Win32:Delf-IWD [Trj], a Compression bomb and more..!! Can't get rid of them!!

Hello all! I’m not sure how this slipped into my system, but it sure doesn’t help the lack of compatibility with most antiroot kits and Vista on a x64 platform! I’m currently running the latest version of Avast! Home Edition. About 3 weeks ago I kept getting notifications (2 in a row) of a Win32:Delf-IWD [trj] virus. I would get notifications up to 10 or 12 times in a row. The virus(es) are being detected in only two different folders, with similiar names for them. Folders are…

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2498Q9PZ\w[2].bin
Win32:Delf-IWD [trj]
C:\Windows\SysWOW64\tmp1_501292823846.bk
Win32:Delf-IWD [trj]

The one in the IE Temp files, the subfolder for Content.IE5 changes. I’ve run Avast in safe mode, thorough clean, clear my temp folders, attempted to clear my System Restore, but have been unable to clear the System Volume Info folder even if I disable System Restore. With System Restore disabled and privledges for read/write temp enabled, I still can’t clear it. Never had this problem before, but Im assuming (uh oh…) it’s a x64 bug or something.

So far, I’ve run HiJackThis. HJT has a hard time verifing files/folders due to the x64 platform im sure. I get a lot of missing files listed that the system wouldn’t boot up with. Avast finds the torjans hiding in my folders, but they continuously come back. I haven’t been able to find the root of it. I’m also told there’s a compression bomb in one of my SR folders, but am unable to delete my SVI content.

Now the worst part of all. After running numerous online virus scanners (TrendMicro, which won’t work, a few others I found on BleepingComputer), I’ve found random infected files/folders that Avast! didn’t detect. I pretty much don’t get the pop ups anymore, but I keep having new user accounts created for my windows login! Whatever it is, it’s creating bursts of 5 new users accounts listed as “internet user account” with a flower for the logo on all of them. Since this occurred, my IE x32 takes FOREVER to launch. Once it does launch, it takes FOREVER for the mainpage to load, regardless of what I set the mainpage to. After the initial page launches, IE functions normally.

I have no clue how to deal with this as I can’t find a antiroot kit that works with a x64 platform, I can’t perform a bootup scan for the same reason and there seems to be far and few topics, if any, regarding such issues. I’m not new to PCs, but Im definitely unfamiliar with all the the strings attached to the x64 OS. I’m only running it to take advantage of my 4gb RAM installed as this puter is mainly meant for gaming. At this point, I’m pretty much worried about this worm or whatever the heck it is stealing my passwords and accounts!

Anyone with ANY help at all, please let me know. Avast! (the scanner itself) hasn’t done a damn thing to find this and I’m beginning to dread the possibility of having to reformat to shake this off. Uggh… Well, Thanks in advance!

Hello have you tried the kaspersky free anti virus scanner u can download it from here: http://www.majorgeeks.com/Kaspersky_Free_Cleaner_d4515.html it has good feedback

Yes, it’s been tried and failed to find my problem. :-\

how about avg free 8.0 u tried that? or you chould try a system restore

SR is already showing corrupt files. I don’t want to touch that. I remember this tracing back to just about the point I installed a older version of PureVideo I had bought online. Problem is, it sat dormant on my 2nd partition. Once I installed it, problems began emerging. Trying to uninstall it hasn’t been helpful, Vista’s programs list is unable to uninstall it. Purevideo doesn’t have a uninstall exe… It doesn’t work right with Media Center, either, which makes me extra suspicious.

hmmmmm try useing this uninstall programme works for me: http://www.revouninstaller.com/ hope that works ;D