Trojan horse dropper.delf.aoy

Welcome to Major Geeks

That is what you are supposed to do. Posting in another persons thread with your own problems is impolite and considered thread hijacking and that is why we don't allow it.

All fixes are unique for the user they are being provided too.


Your starting point is the same as it was for themediachick and that is the below.
Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Change your options in FireFox to ask you where to download. Having FireFox default to downloading to the Desktop is a very bad idea and leads to Desktop clutter which is a great hiding place for malware. In FireFox click Tools, Options, and on the Main icon, check the button that says Always ask me where to save files. This is a much better default setting as it always allows you to save files to folders of your choice which can help you to keep your downloads categorize.

It automatically installs and runs which is why it is required that it be run from the root folder. Running from the Desktop may work okay, but not always.

 

Until you complete ALL of the instructions in the READ & RUN ME and attach the logs that were requested, there is nothing we can do for you.

 

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {9FA51F68-66A3-40A1-9B0F-C5876FE9B7DC} - C:\WINDOWS\system32\nnnmNHyy.dll (file missing)
O2 - BHO: (no name) - {EC374A84-6C59-451B-8D2A-5CE78F4DC8BF} - C:\WINDOWS\system32\tuvTnLda.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: jkkICRJy - jkkICRJy.dll (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!