I scanned the setup disk that came with my new computer because I had been having some viral problems. Avast 4.1 home detected the win 32: trojan-gen. {delphi} virus in \install\reboot.exe. This seems to be a generated file because I don’t see it anywhere on the disk directory. The company’s support emailed back that I need to get some up to date software. What are my options considering I’m running with the latest updates from Avast?
Hi,
what WIN-Version and what type of setup-Disk are we talking about ?
use some Onlinescanners on the disk, e.g. Trend & RAV
(with avastShield paused → see “VirusRemoval” below);
if they don’t find anything
→ please send the file (or the contents of the whole floppy) to virus (at) avast (dot) com
and explain the problem
This is weird. Btw-I’m running xp home and the disk contains drivers to support features on the m/board like the modem and the graphics. It’s weird because neither RAV or TrendMicro found the trojan-gen. {dephi}. I did find the file though; it was a hidden folder\file.
RAV found:
\windows\system32\TFTP4076 - backdoor:IRC/Sdbot.dam#2
TrendMicro found:
\windows\system32\sys32cfg.exe
worm_rbot.dr
I’m going to send the file to Avast but, any thoughts?
sounds like the same thing I fell victim too, see my post something about SDBOT is the title and it was called tftp something too
I’ve isolated a file and opened it in a text editor in safe mode and it appears that it downloaded some stuff to my system, with the options on whether it was a unix system or not, and sent all available information of whats on ur system including keystrokes logged back to the program creator - now this is just what it appears to do - I can’t be sure and am no expert I’m awaiting on further advice from another forum.
Whilst I realise this doesn’t help u any - its worth noting whats spreading out in the wild
Hi Larry,
the filenames are certainly very! suspicious, and match the malware descriptions, e.g:
Trend
what about KAV ?
I tried KAV on the file, but KAV wouldn’t run it. It would just reset and ask for a file to run as if that file wasn’t a file. Also odd was that the file (on the disk) now has a different icon. Waiting on word from Avast.