SILLYDL DIC

[sephiroth]

im running XP Pro SP2 and when i get online i run yahoo toolbar with antispy
CA to be precise and detected this trojan SillyDl DiC i tried to remove it
but it keeps coming back..i searched for it online on ways to remove it and
windows live search tells that it can be removed by onecare scanner so i went
to the website run the scanner but it did not detect this spyware..i ran my
windows defender too yet still the detection of this spyware is
unavailable..i have adaware, and some antispy but they cannot detect the
presence of this spyware..HELP!!!
for info of this spyware type SILLYDL DiC on windows live search

 

[David H. Lipman]

From: "sephiroth" <[email protected]>

| im running XP Pro SP2 and when i get online i run yahoo toolbar with antispy
| CA to be precise and detected this trojan SillyDl DiC i tried to remove it
| but it keeps coming back..i searched for it online on ways to remove it and
| windows live search tells that it can be removed by onecare scanner so i went
| to the website run the scanner but it did not detect this spyware..i ran my
| windows defender too yet still the detection of this spyware is
| unavailable..i have adaware, and some antispy but they cannot detect the
| presence of this spyware..HELP!!!
| for info of this spyware type SILLYDL DiC on windows live search

Start with the Sophos module of the below utility...

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[sephiroth]

From: "sephiroth" <[email protected]>

| im running XP Pro SP2 and when i get online i run yahoo toolbar with antispy
| CA to be precise and detected this trojan SillyDl DiC i tried to remove it
| but it keeps coming back..i searched for it online on ways to remove it and
| windows live search tells that it can be removed by onecare scanner so i went
| to the website run the scanner but it did not detect this spyware..i ran my
| windows defender too yet still the detection of this spyware is
| unavailable..i have adaware, and some antispy but they cannot detect the
| presence of this spyware..HELP!!!
| for info of this spyware type SILLYDL DiC on windows live search

Start with the Sophos module of the below utility...

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

http://www.pctipp.ch/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


first of all id like to thank you for your quick response to my problem..i tried sophos run with your help and i then my computer beeps very badly i had to stop it and logged out..i tried to run it again and then it beeped again like the first time but this time i just let it run and found sophos found no virus at all when i ran the yahoo antispy its still there..ca seems to be the only one able to detect this ill try kaspersky later

 

[David H. Lipman]

Hmmm.... I don't know what all the beeping was about.

I checked for cross-reference and saw Sophos recognized this infector. That is why I told
you to use it first.

http://ca.com/us/securityadvisor/virusinfo/virus.aspx?id=66946

Also known as: WORM_DLOADER.RVV (Trend), WORM_Mal/Behav-159 (Sophos),
WORM_TrojanDownloader:Win32/Delf.TN (MS OneCare), Trojan-Downloader.Win32.Delf.cle
(Kaspersky)

Kaspersky and Trend Micro both recognize this as well. Both modules are in my Multi AV
Scanning Tool.

What is/are the Fully Qualified Name(s) and Path(s) of the files that are deemed to be
infected ?

 

[sephiroth]

i dont know qualified names..yahoo ca antispy indicate sillydl dic as a file
type located in c:\autorun.inf .. i did an online scan with msonecare as well
as trend micro but it seems that they have not detected it.. i made a full
scan using sophos and and unfortunately it have not been found only the
strange beeping at least 10seconds or so the monitor indicate a cent sign and
c it was blurry here is my sophos log

Sophos Anti-Virus
Version 4.26.0 [Win32/Intel]
Virus data version 4.26E, February 2008
Includes detection for 345761 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 19:54:43, System date 08 February 2008
Command line qualifiers are: -di -remove -f -all -mime -mbr -noc -archive
-opt=ISCabinet --stop-scan

IDE directory is: c:\AV-CLS\Sophos

Using IDE file zlob-aid.ide
Using IDE file dropp-to.ide
Using IDE file eggdll-a.ide
Using IDE file wpepro-d.ide
Using IDE file vb-dyp.ide
Using IDE file tvido-a.ide
Using IDE file tiny-dc.ide
Using IDE file chir-b.ide
Using IDE file dldr-i.ide
Using IDE file sdbo-djz.ide
Using IDE file autor-bd.ide
Using IDE file cimuz-cv.ide
Using IDE file dloa-bid.ide
Using IDE file bckd-qls.ide
Using IDE file nucle-be.ide
Using IDE file agen-gor.ide
Using IDE file rbot-gwa.ide
Using IDE file autor-be.ide
Using IDE file gampas-q.ide
Using IDE file ircb-aag.ide
Using IDE file bckd-qlr.ide
Using IDE file linea-de.ide
Using IDE file agen-gok.ide
Using IDE file renos-b.ide
Using IDE file zlob-aic.ide
Using IDE file outpos-a.ide
Using IDE file spy-af.ide
Using IDE file mokey-a.ide
Using IDE file agen-goj.ide
Using IDE file smal-ela.ide
Using IDE file batvfu-a.ide
Using IDE file iishac-h.ide
Using IDE file hish-b.ide
Using IDE file sdbo-djx.ide
Using IDE file bckd-qll.ide
Using IDE file sdbo-djy.ide
Using IDE file qhost-j.ide
Using IDE file padodo-b.ide
Using IDE file autor-ba.ide
Using IDE file dropp-tl.ide
Using IDE file dload-az.ide
Using IDE file goldu-ge.ide
Using IDE file agen-gof.ide
Using IDE file autor-ay.ide
Using IDE file fakev-ap.ide
Using IDE file glupzy-b.ide
Using IDE file zlob-aia.ide
Using IDE file zlobdr-f.ide
Using IDE file rootk-bw.ide
Using IDE file autor-ax.ide
Using IDE file dload-ay.ide
Using IDE file jsdown-a.ide
Using IDE file dloa-bfy.ide
Using IDE file dllloa-e.ide
Using IDE file dloa-bhu.ide
Using IDE file killwi-r.ide
Using IDE file click-ep.ide
Using IDE file modul-a.ide
Using IDE file bank-ekl.ide
Using IDE file dref-au.ide
Using IDE file bagle-tn.ide
Using IDE file zlobdr-e.ide
Using IDE file dropp-te.ide
Using IDE file dropp-ti.ide
Using IDE file bytev-ab.ide
Using IDE file bishin-a.ide
Using IDE file dwnl-hah.ide
Using IDE file dwnl-hal.ide
Using IDE file dwnl-ham.ide
Using IDE file bank-ekq.ide
Using IDE file spybo-og.ide
Using IDE file bho-er.ide
Using IDE file xorer-b.ide
Using IDE file small-ab.ide
Using IDE file agen-gns.ide
Using IDE file agen-gnt.ide
Using IDE file bckd-qlb.ide
Using IDE file agen-gnw.ide
Using IDE file agen-gny.ide
Using IDE file agen-gnl.ide
Using IDE file traxg-n.ide
Using IDE file tanto-h.ide
Using IDE file psyme-hi.ide
Using IDE file ircb-aaa.ide
Using IDE file ircb-aac.ide
Using IDE file banlo-ew.ide
Using IDE file autor-at.ide
Using IDE file agen-gnp.ide
Using IDE file ircbo-zy.ide
Using IDE file ircbo-zz.ide
Using IDE file sdbo-djw.ide
Using IDE file ovdoz-b.ide
Using IDE file keylo-jw.ide
Using IDE file autor-au.ide
Using IDE file killmb-n.ide
Using IDE file bagle-tl.ide
Using IDE file rbot-gvz.ide
Using IDE file ovdoz-a.ide
Using IDE file zlob-aht.ide
Using IDE file agen-gln.ide
Using IDE file keybra-a.ide
Using IDE file injec-bx.ide
Using IDE file killjw-a.ide
Using IDE file dorf-at.ide
Using IDE file dropp-sz.ide
Using IDE file nulpro-a.ide
Using IDE file killdi-l.ide
Using IDE file ircbo-zv.ide
Using IDE file dload-b.ide
Using IDE file grayb-ct.ide
Using IDE file psyme-gw.ide
Using IDE file bayrob-b.ide
Using IDE file pushdo-f.ide
Using IDE file pykse-d.ide
Using IDE file qhost-f.ide
Using IDE file bckd-qkx.ide
Using IDE file dorf-ap.ide
Using IDE file autor-an.ide
Using IDE file autoit-f.ide
Using IDE file rictio-a.ide
Using IDE file rootk-bp.ide
Using IDE file dloa-bhh.ide
Using IDE file ryuan-a.ide
Using IDE file dorf-aq.ide
Using IDE file ircbo-zs.ide
Using IDE file fakev-ao.ide
Using IDE file eriv-a.ide
Using IDE file edibar-b.ide
Using IDE file ennumi-a.ide
Using IDE file solow-h.ide
Using IDE file edibar-a.ide
Using IDE file mbroot-a.ide
Using IDE file cimuz-cu.ide
Using IDE file telemo-d.ide
Using IDE file kolabc-a.ide
Using IDE file mdro-bqd.ide
Using IDE file agen-gmu.ide
Using IDE file vb-dym.ide
Using IDE file agen-gmo.ide
Using IDE file vora-a.ide
Using IDE file agen-gml.ide
Using IDE file dorf-as.ide
Using IDE file yasspy-b.ide
Using IDE file yuner-a.ide
Using IDE file dropin-a.ide
Using IDE file dawin-b.ide
Using IDE file agen-gmk.ide
Using IDE file agen-gmc.ide
Using IDE file delf-ezs.ide
Using IDE file kobot-b.ide

Full Scanning

Could not check C:\Program
Files\ScanSoft\OmniPageSE4.0\OpproGer.chm\/#TOPICS (virus scan failed)
Could not check C:\Program
Files\ScanSoft\OmniPageSE4.0\OpproGer.chm\/#URLSTR (virus scan failed)

1 master boot record swept.
316 files swept in 1 minute and 0 seconds.
2 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

 

[David H. Lipman]

From: "sephiroth" <[email protected]>

|
| i dont know qualified names..yahoo ca antispy indicate sillydl dic as a file
| type located in c:\autorun.inf .. i did an online scan with msonecare as well
| as trend micro but it seems that they have not detected it.. i made a full
| scan using sophos and and unfortunately it have not been found only the
| strange beeping at least 10seconds or so the monitor indicate a cent sign and
| c it was blurry here is my sophos log
|


svchost.exe -- is a file name
c:\windows\ system32\svchots.exe -- is a fully qualified file name and path.
c:\autorun.inf -- is a fully qualified file name and path.

Right-Click on c:\autorun.inf
Choose "Open"

Select all of the text and copy it to the clipboard.

Paste the contents of c:\autorun.inf in your reply.

 

[David H. Lipman]

From: "sephiroth" <[email protected]>

< snip >

| 1 master boot record swept.
| 316 files swept in 1 minute and 0 seconds.
| 2 errors were encountered.
| No viruses were discovered.
| Ending Sophos Anti-Virus.

I just nothiced, you didn't scan the ENTIRE hard disk ?

You should !

 

[sephiroth]

i now have this (imgINSOY) when i right clicked my hard drives..i did run a
full scan on sophos.. i guess i will have to run it again with the beeps

 

[1PW]

Hi. I also have a problem with the "sillyDl DIC" trojan virus. I've
tried what was posted but everytime I use CA antispy to check, the virus
persists. Also, when I try to remove the virus with the CA antispy, a
message is displayed stating that administrative rights are required. I
am using vista not xp and I've done thorough scans with trend but it
wont go away. Please help!

Hello bondoh:

Since your other posts were seemingly to other newsgroups, we don't know
what you've done other than what you've stated above.

Please note - you have posted your Vista trouble on an XP newsgroup.

Please download, update and run MBAM from:

<http://www.malwarebytes.org/mbam.php>

*and*

SUPERAntiSpyware Free Edition from:

<http://www.superantispyware.com/download.html>

Both are freeware.

Might as well let us know your progress here.

Pete