Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/delf.zb


  • Please log in to reply
4 replies to this topic

#1 Johnz414

Johnz414

  • Members
  • 491 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, WI
  • Local time:06:33 PM

Posted 23 August 2007 - 09:55 PM

Hi,

That's all I want to know. Is this the down loader for the Bit Torrent program? If it is I'll probably want to keep it.

If it isn't then I'll probably want to know what it is and where it came from and how to permanently get rid of it. Windows OneCare keeps spitting it up over and over as a TroganDropper even after I use Windows OneCare to remove it.

So, do I need to be concerned. Windows OneCare seems to think I should be concerned. It says that the alert level is severe.

Anyone? Thanks.

John :thumbsup:
John

"Genius is nothing other than pointing out the obvious",
Albert Einstein.

"I am what I am and that is all that I am, I am Popeye the Sailor Man", Popeye.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:33 PM

Posted 23 August 2007 - 10:21 PM

Win32/delf.zb.

Did Onecare provide a file name/location associated with it? If so, you can submit the file to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

I would let Onecare remove it if it can. Post back if you encounter any problems with removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Johnz414

Johnz414
  • Topic Starter

  • Members
  • 491 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, WI
  • Local time:06:33 PM

Posted 23 August 2007 - 11:00 PM

Hi quietman7,

Windows OneCare did show where it was. I didn't catch that the first time looking at it. It was in "System Volume Information" which also very conveniently is a none accessible file, a perfect place to hide a TroganDropper.

However, when I went to check it out the file was empty. And when I had OneCare delete it after checking it out OneCare took the credit for removing it. Get that. So I'm not exactly sure what is going on here. I suspect that it will say that it is there again sometime sooner than later.

If you happen to know anything about that I'd appreciate hearing about it. Thanks.

John

Edited by Johnz414, 23 August 2007 - 11:03 PM.

John

"Genius is nothing other than pointing out the obvious",
Albert Einstein.

"I am what I am and that is all that I am, I am Popeye the Sailor Man", Popeye.

#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:33 PM

Posted 24 August 2007 - 05:37 AM

That is where your "restore" points are. You can delete the restore points and reset a new one. Below is a link to BC's tutorial on how to do that.
It is not a good idea to delete the restore points though until you are sure you are malware free. Below are links to two of the best programs (free to home users) to scan and remove any malware you may have. Suggest you use them.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Bleeping Computers "System Restore" Tutorial in link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:33 PM

Posted 24 August 2007 - 06:39 AM

Yes, as buddy215 said, the System Volume Information Folder is a part of System Restore - the feature that allows you to set points in time to roll back your computer. This folder is where XP stores these System Restore points and other information such as: Distributed Link Tracking Service databases for repairing your shortcuts and linked documents; Content Indexing Service databases for fast file searches; Information used by the Volume Snapshot Service (also known as "Volume Shadow Copy") so you can back up files on a live system.

System Restore contains configuration, settings and files that are necessary for your computer to run correctly. System Restore works by taking snapshots of this vital system information and creating backups (restore points). This includes registry configuration information for application, user, and operating system settings; Windows File Protection files in the dllscache folder; COM+ Database; Windows Management Instrumentation Database; IIS Metabase configuration; Files with extensions listed in the Monitored File Extensions list and Local Profiles. Restore points are created automatically (system checkpoints) by the operating system or manually by the user.

The System Volume Information folder is hidden/protected by default unless you have reconfigured Windows to show it. This prevents programs from using or manipulating the files that are inside it. The files are inactive while in the data store and are not used by any utility other than System Restore.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users