HI,
Anyone know how to get rid of this trojan??
WINDOWS\system32\d3acdb.dll[UPX]
Avast picks it up and removes it whenever it strikes, about every 15mins or so.
I got it from a noCD patch for an old game and it’s frustrating one to have.
All advice accepted 
What is your OS ?
Disable the system restore, reboot, or when cleaning it it could end up being saved as a restore point.
files that come back usually have other undetected elements that download or restore the file.
What is your firewall, as that should block unauthorised internet access ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
Ah, missed out loads of info i see (having just read the sticky post!)
I’m running WinXP SP2
My firewall is NVidia and i had to allow access to the noCD program (which is how i got the little bugger)
I will follow your advice now and see how it works
Before you get rid of it, send it to avast. Adding it to the avast chest (see below) will kep it out of harms way, it is a protected area.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Interesting…
Whatever i have restarts Firefox and internet explorer when i try and connect to an Anti-virus website or anti-spyware…
I have tried to connect in both normal & safe mode
Any further advice?
It is the windelf32 trojan dropper
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.
YES!!!
That got the swine!
Many thanks people!!
I can use my PC again
WIN32DELFKIL LOGFILE - by Marckie
version 3.125
25/02/2007 23:43:00.23
running from: “D:\Documents and Settings\Robert\Desktop\Win32 fix”
— File(s) found in Windows directory —
— File(s) found in system32 folder —
— Services —
— Export SharedTaskScheduler key —
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
“{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Browseui preloader”
“{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Component Categories cache daemon”
“{2188CEDE-B239-484C-8EA6-B84DC1001001}”=“cicojwyqjdsc”
“{CEDE2188-484C-B239-A68E-DC1B84001001}”=“vytaufeqjvix”
— sharedtaskkey (1): 2188CEDE-B239-484C-8EA6-B84DC1001001 —
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2188CEDE-B239-484C-8EA6-B84DC1001001}]
@=“D:\WINDOWS\system32\cicojwyqjdsc.dll”
“ThreadingModel”=“Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2188CEDE-B239-484C-8EA6-B84DC1001001}\InprocServer32]
@=“D:\WINDOWS\system32\cicojwyqjdsc.dll”
“ThreadingModel”=“Apartment”
checking for file:
cicojwyqjdsc.dll found
cicojwyqjdsc.dll deleted!
— sharedtaskkey (2): CEDE2188-484C-B239-A68E-DC1B84001001 —
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CEDE2188-484C-B239-A68E-DC1B84001001}]
@=“D:\WINDOWS\system32\vytaufeqjvix.dll”
“ThreadingModel”=“Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CEDE2188-484C-B239-A68E-DC1B84001001}\InprocServer32]
@=“D:\WINDOWS\system32\vytaufeqjvix.dll”
“ThreadingModel”=“Apartment”
checking for file:
vytaufeqjvix.dll found
vytaufeqjvix.dll deleted!
— Notify key —
subkey cicojwyqjdsc is present!
subkey vytaufeqjvix is present!
— rebooting the computer —
— File(s) found in Windows directory —
— File(s) found in system32 folder —
— Services —
— Export SharedTaskSchedulerkey —
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
“{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Browseui preloader”
“{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Component Categories cache daemon”
— Notify key —
Finished!
Congratulations, they normally do not die so easily must be an older version