Trojan-gen(delphi) is back

I knew it was to good to be true !! Avast is ringing out that this trojan is now in files A0015652.exe and Dc 41.exe I’ve put them in Avasts chest but I don’t know what to do now? slippery little sucker >:(

Read the help file to understand what the chest is.
Also use the search option on this board to find out more about it.
Then make up your mind on what to do with it.

To do a thorough cleanup of your system, follow the instructions on THIS PAGE

Hi I know this sounds stupid but, I’ve found that this is an old virus and I think it was in my laptop when I got it :-. Its low risk malware and tracks what I’m doing on the internet, I looked for the files and can’t find them so I don’t know if it’s dangerous to delete but I want rid of this. I posted my hi-jack log last night under you won’t believe it and everything that sowed up came undre my bt internet connection.I went to the page and got a bit freaked didn’t understand what to do :-[sorry thank you for helping

Leave the file in the chest for a week or two (it can do no harm from there) to ensure no adverse effect from being moved to the chest. Then scan the file again in the chest to ensure it is still detected as infected and if so delete it from the chest.

Thanks I’ll do that, I’ve just done another malware scan and it came up with 3 backdoor trojans low risk in my documents and settings and malware regkey XoloX Gnutella but I can find a it in my laptop to delete it ;Dhelp

When you mention something like this it is not really helpful as there really is not enough information.

What detected the backdoor trojans?
What was the virus name, what was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
What actions have you taken to try and resolve the problem?
With this basic information we can be more helpful.

To me it sounds like you are in some way vulnerable to have this happen so quickly do you have a firewall, if so what?

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.
  4. Download HijackThis.zip - HiJackThis Tutorial

Hi again I know I’m a pest It has been detected with malware scanner, Avast, Sygate.I have these plus spybot, Hi-jack this, Trendmicro and all the rest never picked it up. Malware came up with the back door trojan and all of them that has found it say that its trojan-gen(delphi) and it trcks and copys the movements I do on the internet. The files areDc41.exe c:\RECYCLER\5-1-5-21 andc:\System Volume Information… My friend had a go at removing by deleting but as you can see I’m worse than a novice I think this has been in here before I bought it it’s secondhand ( I know learn from it !!!) So please be patient and I appologise now for you probably pulling your hair.

The first two files you mention are already in “custody”. But the third one looks serious.
What is the complete file path:
c:\System Volume Information…

Do not reformat and reinstall windows as yet. If the culprit is located in the bootsector of the harddisk such drastic means won’t possibly help either !

When you delete something from one of the system folders windows in all its wisdom saves a copy to a restore point in the system volume information folder, just in case you made a mistake and want to restore it.

Disable system restore, this will clear all restore points and reboot, then scan again, if clean enable system restore.

Hi I tried the disable the restore system and nothing its all still there I never enabled it again I’ll wait to I’m told. The one you were asking about is A0015652.exe c:\System Volume Information_restore(2F12F2DD-7C59-4770-9424-6EABABBAEE)\RP16 I have no idea what this is I’ll leave that in you capible hands everything seems to be in mt documents and settings and when it comes to deleting and sorting this I’m very overwhelmed so Thank you

You need to reboot after disabling system restore for it to come into effect.

Win XP-ME - How to disable System Restore

I did reboot after then ran avast and malware scanner and it’s still there what do I do now boss ;D The malware scan keeps coming up with gnutella\ as well but none of the others do I found what it was on google but I can’t find it on the laptop and let me know about the restore system thanks

That is really strange, what OS are you using?

Are you using any other software which might stop changes to your system or files like Norton Go Back?

Are you logged on as the Administrator or does the user account have administrator privileges?

Have you tried scheduling a boot-time scan from within avast!?

Hi my OS is XP but as I’ve been getting more confident on this thing I’ve found that it was originally NT and they used to use avast as I’ve found kernel32.dll,winsock.dll and wsock32.dll in there. I am logged on as admin but theres 3 names in the box screen does that mean anything, I haven’t done a boot time scan but I’ll give it a bash and my ad ware scan came up with 32 negosible files all having the same number as the volume file???

AdAware is perhaps too sensitive and Negligible risk entries I have disabled on mine.

What is it saying about the entries?

Is avast detecting anything in the system volume information folder or only adaware? If only adaware I wouldn’t worry unduely and I would only worry about the fact that disabling system restore isn’t clearing the restore points in the system volume information folder.

Can you see this folder and its restore points in windows explorer?
If not in the Tools Folder Options ensure that show hidden files and folders is ticked. I don’t know if this may have anything to do with not being able to clear the restore points.

I ran avast after I did a boot time scan and it has com up with nothing now and when I got to the sys vol folder it’s empty is that the way its supposed to be? The only thing I seem to be getting is attacks in my cookies I’ve got the pop pus sorted but what would be causing this I had 18 hits in an hour and this lump of junk doesn’t like it thanks for being patient OH I’ve reversed the system restore is that right

Why I asked for the complete filepath in the System Volume Information folder you can find here:
http://blogs.msdn.com/oldnewthing/archive/2003/11/20/55764.aspx

The reason we ask questions is from the answers you give we can be more acurate about our advice, there are many questions asked that have npt been answered. This makes our work harder and takes longer to help you.

If you can’t see any restore points then what we asked you to do, disabe system restore and reboot has done what it should, clear all restore points. Yes if you are sure you are clean enable system restore.

Have you installed Spyware Blaster as that blocks a number of cookies.

I don’t understand what you mean by I keep getting attacks in my cookies, pleasle give more details?

popups are usually because you have some adware on your system, have you installed Spybot Search & Destroy (I know you have installed adaware)?

My suggestion to you is to download and install the firefox browser, it is much less susceptable to adware and spyware.

Hi i am sure it’s clean I’ve been running scans since this morning Avast thourgh scan says it’s clean. I’ve downloaded Spyblaster and updated with all protection running.I downloaded Firefox can I delete IE or just ignore it?, I don’t have much room on my hard drive. When I got my 1st avast alert my friend found that the problem was coming in through my temp files and cookies.When I ran spybot it would be full but I’ve noticed since yesterday theres none so could it have been all tied in?. Thank you so much I’ll be reading this site from top to bottom now to learn. Where would be a good place for a beginner to start ? Oh would you advice me to change any passwords after that tracking virus as I do my banking on line?

Just ignore it… you need it to update windows, so do not ‘uninstall’ it and even worse, do not delete it.

Help file 8)