Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.spy.delf.uc How Do I Get Rid Of This Thing?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ayriana22

Ayriana22

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:34 PM

Posted 29 June 2007 - 02:30 AM

Spyware doctor found 3 infections of it in the registry but it wants me to pay for it to before it cleans them out. Avast found one but it didn't clean it up.
This thing is somehow interrupting my internet connection... meaning: At random intervals it will drop my DSL connection and I have to restart my computer or i won't be able to reconnect to the internet. Tried restarting the DSL modem and the router neither worked. This thing is tough to remove because I had 3 different AV programs and they didn't even find it. Adaware didn't find it, Comodo AV didnt' find it, NOD32 didn't find it, SpySweeper didn't find it.... this sucker is tough. :trumpet:

Any suggestions on how I can get rid of this thing once and for all? Restarting in the middle of a project or game is incredibly annoying and I really don't want a keylogger/backdoor trojan on my comp :thumbsup:


:flowers:
-Ayri

BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 29 June 2007 - 02:48 AM

This may be a false positive (which means that there is not an infection, but Spyware Doctor thinks there is). I have heard of this happening if you have QQ Instant Messenger on your system. If Adaware, Comodo AV, NOD32 and SpySweeper didn't find it then I think it is probably pretty safe to assume that it isn't there.

Try some on-line scans to make sure:

Housecall
BitDefender

I would suspect that the internet connection problems are unrelated.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Ayriana22

Ayriana22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:34 PM

Posted 29 June 2007 - 03:01 AM

Thanks! I'll try those. I don't use QQ Instant Messenger. I do use Trillian and MyspaceIM (waiting for Trillian to come out with Astra so I can delete the Myspace IM)
I've tried the Norton's Online scanner but that didn't seem to come up with anything. However, upon inspection of Comodo's Firewall block list I found the explorer file that Spy Doctor mentioned was this trojan so <shrug> I'll see what the other scanners come up with and repost.
-Ayri

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 29 June 2007 - 03:06 AM

If you know which file is suspect then upload it at Jotti for an analysis.

Jotti will analyse the file using the following:

A-Squared
AntiVir
ArcaVir
Avast
AVG Antivirus
BitDefender
ClamAV
Dr.Web
F-Prot Antivirus
F-Secure Anti-Virus
Fortinet
Kaspersky Anti-Virus
NOD32
Norman Virus Control
Panda Antivirus
Rising Antivirus
VirusBuster
VBA32
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Ayriana22

Ayriana22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:34 PM

Posted 29 June 2007 - 03:35 AM

Ok waiting for it to finish the scan. one file was cavname164
I re-ran spyware doc and it is telling me that three registry keys are infected


HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PLATFORM\_TYPE_LIST\1
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PLATFORM\_TYPE_LIST
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent

Not sure what these are but wanted to put em up here if it would be in anyway helpful.
Still waiting for the scan to finish <sigh>

:thumbsup:
-Ayri

#6 Giedrius M

Giedrius M

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 29 June 2007 - 03:56 AM

Spy doctor and spyware doctor are not the same. Which one do you have? Spyware doctor is rated quite highly, although full version is not free ( a bit lighter version could be downloaded via google pack, and spy doctor should be removed as fast as you can because it is a fake product:)

Best is to post a hijackthis log in appropriate forum.
My blog majauskas.com

#7 Ayriana22

Ayriana22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:34 PM

Posted 29 June 2007 - 03:57 AM

I have Spyware Doctor. Sorry for the confusion. :thumbsup:
Posted the hijackthis file under the appropriate forum too. :flowers:

Edited by Ayriana22, 29 June 2007 - 04:06 AM.

-Ayri

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:34 PM

Posted 29 June 2007 - 11:20 AM

Ayriana22,

Since you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.

If you have any questions, don't hesitate to send me a PM.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users