Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-Dropper.Win32.Delf.ech


  • Please log in to reply
5 replies to this topic

#1 baileyng

baileyng

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 29 October 2009 - 12:11 AM

Hi members,

I have this problem since last two days. I'm using Kaspersky and last two days, while I was using one of the software (.exe), Kaspersky popped up a message saying one of my files was infected with this Trojan-Dropper.Win32.Delf.ech

Kaspersky suggested to restart where it will delete the infected file. So I did. Then, I reinstalled the software and scanned it with Kaspersky. Everything is fine. But the moment I used this exe file again, the same warning appeared again. One of my friends suggested that I use ComboFix.exe but this problem still exist after all.

Anyone can solve this problem?? I'm desperately look for solutions here because I cannot use this exe file to run certain application. Other friends who use this exe file have no problem except me.

Thx.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 AM

Posted 29 October 2009 - 10:53 AM

What program are you trying to use?

Did Kaspersky provide a specific file name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system?

The detection on that file may be a false positive. Anytime you suspect a file may be a false positive, get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.

If it is a false detection, then you should contact the anti-virus tech support and advise them so they can investigate and make corrections. Most anti-virus vendors have instructions for file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 baileyng

baileyng
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 01 November 2009 - 03:26 AM

Thx for your reply.

I'm trying to use mapedit.exe downloaded from the server. Report from Kaspersky as follow:-


29/10/2009 11:56:02 AM Detected: Trojan-Dropper.Win32.Delf.ech Windows Explorer C:\USERS\BAILEY NG\GPSMAPEDIT\MAPEDIT.EXE
29/10/2009 11:56:15 AM Detected: Trojan-Dropper.Win32.Delf.ech TSVNCACHE.EXE C:\USERS\BAILEY NG\GPSMAPEDIT\.svn\text-base\mapedit.exe.svn-base
29/10/2009 1:44:42 PM Detected: Trojan-Dropper.Win32.Delf.ech Windows Explorer D:\MAPPING\GPSMAPEDIT\MAPEDIT.EXE
29/10/2009 1:44:43 PM Detected: Trojan-Dropper.Win32.Delf.ech Windows Explorer D:\MAPPING\GPSMAPEDIT\MAPEDIT.EXE
29/10/2009 1:44:44 PM Detected: Trojan-Dropper.Win32.Delf.ech TSVNCACHE.EXE D:\MAPPING\GPSMAPEDIT\.svn\text-base\mapedit.exe.svn-base


Kaspersky has deleted the file. Then I downloaded again. I was told that other ppl who use this mapedit with Kaspersky didn't detect this trojan. Is it possible that this trojan is still hiding in my laptop? If yes, how to remove it? I need to use my laptop to do some map editing.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 AM

Posted 01 November 2009 - 07:54 AM

Again it sounds like a false positive. Contact and advise Kaspersky tech support so they can investigate and confirm. Provide them with a link to the download if you don't have a sample to submit.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 baileyng

baileyng
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 02 November 2009 - 06:58 AM

Thx quietman7, u r right, false positive. Kaspersky has confirmed. Now i'm using back my laptop for mapping. Thx again.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 AM

Posted 02 November 2009 - 08:05 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users