win32:delf-HOL

What does this trojan do?

The same as any trojan does.
See here

Thanks

Assuming that Avast identifies a single virus and places infected .exe files in the Virus Chest, but also places additional files (eg .dll files) in the Virus Chest whilst stating that these additional files are not infected… why does it place the additional non-infected dll files in the Virus Chest?

What has Avast identified about the additional files?

Has it determined that these files have been modified by the virus?

Is the safest response to replace the files with copies from a secure source?

It doesn’t place non-infected files in the chest, only those files that are detected as infected.

I will go a step further and say that avast doesn’t place anything in the chest, it detects infected files and you have a number of options, whichever option you choose it will do, so it is you that sends files to the chest.

So where are you getting this avast sending non-infected files to the chest from ?

If you click the virus chest button it presents the user with 4 options as follows:

  1. Infected files (with a skull & crossbones icon)
  2. User files
  3. System files
  4. All chest files.

The dll files I’m describing are not located in the Infected Files section but in the System Files section of the virus chest.

Avast allows you to examine the properties of each file in the Virus Chest and provides a Virus Description field.

One of the dll files has the text ‘-no virus-’ displayed in the virus description field.

For the other dll files the field is blank however. Presumably this simply means there might or might not be an infection.

Right click the file and scan again… maybe a false positive that get corrected.
You can extract the file and then submit it to www.virustotal.com to be sure.

The System Files section of the chest contains back-up copies of important system files, they aren’t infected. So if you scan it/them I would expect it to show no virus.

The Infected files section is really the only area of concern to you as that is where avast puts ‘infected files’ that choose to send to the chest.

The User Files section is where you can add suspicious files, which aren’t detected by avast but you feel are suspicious. They cando no harm in the chest and it gives you time to investigate.

The All Chest Files, is just a collation of all three sections, it isn’t a section in its own right.

So the up shot is you have little to worry about.

Thanks for your responses. I will submit the files to Virus Total.

“The System Files section of the chest contains back-up copies of important system files,”

If this is so, what made Avast single these files out for inclusion in the Virus Chest? - As opposed to the hundreds of other important system files on the system.

Virus Total found no virus in any of the dll files.

I have no idea why those are chosen, I’m just an avast user like yourself.

At a guess the kernell32.dll is probably one of the most important system files and the other two are important to your being able to connect to the internet. If you can’t connect to the internet and you have a problem it is going to much harder to resolve that problem (whatever it might be).

I’m unsurprised that VT didn’t find anything, based on what I said in my earlier post.

So, I would just consider as avast backup files into the Chest. Don’t worry.