Hi Guys

I have a sticky yet pricking problem here. Recently I have installed the latest version of Avast 4.5 Home Edition on my PC and upon installing and running, many viruses and Trojan Horses were found. Many of these I have deleted without even knowing and considering whether the files are critical to my PC or not. I hope that there will not be any impacts to my PC performance and application files. As you know when you first installed the Avast Antivirus program, you has not even got the time to do a Virus Recovery Database backup. Even if you have the time, you may be skeptical about the Virus Recovery Database Backup cos it might be infected too if you were to perform the operation at that time. That is why I deleted most of the files instead.

However, there is this infected file (Win32: Trojan-gen. {Other}), no matter how many times I have deleted it or move it to the chest, it will be detected again by Avast 4.5 Home Edition whenever I perform a subsequent reboot to my PC. This is really frustrating. I really wonder is there anybody out there who can help me out in this matter.

For your info, my PC runs on Windows XP Professional with SP2.
I am using a cable modem to hook up to the internet. This infected file is found in my this directory :- C:\WINDOWS\System32\delttsul.exe

No matter how many times I deleted it or move it to the chest, the file will simply restore or duplicate itself back to the respective folder and directory. I have even turn off my System Restore and performed numerous thorough Boot-time scan(inclusive of my archival files) but it just simply does not work. I tried to do it in “Safe Mode” too, however, the Avast 4.5 Home Edition does not work at all, be it Boot-time scan or manual selection scanning.

Is there anybody out there who can help me out on this?

Hope that there can be a solution to it. Thanks in Advance.

Conway

I advise you to submit the file to Jotti’s scanner (http://virusscan.jotti.dhs.org/), so that we know other names for the malware you’ve got. This way, we might find a removal tool you can use.

Click on the link in my signature and follow the instructions on that page to fully clean your system.

Hi Spyros

I have done a Jotti Online Scan to my infected file. Attached is the scanned result performed on my infected file from Jotti Online Scan. Hope that it will be helpful to you in helping me to resolve my problem. Thanks!

Conway

Do as I suggested to clean your system thoroughly.

Conway,
Sorry but I have not found anything about it.
Do what Eddy says.
And since it is a trojan you have, you should also consider getting an Anti-trojan program. There are a few free ones (ewido, a² - you can find more info & download links at my webpage, press the globe under my avatar)

S.

I have the same virus too.
When I click move to chest I have this message " Access Denied" Cannot process “c\windows\system\sysie.dll file”. What should I do?

I have the same virus too. When I click move to chest I have this message " Access Denied" Cannot process "c\windows\system\sysie.dll file". What should I do?

Do the same as Eddy suggested for Conway. (see above)

–lee

Hi Eddy

I have done what you have told me but it is still useless. The Trojan Virus is very stubborn. It refuses to be removed from my PC. What can I do now? Really very headache with this virus.

For your info, I found out other problems too when I was doing the thorough scanning in the safe mode. They are as follows:-

Name of File

1. C:\Documents and Settings\Administrator.FALCON-P7NPUUMT\Application Data\Microsoft\HTML Help\hh.dat\ChecklistSimple.chm\avast! - jednoduch?rozhran

Result for the above filename
Unable to scan: The filename, directory name, or volume label syntax is incorrect.

Name of File
2. C:\Documents and Settings\Falcon\Application Data\Microsoft\HTML Help\hh.dat\ChecklistSimple.chm\avast! - jednoduch?rozhran

Result for the above filename
Unable to scan: The filename, directory name, or volume label syntax is incorrect.

Name of File
3. C:\Documents and Settings\Falcon\Local Settings\Temporary Internet Files\Content.IE5\GLQJWPQB\DFVS-Net[1].rar\admin\Setup.exe

Result for the above filename
Unable to scan: RAR archive is corrupted.

Please advise me what to do with the Trojan Virus and the above few problems encountered.

Thanks!

Conway

Please post a HijackThis log here and let us have a look.

Mabey try deleting your temp interet files? from the internet explorer options?

please help I found this win32:IbDialer trojan in my computer and the file affected c:/Windows/DownloadProgramFiles/IberoDialer.HTML.dll
What should do?Is it ok if I delete the file?Any furhter action???
Please I’m getting crazy…
Thanx

It should be safe to delete, but you can also move to chest, where it will be inactive.

Run another scan and check to ensure that it is clear. In order for the IberoDialer.HTML.dll to work something has to call/run it, so you will also have to find that and deal with it too.

The best program for this is hijackthis, you can get this and information on what to do at Eddy’s HiJackThis Info and Analysis page, HiJackThis log file analyzer and follow the directions there and get back to us if you need more help…

If you want to try an on-line scan of your Hijackthis file try here [b]http://hijackthis.de/index.php[/b]

graziacare

Deleating this should be safe as it is part of a trojan.

Also try running these 2 good free programs, they are Ad-Aware
and spybot.

After please do as DavidR suggested as it will find any “left over” junk it leaves.

–lee

Hi Guys

Thanks for all the help that you have once rendered. My PC problem relating to the above somehow seem to be solved. There is no prompting of the Virus Alert anymore.

I really appreciate all the helps that you guys have rendered to me. Since the problem is solved, I will like to call upon this thread to be closed.

Conway