trojan, Win32:Delf-GVX

Viruses and worms
1

I am slowed down in “verifying user name and password” and also ‘my computer’ going to, say, ‘control panel’. I got a response for
Win32:Delf-GVX, and figured out to check the box for ‘delete upon startup’. Any further advice around?

2

Hi albers,

Manual removal:

  1. Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8,
    then choose Safe Mode from the Windows boot menu).
  2. Delete the following file:
    %Windir%\inst_cassovia_apps.exe
    %Program Files%\Common Files\Microsoft Shared\MSInfo\svchost.exe
  3. Delete the original Trojan file (the location will depend on how it originally penetrated the computer).
  4. Update your antivirus databases and perform a full boottime scan of the computer,

polonus

3

:slight_smile: Hi albers :

  IF "Polonus" s recommendations do NOT work, you should be aware that
  a Delf "infection" CAN be a very serious type of malware; some have to
  reformat, then reinstall their Operating System . Best to start by using
  a special program that has been developed to combat SOME "versions"
  of this located at http://users.telenet.be/marcvn/tools/win32delfkil.exe  .
4

Most excellent, friends, thank you. I figured this is deep doo-doo as I just had my system reloaded after the ISP guy could not clean it! Happily my physics papers and stacks of communiques are all saved. I shall proceed with caution.

5

Hi albers,

That is the most important thing for you, that your valuable data are being secured. It demonstrates the need for making back-ups at times.
Again after arriving at a non-compromised OS again, it is important that you update all the software you have, do not connect to the Internet with full admin rights when not absolutely necessary, have the latest Sun Java version on your computer and delete all older versions of it (this is not done automatically and can put you at risk), install up to date av and a good firewall, then surf secure!

polonus

6

Now I cannot get into SAFEMODE, even after running a boot-time scan. I get the blue bummer page that says you are messed up. How do I execute the CHKDSK/F that is suggested? I did get rid of an earlier JAVA.

7

:slight_smile: Hi :

 Concerning "Checkdisk", I recommend the Info at
 www.updatexp.com/windows_xp_chkdsk.html .
8

Thanks, Spiritsongs. I was able to run CHKDSK as you suggested. I’ll see about SAFEMODE. . . . . OK, no there is no improvement. I’m still dead in the water for SAFEMODE. I ran that Delf-chaser but it did not see anything. Hmm.

9

Getting serious, I downloaded AVG overnight. It took out about 400 entries for 'HTML/Framer". The only major lack I notice now is that Outlook Express cannot dial the ISP; I get error Protocal POP#, Port 110, Secure (SSC):No, Socket Errors…