found win32:delf -bpk

mr techni · Feb 27, 2007

can some one inform me what is win32:delf - bpk is
after installing and running avast antivirus bootup on my computer it teurned up with this win32:delf -BPK inLOGDED in my spyweeper and my system restore
i ran all my anti spy it turned on up 0
i dont want to delete it yet untill i know what it is
it could be one of those false postives i keep reading about

DavidGP · Feb 27, 2007

Hi

What was the location and infected file name of this trojan found by AVAST, you know details help to determine if its legit or not.

But direct from Webroot the makers of Spysweeper if its this file highlighted as a trojan,

Symptom
When you install or run Spy Sweeper with AntiVirus and you have Avast! AntiVirus software (www.avast.com) running you may receive an alert from Avast! that a trojan is detected in SpySweeperUI.exe. Avast! blocks the access to the Spy Sweeper User Interface and you can't open the Spy Sweeper program anymore.

Cause
Avast! detects a threath by accident (false positive) and blocks the spysweeperui.exe process that is needed to run Spy Sweeper properly. Avast! is releasing a new virus database as soon a possible to solve this issue.

Work Around
In order to use Spy Sweeper normally you need to add the SpySweepeUI.exe executable in the exclusion list of the On-Access Protection of Avast!. For support and more information on Avast! please refer to http://www.avast.com

Right click on the Avast! icon in the systemtray and open the On-Access Protection Control screen

Click on the Details button if needed

Open the Standard Shield screen and click on the Customize button on the right

In the following screen open the Advanced tab -> Add and add the exclusion for Spy Sweeper by entering the entire path: c:\Program Files\Webroot\Spy Sweeper\SpySweeperUi.exe

Click OK to close the screen.
Click to expand...

if not that file then I guess you best start running throught the READ & RUN ME FIRST. Malware Removal Guide

mr techni · Feb 27, 2007

i found it in spysweeper exe file
and i havent got the latest spysweeper with anti virus just the normal one
i been through the maleware remove program and it turned up 0
as for the system restore it was in volume

mr techni · Feb 27, 2007

mr techni said: ↑

i found it in spysweeper exe file
and i havent got the latest spysweeper with anti virus just the normal one
i been through the maleware remove program and it turned up 0
as for the system restore it was in volume
Click to expand...

here are the results of the test
ad ware showed up 7 traces of mui which i deleted
as for runkeys.bat it came up with regedit is not a recognisable program

mr techni · Feb 27, 2007

whoops something went wrong there
here are the files but one

mr techni · Feb 27, 2007

here is the hijack log

tried to get the avast file propertites but cannt copy it

DavidGP · Feb 27, 2007

Halo said: ↑

What was the location and infected file name of this trojan found by AVAST, you know details help to determine if its legit or not.
Click to expand...

Really do need to know this info?

To gain the Avast location of the trojan, right click the icon in the taskbar choose Avast! log viewer > find the log with the virus listings and choose File > Export list and you can save it as a .txt file

Plus you have not really read the read me properly, may have skimmed over it at best as you have not followed the instructions given, we only need the logs specified, ones from Ad-Aware are not needed, Hijackthis is not in the location and renamed as specified ( C:\Documents and Settings\richard spencer\Desktop\HijackThis.exe ) which leans to Shownew and Getrunkeys being run from the Zip file and not extracted into the location as in the instructions?

Panda and Bitdefender scans also missing?

Goal of this area of the forum is to help remove malware if present, the guys here spend a fair anount of their free time, unpaid to help, so only fair to follow the instructions as listed and make things run smoothly.. YES?

Personally I think its more likely that Avast has flagged the file up and it maybe a known one to Spysweeper and a false positive as AVAST is known for more than its sahre of false positives.

mr techni · Feb 27, 2007

i quite understand that
it now seems that it wiped it out spysweeper totally
i managed to get around like you advised so it wont happen again
i looked in the log file and its not there but i have managed to get hold of the system restore info if you want it
with runkeys im still getting that result
i tried everwhere from c drive to cmd that with it extracted
thanks for your help

chaslang · Mar 1, 2007

Are you having any current malware problems? If yes, please describe them.

Also if you are having problems, please install all files for both GetRunKey.zip and ShowNew.zip into c:\MGtools as requested on the download pages for them. Then attach new logs from them.

Also install and rename HijackThis as requested in step 7 of the READ ME and then attach a new HJT log.

Note: I don't recommend that you keep all three of the below installed:
- CounterSpy
- Spyware Doctor
- Spy Sweeper

Are these paid versions or free trials?

Log in or Sign up

found win32:delf -bpk

mr techni Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

mr techni Private E-2

mr techni Private E-2

mr techni Private E-2

Attached Files:

adware log.TXT

newfiles.txt

xrkey00.txt

mr techni Private E-2

Attached Files:

hijackthis.logrs.txt

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

mr techni Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member