system32\stzzych.dll \ win32:delf-hpr

Hi everyone,

i already tried pretty much every program to scan this virus, nothing helped yet. I send the file to virustotal and the following was the result. If you can give me any other advice, feel free, i dont know anything else i could try.

Virustotal:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.12 Trojan.Win32.Boaxxe!IK
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.56 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.11 Win32:Delf-HPR
Avast5 5.0.332.0 2010.04.11 Win32:Delf-HPR
AVG 9.0.0.787 2010.04.11 Clicker.AEHI
BitDefender 7.2 2010.04.12 Gen:Trojan.Heur.fmSfymUOCQni
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4573 2010.04.12 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.04.12 MULDROP.Trojan
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.11 Gen:Trojan.Heur.fmSfymUOCQni
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.12 Gen:Trojan.Heur.fmSfymUOCQni
Ikarus T3.1.1.80.0 2010.04.12 Trojan.Win32.Boaxxe
Jiangmin 13.0.900 2010.04.11 Trojan/Ck88866.Gen
Kaspersky 7.0.0.125 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 Heuristic.LooksLike.Trojan.Crypt.ZPACK.B
Microsoft 1.5605 2010.04.11 Trojan:Win32/Boaxxe.E
NOD32 5018 2010.04.11 probably a variant of Win32/TrojanClicker.Delf.NDG
Norman 6.04.11 2010.04.11 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.42.06.04 2010.04.11 -
Sophos 4.52.0 2010.04.11 -
Sunbelt 6165 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.11 -
TrendMicro 9.120.0.1004 2010.04.11 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.11 -
VirusBuster 5.0.27.0 2010.04.11 -
weitere Informationen
File size: 88576 bytes
MD5…: d3683d521bedb12951e0d4aa533faa10
SHA1…: 429691cfd5cafba4d0361d86eb834431aae73826
SHA256: f8adf11d7854106cdf4fa75ab3108bb5fc19e27841410e8a0306a8cfd1cbf1a7
ssdeep: 1536:hZcTwAgx+oWH6dOYsgCRs6rFHwSqkC0/uHkIn1WYQdlgi2FEGQL9nouy8+:
357WSygMjF/JRfhout+
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40fa0
timedatestamp…: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x2c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x2d000 0x15000 0x14c00 7.99 853b8e7a516908612669e805aabaa7b9
.rsrc 0x42000 0x1000 0xa00 3.08 b7e3a4779c7381c7e1ff4a6ce191c3a6

( 4 imports )

KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
advapi32.dll: FreeSid
oleaut32.dll: SysFreeString
user32.dll: wvsprintfA

( 7 exports )
DllCanUnloadNow, DllGetClassObject, Fgccfcp, DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
RDS…: NSRL Reference Data Set

pdfid.: -
trid…: UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda’s Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher…: SMCORPNAME Corporation
copyright…: (c) SMCORPNAME Corporation. All rights reserved.
product…: Microsoft_ Windows_ Operating System
description…: SMVERI32 DLL SMVERI32
original name: SMVERI32.dll
internal name: SMVERI32
file version.: 5.1.2600.3248
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA
packers (Avast): UPX
packers (Avast): UPX

have you tried malwarebytes antimalware yet http://majorgeeks.com/download.php?det=5756

Yes,here is the log

Malwarebytes’ Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3978

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.04.2010 21:11:38
mbam-log-2010-04-12 (21-11-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 113449
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\ididp (Trojan.Sasfis) → No action taken.

Infizierte Registrierungswerte:
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) → No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) → Bad: (Explorer.exe rundll32.exe smvh.odo truux) Good: (Explorer.exe) → No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\smvh.odo (Backdoor.Bot) → No action taken.
C:\Windows\temp\E4B3.tmp (Backdoor.Bot) → No action taken.
C:\Windows\System32\drivers\svchost.exe (Trojan.Downloader) → No action taken.
C:\Windows\Sysvxd.exe (Trojan.FakeAlert) → No action taken.

The detections appear to be good.

  • Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.