Greetings! I’m not sure if this matter has been addressed already somewhere in this forum but my search for w32:bamital-T & w32:delfcrypt-f doesnt yield any results. These 2 trojan droppers infected my laptop through usb. Riding processes like svchost.exe, sometimes explorer.exe.
First instance of detection on normal windows, I booted windows on safe mode then ran Avast, these 2 droppers were detected (about8-9 of them) and were moved to chest. If asked to reboot, I did BUT I never booted on normal windows, instead went straight to safe mode again. Then ran MBAM, there came results also of what were seemed to be remnants of files overseen by Avast (thats why they best work together) and were also deleted after detection results. Then when asked to restart again, this time I booted on normal windows. But alas, Avast detected the same virus again and windows automatically shuts down/rebooted and unable to run windows normally to run any other diagnostics.
Did this whole process about 4-5 times already, but it is still there everytime I boot to normal windows. Malicious files of .exe & .sys on temp folders riding on processes i mentioned above. I already cleaned my temp folder & my System Restore is totally disabled on all drives.
Now what puzzles me lately is that after the last normal windows boot (virus was there of course), I booted on safe mode and ran MBAM, but both did not detect any virus or trojan! Did they mutate already? Im on Windows XP SP3, all virus & malware definitions are up to date. No other AV is installed other than the 2 I trust as they have worked effectively for me. I can say I am somewhat an advanced user on windows & drivers as well as virus handling but this is the first time I have encountered a stubborn trojan. Any ideas out there. TIA!
Although you have already done some of the steps, I suggest:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
Guys thank you! the SuperAntispyware did well, its now clean of virus. It is really a necessity to have at least 2 similar tools of different products. I thought the MBAM & Avast can solely protect all throughout even with the latest updates. Now I have 2 on-demand programs as a back-up.
Best of all, its these forums like these that makes the computing world a better learning place.