I’ve just completed full scans with Spybot1.5.2 and SUPERAntispyware, neither of which found anything wrong. I then updated Avast! and started a standard scan which soon found signs of a Trojan in a subfolder of a programme that’s been on the P.C. since April 2007. I’ve never actually used this subfolder, and it’s not been spotted by the previous AVG 7.5.
It was described by Avast! as “Win32:Delf-KZL” which a Google search did not recognise. I’ve sent it to VirusTotal and here are the results:
This doesn’t look particularly good to me, so could someone give me a second opinion. I’m quite happy to delete it, but I’m just wondering how it has been hiding for so long, or is it really a False Positive?
I’m struggling a little bit here, but from looking at the link you gave there is only one similarity: F-Prot shows it as “~W32/Heuristic-210!Eldorado”. This appears in my VirusTotal result, and also in the McAfee description. I’ve looked at my registry entries and there don’t appear to be any of the changes mentioned.
I was looking at another post and mention of the BitDefender online scan was made, but since this companies product didn’t find anything at VirusTotal there doesn’t seem much point (to me at any rate!) in running this. Any other suggestions?
Well I’ve just scanned it again and Avast! still reports it as a Trojan. And yet some time spent searching on the internet hasn’t come up with anything. So do I have an infection or not? It’s described as a “HEX-DEC Key Switcher”, not a keygen. I’m well aware of the reputation they have for containing malaware. - I have no use for it, although I may have opened it when it was first installed along with some other software over a year ago. There don’t seem to be any signs of the P.C. mis-behaving, and as I’ve said no previous scans have found anything. I used to run Adaware SE/2007 but removed it and now use SUPERAntispyware instead. I also remember using the on-line Panda scan a while back. I’m inclined to just delete it - nothing seems to have stopped working since it was moved to the chest.
A Delf “infection” can be very bad; several companies in the VirusTotal
reported it as “.cpa”, which may be a “Backdoor” trojan . A very good
description of a Backdoor trojan is at www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan/ . Would be
wise to have your computer checked by experienced, highly trained,
certified, Volunteer “Malware-Fighters” and since you seem to have Spybot,
I recommend THEIR “Malware Removal” sub-forum at http://forums.spybot.info