Dropper Delf 3bc problems

Hi Guys, Back Again!!!

Have just run AVG6 and it wont remove Dropper Delf 3BC. I've run spybot and others too...No results so far.

AVG says it's present in this file; c:\windows\Unstsa2.exe

Any suggestions...Regards Miss Tender

 

Thanks Major, I'll see what I come up with and let you know if I get rid of the pest...Regards Miss Tender

 

Hi Major,

Followed the thread suggested and also all instuctions...I'm running xp

In safe mode I was unable to scan online as my internet connections were unavailable although spybot worked (but little else) and discovered nothing unusual. However, back in normal mode I ran Stinger (nothing) and Symantec which gave me the following:

Security Check: UPnP - Port Open, sockets de trois v1 open, and no anti virus present although Im running avg6 which keeps on giving me pop up warnings to run but won't fix as you know.

I also scanned with Symantec and the following files were infected:
C:\WINDOWS\system32\netclnf.exe -infedted with Trojan.Boxed.E
C:\WINDOWS\system32\TFTP1348 -infected with W32Spybot.Worm
C:\WINDOWS\system32\TFTP2580 -infected with W32.Spybot.Worm

I still have system restore off and also now when I reqest a search engine from my homepage or other functions only small windows appear rather than the full page. Hope this above info may assist-Regards Miss Tender.

 

Hi Miss T,

Did you take a spin through the Cleanup Tutorial?
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

You might also run: a-squared (a²) Free edition

Here is some additional info regarding Unstsa2.exe: http://sarc.com/avcenter/venc/data/pf/adware.blazefind.html

If you've done all of the above, then download HijackThis 1.98.2 and send us a log.

Note that your HijackThis should be extracted to its own safe folder - C:\Program Files\HijackThis

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Best,
PP

 

Sorry about that part. I'm going to blame my poor reading comprehension on lack of sleep. Yeah. . . That's the ticket!

 

Hi guys,

I followed all instructions strictly as previously recommended without a positive result. Also ran a2 as recommended and no results. I've scanned with hjt and have attached results, still also having only small windows pop up rather than full screen ...Regards Miss Tender

 

Are you sure this isn't a settings issue? The only thing to jump out at me from your HJT log was this and it is minor:

O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll (file missing)

I can't think of what would be causing the small windows other than a settings issue. Sorry I was next to useless here!

PP

 

G'day Phillie, the small window issue only came up after going into safe mode as suggested in the tutorial...It's not so much of a problem as I'm sure it can be resolved.

The Dropper Delf 3bc thing seems to be only picked up by avg6 since it was updated just a few days ago. Having said that, I'm not experiencing any major problems and only checked with you guys as it was brought to my attention by avg.

Any idea why I couldn't connect to the internet while in safe mode to scan as suggested in the tutorial? Regards Miss T.

 

G'day!
It seems that you may run across some problems if you are using Dial-up. You could go ahead and try the online scans in Normal Windows. You might also try some of the anti-Trojan steps in the Additional Scans section of the tutorial. I didn't see the traces of BlazeFind in your HJT log, though.

Best,
PP

 

G'day again Phillie,

I'll go through it all again over the weekend to make sure I didn't miss anything. I haven't seen any intances of blazefind on my computer. I am using dial up at the moment. Anyway I'll let you know how I go early next week... Regards Miss T.
ps. Could it possibly be an avg thing as no other scans have detected it?

 

It could be an AVG thing. It may just be me, but it seems like AVG occasionally has some Trojan issues.

This recent thread is similar to yours:
http://forums.majorgeeks.com/showthread.php?t=45763

It looks like they found that Giant Anti-Spyware addressed the problem. GIANT AntiSpyware
I think there is a 15 day trial available - You could try that, if you are so inclined.

G'day
PP