Hi,

In the past cpl days I’ve been getting an avast warning of this trojan, and that it is in Deflib.sys file in my windows 32 folder. I have tried deleting it when it shows up in avast, and have ran a scan in safe mode and turned off my system restore, but it still comes up when I rescan again. I have placed it in the chest for now and it hasnt given me any trouble, but I know it is still in my system and would like to know how to get it out. I’ve tried googling the trojan but came up with little in english about it. Thanks for your help…I am running windows XP.

I think you mean the system32 folder rather than windows 32 folder.

You say you have tried to delete, etc. but it comes back, this is most certainly because it is (from a google search on the file name) a rootkit, which may be hiding other files, these may be restoring things.

http://www.bleepingcomputer.com/startups/DefLib.sys-19681.html

This file is a rootkit and may be hiding other files, processes, and registry entries on your computer.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

• Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
• AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.

thanks for your information! I hope I can get rid of it

No problem, welcome to the forums.

Check the other information on the bleepingcomputer.com link I gave (there are other links on that page that may give more information) for any associated files, and especially any SysLibrary startup entry.
Windows Start, Run, type msconfig, Startup tab and uncheck any entry (you can delete the entry later if there are no issues after a reboot, etc.).

I have same problem too, every time I start computer avast on-scanner detect this kind of rootkit and I choose to move it to chest, this rootkit still exist…I have already try many anti-rootkit software but still can’t detect & get rid this thing!!! ???
Is there any solution to remove this kind of rootkit…many thanks!!!

Have you checked out the link and other anti-rootkit tools I gave above ?

Which ones?

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications like David said. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.