Trojan horse Dropper.Delf.3.BE.

[OM]

I'm using AVG Antivirus.
I've just installed the latest version and it has found a virus on my PC.
The previous version (which was ALWAYS kept uptodate had never reported this
virus.)
Before running anything downloaded, I always scanned it first and have
always been careful!

The problem is that I've run the file with the virus in a few times.
i do have the occasional problem with the PC, when it locks up or reboots.
This only happens 2 or 3 times a week.
I have no reason to suspect I have a virus otherwise.
(And I don't have a million pop ups or anything.)

The virus in question is: Trojan horse Dropper.Delf.3.BE.

Do I need to do anything else? Do I need to be worried!

Thanks.


OM

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt307.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

Dave




| I'm using AVG Antivirus.
| I've just installed the latest version and it has found a virus on my PC.
| The previous version (which was ALWAYS kept uptodate had never reported this
| virus.)
| Before running anything downloaded, I always scanned it first and have
| always been careful!
|
| The problem is that I've run the file with the virus in a few times.
| i do have the occasional problem with the PC, when it locks up or reboots.
| This only happens 2 or 3 times a week.
| I have no reason to suspect I have a virus otherwise.
| (And I don't have a million pop ups or anything.)
|
| The virus in question is: Trojan horse Dropper.Delf.3.BE.
|
| Do I need to do anything else? Do I need to be worried!
|
| Thanks.
|
|
| OM
|
|

 

[Max M.Wachtel III]

I'm using AVG Antivirus.
I've just installed the latest version and it has found a virus on my PC.
The previous version (which was ALWAYS kept uptodate had never reported this
virus.)
Before running anything downloaded, I always scanned it first and have
always been careful!

The problem is that I've run the file with the virus in a few times.
i do have the occasional problem with the PC, when it locks up or reboots.
This only happens 2 or 3 times a week.
I have no reason to suspect I have a virus otherwise.
(And I don't have a million pop ups or anything.)

The virus in question is: Trojan horse Dropper.Delf.3.BE.

Do I need to do anything else? Do I need to be worried!

Thanks.


OM

Beginning of standard canned reply.

Update Windows. Use a firewall.
Use an Anti-Virus of your choice and keep it updated.
In Windows Explorer, set Folder Options to “show all files”.
Clean out all temp, cache, ect. files.
Download BeClean here:
http://boozet.xepher.net/beclean/

Download Sysclean from here:
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
Read this(it tells you how to use it!):
http://www.trendmicro.com/ftp/products/tsc/readme.txt
Reboot into safe mode and run Sysclean, write down results, then reboot
normally.
If offending file is in “restore” read this:
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Download AdAware from here:
http://www.majorgeeks.com/download506.html
Read the help files,download the winsock fix, and then Update and run
AdAware.
If you lose your Internet connection after running AdAware run the fix.
Winsock Fix here:
http://www.tacktech.com/display.cfm?ttid=257

Download Spybot Search+Destroy here:
http://www.safer-networking.org/en/download/index.html
Read this:
http://www.safer-networking.org/en/tutorial/index.html
Update and run Spybot (enable all protection).

Download Spyware Blaster here: (enable all protection)
http://www.javacoolsoftware.com/spywareblaster.html

Run a couple of online scanners (pick a different one than your main AV):

BitDefender:
http://www.bitdefender.com/scan/licence.php

Norton:
http://security.symantec.com/sscv6/...d=sym&plfid=23&pkj=XHPGJRSOMVZGYYTZXPE&bhcp=1

Panda:
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

eTrust:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

House Call:
http://housecall.trendmicro.com/housecall/start_corp.asp

If the previous do not solve your problems:
Download Bazooka here:
http://www.kephyr.com/spywarescanner/

Download SwatIt here:
http://swatit.org/

Download KL-Detector here
http://dewasoft.com/privacy/kldetector.htm

Download CWShredder here
http://www.intermute.com/spysubtract/cwshredder_download.html

Download HijackThis here:
http://www.majorgeeks.com/download3155.html
Install, run and save the log that is created. Don’t let it fix anything
yet!
You can find forums to post the log to have it analyzed here:
http://tomcoyote.org/hjt/

End of standard canned reply.

--
Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)