you trying to use?Did Kaspersky provide a specific file name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system? The detection on that file may be a false positive. Anytime you suspect a file may be a false positive, get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.If it is a false detection, then you should contact the anti-virus tech support and advise them so they can investigate and make corrections. Most anti-virus vendors have instructions for file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

Read other 5 answers
RELEVANCY SCORE 71.2

Hi everyone! I used to come on here a lot a couple years ago, but for the life of me I can't recall the user name I had. Anyway, the people who sorted out my mess years ago helped me so much, so thought it would be best to ask this forum.
My problem is my pc at work. I noticed that this computer took forever to open a site and I had a feeling it was infected. Adaware (I think it's called) didn't find no problems. Spybot S&D found a few spywares including the trojan, Win32:Delf-HPR [Trj], and after scanning for what felt like HOURS it was supposedly clean/fixed (it wasn't). But my Avast keeps warning me about this trojan. I try to move the file or just temporarily disable it, but didn't work. My only other open is to delete it, but I'm afraid I may mess it all up. Here is the DDS log. I hope someone could help me.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Joe Bonanno at 11:40:39.10 on Wed 04/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.54 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090408-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files ... Read more

A:Trojan called Win32:Delf-HPR [Trj]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 19 answers
RELEVANCY SCORE 71.2

I have an Acer laptop with Windows XP.
Recently, the pop-ups have been starting, so I figured I have some virus.
I downloaded the free Avast protection system, and found the Win32Delf-IFY [Trj] virus in several files.
I moved most of the infected files into the "Chest" of my new virus protection software. Two of the infected files I had to delete (I couldn't move them into the Chest).
Now what do I do? Can I leave the infected files in the Chest, or do I need to repair and restore them? How do I do that? Any advice?

By the way, one infected file was C:\Windows\systems32\syskgr.exe
and most of the rest were in C:\Documents and settings\Owner\Local settings\Temp

I'm a beginner at all of this, so any advice will help. Thank you!
 

A:Win32 Delf Trojan question

Read other 13 answers
RELEVANCY SCORE 71.2

Hello. I have just found the win32.delf.uc trojan virus when I ran spybot. My computer has been acting really strange so I am back to ask for further help. The description says that it reinstals on startup so I don't know what to do to get rid of it. I do have Deckard and Hijack This and Malwarebytes from last year when I needed help. I do have some basic skills but need help ASAP. Thanks in advance. You guys are the best!!
Scott

A:win32.delf.uc trojan virus

OPen Malware bytes, Click UPdate when done,scan and post the scan log in the next reply.

Read other 18 answers
RELEVANCY SCORE 71.2

Hi,

Since my computer has been infected it often shuts down, getting consecutively trying to start up without success.
I ran straight away Karpersky which detected and eliminated the Trojan.Win32.delf.zd but the problem keeps going on.
I followed the steps of your forum and I?m sending the txt files.

Thanks for your attention.

DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by LC at 10:04:45.31 on 2009-11-03
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.1033.18.1023.735 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283... Read more

A:Infected with Trojan.Win32.Delf.zd

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 18 answers
RELEVANCY SCORE 71.2

Thanks in advance for any help you can give. I was working with Boopme in another forum and he sent me over to this one to post a hijack this log.Topic referenced is here: http://www.bleepingcomputer.com/forums/t/183635/win32delfuc-trojan-virus/ ~ OBI have a few issues and he said that I am looking much better. Apparently I have a rootkit agent but I am showing the win32.delf trojan. I have run several malware scans as well as a few other programs. Just a side note, I couldn't get the enitre Kapersky log to post because it was extremely lon. It is showing all kinds of viruses in games that I have never downloaded or even played before. That is a little starnge to me. The parts that weren't able to post are almost identical to the ones that are listed. Thanks a lot for any help you can give to save my computer!ScottLogfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-16 20:32:35Microsoft Windows XP Professional Service Pack 3System drive C: has 134 GB (58%) free of 233 GBTotal RAM: 1919 MB (43% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:32:39 PM, on 12/16/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.... Read more

A:win32.delf.uc trojan virus

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not... Read more

Read other 12 answers
RELEVANCY SCORE 71.2

Hello I'm new here and I made this account because I am at a total loss. I have tried everything and cannot get this trojan off my computer, well everything short of reformatting. I have run vCleaner from AVG and it won't get rid of it, Spybot, AVG, AdAware, Hijackthis....everything and this thing keeps coming back, everytime I restart. I have deleted everything that was created on my computer in between the dates that i know the virus was contracted and it still appears. I even tried to system restore and it won't let me, even though i have it enabled. I would appreciate some help as my computer is my life and at the moment I don't have the money to replace the harddrives. Here are some logs for ya'll to check out. THanks in advance for any help Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:57:37 PM, on 4/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\AAWService.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe... Read more

A:Win32.Delf.uc Trojan....cannot remove please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

If anyone is willing to take this challenge and get me through this, I will donate $10 to the person or site (their choice). Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 1:55:15 AM, on 6/30/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Detto ... Read more

A:Trojan - Downloader.win32.delf.ks -- Need Help, Will Pay $10 Through Paypal

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 2 answers
RELEVANCY SCORE 70.4

Hi,My laptop is infected with the Trojan-Clicker.Win32.Delf.cbe virus. Kaspersky keeps popping up with this message that it is infected and deletes the file C:\Windows\System32\midehqjw.dll. But after every reboot the file is there again.I also got some kind of rootkit virus, kaspersky reporting strange files starting with names like kung*.tmp and kung*.dll and kung*.sys. I couldn't find these files anywhere on my harddrive though (some in memory virus?). It seems UnHackMe tool was able to remove those.I'm not sure if these two viruses are related though.I've attached the DDS and attach.txt. log. Any help on how to remove this would be greatly appreciated.***********DDS (Ver_09-05-14.01) - NTFSx86 Run by A.C. Ypil at 10:14:04,17 on za 06-06-2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: : {197811d7-bd2e-4de4-b17e-66a912e63ccd} - c:\windows\system32\veplsvp.dll... Read more

A:Infected with Trojan-Clicker.Win32.Delf.cbe

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

After having come home last night to find my desktop background and nothing else i have spent the last 10 or so hours trying to sort out my problems - which were when my pc booted up explorer.exe would just close, and if i restarted in in task manager, it would just do the same. Right now i cant even boot in normal windows without the system stallingi was infected with a lot of virtumonde, it took (fixvundo / spyware doctor / malwarebytes / smitfraudfix / spybot S&D) to get rid of it, with MBAM finally seeming to get rid of the last of it, (however having just rebooted i seem to have gained a whole host of other things, here is a MBAM log) -Malwarebytes' Anti-Malware 1.34Database version: 1782Windows 5.1.2600 Service Pack 220/02/2009 18:53:08mbam-log-2009-02-20 (18-53-06).txtScan type: Quick ScanObjects scanned: 62529Time elapsed: 2 minute(s), 16 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 3Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon... Read more

A:Win32.delf.uc trojan - (virtumonde just cleaned off)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

DDS (Ver_09-05-14.01) - NTFSx86
Run by K***** S****** at 15:58:35.34 on 28/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3326.2455 [GMT 1:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program File... Read more

A:trojan-clicker.win32.delf.cbe problem

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 8 answers
RELEVANCY SCORE 70.4

If anybody is willing to take on this challenge, I will reward with a $10 donation to the person or to the site, their choice.

I'm guessing I'll need to post a HJT log in the other forum to start things off.

I'll post back with a HJT log momentarily.

A:Trojan - Downloader.win32.delf.ks -- Need Help, Will Pay $10 Paypal

you made me smile don't you think you would get help for free? i thought sites and forums like this is imply for getting help, so you don't ned to offer money to get some attention.

Read other 3 answers
RELEVANCY SCORE 70.4

Hello everyone, just wanted to ask if you could help me rescue my roomates computer, he keeps getting a recurrent warning about the win32/delf trojan, apparently it is consistently reinstalling itself with hidden files...heres the log and thank you in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:14 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\... Read more

A:Roomate's PC Hijacked - Win32/delf trojan

Read other 8 answers
RELEVANCY SCORE 70.4

HeyI consider myself a very experienced user, and hence can usually get rid of most stuff on my own but this time I seem to have come across a particularly elusive virus/trojan on my system. Yes I got it from P2P file sharing and I understand the risks involved.Anyway, I noticed this first start when I opened a keygen -- Kaspersky noticed the virus and tried to stop it -- and then a mysterious processes tried to start sending data and I used Kaspersky to disallow that and to terminate the processes. However -- it's unable to keep the processes terminated permanently....the process just restarts itself again and trys to get through. So what I get is a fight between my anti-virus and this trojan for a period of a few minutes and then the trojan goes inactive for an unknown interval before it tries to fight Kaspersky again. The reason why kaspersky and the virus "fight" is because I told it to perform the same action (terminate and deny internet access) everytime it detected the trojan.Also of note: Ive seen mozilla firefox open a window on its own a few times (not often) but thats all that happens.I am going to post my kaspersky log as well as the logs in the "pre-post" instructions because I think the kaspersky notes will be helpful. KASPERSKY LOGSdeleted: Trojan program Trojan-Downloader.Win32.Zlob.knt File: C:\Users\Brian\AppData\Local\Mozilla\Firefox\Profiles\93x9ahv1.default\Cache\EC46F395d01deleted: Tro... Read more

A:Infected With Trojan-downloader.win32.delf.gas

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.

Read other 5 answers
RELEVANCY SCORE 70.4

Good Evening All,

I have ESET Nod 32 on my computer, tonight i have had over 50 popups saying that a trojan being put into Quarantine and not deleted.

I have checked the firewall and also window defender both seem to be blocked and unable to open them.

I am unable to work out where this trojan is on my computer.

Win32/Sirefef.FA.trojan

Could you please help? i know alittle computers but not much about the inners of the computer.

Please help if you can.

Helen

A:Eset Nod32 will not delete a trojan

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 1 answers
RELEVANCY SCORE 69.6

I was frequently getting the blue screen of death. Downloaded ad-aware. Up pops win32.trojan.delf. It was removed, and I frequently restarted and re scanned. It didn't pop up again. I have norton anti-virus installed also. I thought that was the last of it. I tried installing zone alarm for extra protection, upon restarting my computer to complete installation, my computer froze and did this 10 times and I wasn't able to even get my computer past start up. I rebooted in safe mode and did a system restore to yesterday (just after virus was removed). Computer was working fine. Now, all of a sudden msconfig wont run. I have been googling for hours now and I've managed to figure out that the virus affected my registry files. I know there's stuff I have to delete and do to completely remove the after affects but I dont know what to delete.

I downloaded hijack this. Here's the log report. Please tell me step my step what to do, I'm not that great on computers!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:49:13, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:... Read more

Read other answers
RELEVANCY SCORE 69.6

Been infested with trojans for a couple of weeks. Got A2 (EMSI) anti malware and Xoft; the A2 works better than my McAfee but after reporting no problems in the deep scan, I turned up these 2 in a scan of "All Users".

What should I do? Can I get software to remove them? Do I need to buy a new computer? I've changed my more important passwords several times but it doesn't seem to end despite all my clean-up attempts. And how much danger am I in for identity theft? How can I protect myself?

I've started to make back-up discs but these may be infected too. Can they be checked? Washed?

I'm relatively computer illiterate tho I depend heavily on my computer. On line banking among the many other conveniences. HELP!

I've attached copies of my a2's report on their scan of "All Users"

Thanks.

Eve

P.S. What are "tags"?
 

A:Trojan-Downloader.WMA.GetCode!IK and virus Win32.Delf.VD!IK

Read other 6 answers
RELEVANCY SCORE 69.6

Hi computer gods,
My AVG antivirus program picked up a Trojan horse Dropper.Delf.BLA and Virus Win32/PolyCrypt on my computer. They were found in the following locations on my computer.

Trojan Horse Dropper.Delf.BLA in C:Sytem Volume Information/_restore{46DE8921-1d39-44D2-A9E9-64119261F211}/RP4/A0000013.dll

Win32/PolyCrypt in C:Sytem Volume Information/_restore{46DE8921-1d39-44D2-A9E9-64119261F211}/RP7/A0000217.exe

Trojan horse Dropper.Delf.BLA in C:/WINDOWS/system32/splm/ncjapi32.exe ; this was detected in the registry key as well.

Win32/PolyCrypt was found in C:/WINDOWS/system32/splm/kbdsapi.dll earlier this week.

It have also previously picked up another type of Trojan horses (ex. Sheur.Cazb) and tracking cookies. All of which have been moved to the virus vault of AVG. Below is the logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:25 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\P... Read more

Read other answers
RELEVANCY SCORE 69.6

I have had 3 viruses or infections show up during virus scans. The only things out of the ordinary I have noticed is my homepage of comcast has a couple of sections that say loading and it never loads (including a display of how many emails I have), a pop-up of Trend Micro website continually pops up on my screen, and the computer seems to be running a little slower. I ran the Kaspersky scan and the DSS and posted below. Thanks,JamesKASPERSKY ONLINE SCANNER 7 REPORTThursday, August 7, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Thursday, August 07, 2008 18:37:50Records in database: 1067337Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\G:\H:\I:\J:\K:\L:\M:\Scan statisticsFiles scanned 308319Threat name 2Infected objects 3Suspicious objects 0Duration of the scan 04:25:06File name Threat name Threats countC:\Program Files\Iexplorer\Iexplorer.rmvb.vzr Infected: Trojan-Downloader.Win32.Delf.ixg 1 C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE.vzr Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 F:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE.vzr Infected: not-a-virus:AdWare.Win32.SearchIt.t 1Deckard's System Scan... Read more

A:Infected With Trojan-downloader.win32.delf.ixq And Adware

Hello hazegrey,Welcome back to Bleeping Computer Click Start Menu > Run > type (or copy and paste)%SystemRoot%\System32\restore\rstrui.exePress OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.Next goto Start Menu > Run > typecleanmgrClick OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * Whe... Read more

Read other 15 answers
RELEVANCY SCORE 69.6

yesterday my computer started having problems with this trojan trojan-spy.win32.delf.huk. and its going nuts. its slow as hell. idk how i got this because i never click in weird links or any of that.
i have searched google on how to remove this but i haven't been able to find a single thing about it..
i was using antivir before but it was not able to fix it. than i put kaspersky and its not disinfecting or deleting it.. i dont know what to do any more =(
Scan saved at 15:56:16, on 1/12/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Will\Local Settings\Apps\F.lux\flux.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Micro... Read more

Read other answers
RELEVANCY SCORE 69.6

I was frequently getting the blue screen of death. Downloaded ad-aware. Up pops win32.trojan.delf. It was removed, and I frequently restarted and re scanned. It didn't pop up again. I have norton anti-virus installed also. I thought that was the last of it. I tried installing zone alarm for extra protection, upon restarting my computer to complete installation, my computer froze and did this 10 times and I wasn't able to even get my computer past start up. I rebooted in safe mode and did a system restore to yesterday (just after virus was removed). Computer was working fine. Now, all of a sudden msconfig wont run. I have been googling for hours now and I've managed to figure out that the virus affected my registry files. I know there's stuff I have to delete and do to completely remove the after affects but I dont know what to delete.I downloaded hijack this. Here's the log report. Please tell me step my step what to do, I'm not that great on computers!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:49:13, on 02/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WI... Read more

A:Was infected with win32.trojan.delf, now msconfig wont run

Hi juicyjen ukWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please do this.Download RSIT by random/random and save it to your desktop.Double click RSIT.exe to start the tool.At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.Please post the contents of those logs here in your next reply.Thanksmaranatha

Read other 15 answers
RELEVANCY SCORE 69.6

When I start my computer, I receive notice that my windows firewall is off. When I click on the icon, it tells me my firewall is on. I have pieces of icons (font.exe) on my desktop, which will not move into my recycle bin. An hourglass remains on my desktop whether I am on the internet or working offline (and the computer is slow; for example, when I type in a password, the letters do not appear on the screen right away). NOD 32 virus scan detects the trojan and quarantines it, but if I run a malwarebytes', super antispyware, or lavasoft scan, the worm and trojan are detected. Scans indicate I must restart my computer to completely remove traces of these malicious objects, which I do. When restarting my computer, a windows boot cleaner appears on a blue screen with a list of deleted internet explorer files. Then the whole process starts again, with NOD detecting an Internet Explorer Trojan agent and downloader. How can I get rid
of this trojan and worm once and for all? Any help is much appreciated.

A:Infected with Win32 Trojan Delf & Worm Archive

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 69.6

Hello

Helping My Brother In BC. Iam In Ontario Using Team Viewer 4.1

This Trojan Keeps Showing Up In Nod32 Log Files Unable To Clean

Operating System WinXP Pro SerPack 3
Thanks

A:Win32/Kryptk.ABX Trojan Keeps Returning Nod32 Log

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 9 answers
RELEVANCY SCORE 69.6

hi Techies
i use webmail to access my work emails, today when i tried to logon to the website there was a software called as anrl.exe through IDM which was trying to download, i dint download first, the browser freezed and didnt get any response, then later i downloaded the file, NOD 32 detected it as a trojan
(4/18/2008 10:55:19 AM HTTP filter file probably a variant of Win32/Genetik trojan connection terminated - quarantined IBM\IBM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe)

again the connection was terminated and IE crashed, i had to restart IE, Tried to delete tempfiles using cc cleaner, no change...
i don have this issue while accessing other websites!!

could u please help to rectify this issue?
 

A:Win32/Genetik trojan-detected by NoD32

check this link about this attack for IE
can u guys help to sort out this issue

http://windowsitpro.com/article/articleid/98563/mcafee-reports-mass-iframe-attack-underway.html.
 

Read other 1 answers
RELEVANCY SCORE 69.6

Hi guys.

Everytime I start up, ESET Nod32 comes up with this problem:

Operating memory ? explorer.exe(3044) - a variant of Win32/Bifrose.NEC trojan - unable to clean

It can't seem to delete it. I hope you can help me remove this virus.

Thanks.

--

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.10.2
Run by Kevin Mark at 19:51:46 on 2012-12-31
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.1978.573 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\dwm.exe
C:\Program Files\Stardock\Decor8\Decor8Srv.exe
C:\Program Files\Stardock\Decor8\Decor8.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Connectify\ConnectifyService.exe
C:\Windows\system32\dashost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Windows ... Read more

A:Win32/Bifrose.NEC trojan Nod32 problem

Hello and Welcome to BleepingComputer Forums! My name is Chris and and I will be helping you with your computer problems. Before we begin, please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time I must get my fixes approved so I will be back to you asap

Read other 9 answers
RELEVANCY SCORE 69.6

Hello everyone!On Friday night my NOD32 popped up saying I had an incoming threat.The file: [url=http://lafixhex.cn/soft.exe]http://lafixhex.cn/soft.exe[/url]The threat: Win32/Kryptik.WC trojanI started up Rootkit to see if I could discover anything that should be there.Several appeared under the HKEY_LOCAL_MACHINE...Software...Microsoft...etc.However Rootkit froze and when I reopened it all these had disappeared.However my NOD32 pops up with the same threat ever half an hour several times.I terminate it and it still comes back.Any help would be much appreciative.Thanks.

A:Trojan/Rootkit/Win32/Nod32 [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers