Trojan-PWS.Delf.EJ

Hello,

Does anybody know how to remove Trojan-PWS.Delf.EJ from my system? Based on what information I did find it is also called Trojan-PWS.Win32.Delf.EJ and seems extremely nasty.

Unfortunately, Spyware Doctor (demo version) is the only one to have spotted it, so I cannot attach any logs to that effect. Sophos, Spybot, Bitdefender as well as Counterspy haven't detected anything, though Panda Scan found some adware.

I don't know how much help this is, but I'll attach the logs I do have.

I'd very much appreciate any help you can give.

 

Trojan-PWS.Delf.EJ (2)

And two more logs.

Thanks!

 

Hi Steppat and hearty Welcome to Major Geeks!

Your logs actually look good. I will ask you to deinstall a few things, but before I do, I wanted to ask you if you have noticed any changes in how your computer is running?
Are you having any problems that you weren't having before Spyware Doctor found this trojan? Did Spyware Docter give you any more detailed information as to where it found the trojan and/or if it took any action on it? I will have another person check the logs as well and get back to you, but I'm suspicious of false positives at the moment.

Please uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below folders which may be left behind by the uninstall:
C:\Documents and Settings\sian\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Also, if you have any instances of Java besides Java 6 update 2 in Add/Remove Programs (Start/Systemsteuerung/Software), please uninstall them.

abri

 

Hi Steppat,

I want to add a note to my last comment. I had another person look at your logs as well and he said they're clean, so unless you're having specific problems with your computer, it seems likely this was a false positive given by Spyware Doctor. It's aggravating, but it happens. We use a variety of different scans for this reason and because no one scan picks up everything.

You are running both Windows Defender and Spyware Doctor. These will conflict with each other, therefore it would be better to use just one of these.

If you want to, you can still do the following to remove non-malware resource wasters:

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Let me know how your computer is working!
abri

 

Dear abri,

Thanks very much indeed for welcome, speedy reply & feedback. Sorry for the delay: I'm in a different time zone, so it's taking me a bit to get back to you.

I don't think I've noticed any major changes in how my computer is running.


SpyDoctor names the problem as 'Trojan-PWS.Delf.EJ', notes 413 infections (predominantly following the ActiveX scanning) and comes up with a whole list of where they've been found. Unfortunately, I can't copy the list, so here are some examples:

C:\WINDOWS\system32\actskn43.ocx

HKCR\ActiveSkin4.Skin2
HKCR\ActiveSkin4.Skin2.1\CLSID
HKLM\Software\Classes\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}\TypeLib##


Also, I don't seem to be able to uninstall CounterSpy.

Is there anything else you need to know or have a look at? Naturally, it'd be great if this was simply a false alarm.


I really appreciate your help!

Many thanks & all the best,
steppat

 

Trojan-PWS.Delf.EJ is picked up by BitDender and your files show it didn't find it.

from the highest authority: "actskn43.ocx is part of ActiveSkin Module from SoftShape Developement. It is used in things like Chameleon Clock, ActiveSplash (a game) and probably a lot more.

I also remember having scanned (using both Jotti and VirusTotal) this actskn43.ocx file before and more than 30 scanners found it to be clean."

What this means is that Spyware Doctor is listing things as malware which aren't. If you have not purchased it yet, you should uninstall it.

It should be possible to remove it through add/remove programs or with an uninstall program. In add/remove programs, look for Sunbelt rather than CounterSpy. Also, check CCleaner under Tools (the icon on the left that looks like a gear) and see if it's listed there. If so, remove it that way.

abri

 

Hi abri,

That's a relief. Once again, thank you very much for your help.

steppat

 

Your welcome. Did you get CounterSpy back out?

abri

 

I did, thanks. I've also uninstalled Spyware Doctor -- should be all right now, shouldn't it?

steppat

 

Should be great!
Happy surfing!
abri