dvldr32.exe (W32/Deloder-A) - Norton and Sophos won't detect?

Hi

I have a brand new install of XP Pro SP1

Detected the above trojan running today. Quickly DL-ed trial versions of
norton and sophos but neither can detect it although it is listed in the
databases for both.

is this because they are the trial versions? the sophos is supposed to be up
to date as of a few days ago.

Please help! i need to remove this without spending loads of money!


Joel

In article <bduo6a$25a$1@hercules.btinternet.com>, J
<ukbloke28@hotmail.com> writes
>Hi
>
>I have a brand new install of XP Pro SP1
>
>Detected the above trojan running today. Quickly DL-ed trial versions of
>norton and sophos but neither can detect it although it is listed in the
>databases for both.
>
>is this because they are the trial versions? the sophos is supposed to be up
>to date as of a few days ago.
>
>Please help! i need to remove this without spending loads of money!
>
It's not a virus, it's a Trojan.

Download a copy of AdAware, update it and run it... it finds and removes
Deloder.

http://lavasoft.element5.com/software/adaware/
--
Paul B

This Virus is spread using port 445 or an IRC Chat channel (port 6667), and
weak security provisions, which of course restricts it to Windows 2000 & XP.
There will likely be other files as well (such as PsExec and VNC disguised
as a copy of explore.exe). After getting rid of it, shut down port 445 by
adding the following non-existent Key.

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)

J.A. Coutts
Systems Engineer
MantaNet/TravPro
******************* REPLY SEPARATER ********************
In article <bduo6a$25a$1@hercules.btinternet.com>, ukbloke28@hotmail.com
says...
>
>Hi
>
>I have a brand new install of XP Pro SP1
>
>Detected the above trojan running today. Quickly DL-ed trial versions of
>norton and sophos but neither can detect it although it is listed in the
>databases for both.
>
>is this because they are the trial versions? the sophos is supposed to be up
>to date as of a few days ago.
>
>Please help! i need to remove this without spending loads of money!
>
>
>Joel
>
>

"Paul" <paul@streetka.biz> schreef in bericht
news:U$ReBhAgjuA$EwF1@clara.net...
> In article <bduo6a$25a$1@hercules.btinternet.com>, J
> <ukbloke28@hotmail.com> writes

> http://lavasoft.element5.com/software/adaware/
> --
> Paul B

And Spybot S&D at: http://security.kolla.de/index.php?...t&page=download

On Wed, 2 Jul 2003 16:47:56 +0200, "Karel" <karel@nomail.com> wrote:

>
>"Paul" <paul@streetka.biz> schreef in bericht
>news:U$ReBhAgjuA$EwF1@clara.net...
>> In article <bduo6a$25a$1@hercules.btinternet.com>, J
>> <ukbloke28@hotmail.com> writes
>
>> http://lavasoft.element5.com/software/adaware/
>> --
>> Paul B
>
>And Spybot S&D at: http://security.kolla.de/index.php?...t&page=download
>

and The Cleaner at: http://www.moosoft.com/thecleaner

---
Get NukeNabber 2.9b @ http://www.dynamsol.com/puppet/
Read the NN FAQ @ http://www.dynamsol.com/puppet/faqs/nnfaq.html
The Cleaner 3.1 @ http://www.moosoft.com

"Never judge a man until you've walked a mile in his shoes... because then you are a mile away and you have his shoes."