Another Troj Dropper.Delf.3L Problem

Re: Need help with Troj Dropper.Delf.3L

As I told WandaR in thread http://forums.majorgeeks.com/showthread.php?t=45306,

Please do not hijack threads. I split you off to your own to avoid confusion. Yes, it is the the same virus indication, but each users problem must be handled separately to avoid confusion of who is to do what.

You may not even have the same OS?

Also, it is very bad idea to have multiple virus protection applications installed. I'm referring to AVG and AntiVir. (The other items are okay they are not full blown virus protection apps.) Pick AVG or AntiVir or possibly even Avast and stick with one.

Have you run ALL of the items and in the order given in sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

If not, please do so. Make sure you have current versions.

 

It's not a big problem. Commenting and providing additional help on the problem is one thing. But you discussed your problem and also asked for help:

"I have a feeling that this virus is hiding somewhere in my computer and simply reinstalls it to my temp file every day at the same time. Anyway, any help would be appreciated. "

It just turns out to be troublesome to work multiple user problems in one thread because no one ever has exactly the same PC with the same configurations as another. It is better to post a new message and refer to the other thread (use a link) stating your problem is thought to be the same as. It becomes especially confusing if the problems take a while to fix.

As far as anti-virus programs, my preferences is Avast. See this: How to Protect yourself from malware!

So if you have completed all of the READ ME FIRST, you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or from any sub-folder of \Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Questions: Did you add the below proxy settings?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:80;http=127.0.0.1:80;https=127.0.0.1:80


I don't like the looks of this WinComm.exe program. Do you know what it is?
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe


Okay lets fix the other items now.
Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [kfebgvcj] C:\WINDOWS\kfebgvcj.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07821a3ea27e74260c16/netzip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://68.67.62.226:1502/activex/AxisCamControl.cab

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\kfebgvcj.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Did you check for Win Comm in Add/Remove programs first?

Let me know when you finish the rest of the cleanup.

 

We are always warning people about Kazaa and KazaaLite. We always say to remove and never use it again. It is not worth the trouble that it causes.

Your log looks okay now. The only other item I would suggest uninstalling with Add/Remove programs is Viewpoint Manager (unless you really use it for something). It is baggage that comes with AIM.