TROJAN- trojanhorse dropper.delf.3.l and more...??

hey i need help. is ther any virus scans i can do to remove these tojans. avg brought up Trojan horse dropper.delf.3.l and another one i located at c:/temp/installer2.exe . now i ran trend micro on-line scanned and another online one. and i ran AVG, stinger, advast,spybot, as-aware.. are there anyothers. all help appericated thanks


anthony

 

Hi Anthony,

Try booting to safe mode and running:
a-squared (a²) Free edition 1.1

Just a thought

PP

 

i did the read me, and did as u said, and then i manually delted the files and i think i got them to go away. i did it in safe mode. and ill go from there and tahnks for the help.

 

hmm its still there, any other things i can do? i jus cant seem to get rid of this damn thing. its starting to get more nagging then the hijacking ordeals...i gota new on Kixedaci26 also...

 

http://forums.majorgeeks.com/showthread.php?t=38752
MajorGeeks Support Forums - Hijack This Tutorial And How To Post Your Log File


lets see your log file. you MUST place the program in its' own directory (C:\HJT example). Then attach your log as a text file (with .txt extension ) to a post.

 

It's all good man..

 

ok, i did the scan, sry for the wait. i was on vaction. anway, this is my mother computer, is chaslang remebers i had this same problum with mine. but here is the HJT log file. i know the BHO and R1 i read the tutoiral on it. but u take a look before i do anything. and u can tell me what to delete.
thanks

 

sry forgot to attach...

 

in safe mode

go to start ...run ..type in

regsvr32 /u C:\WINDOWS\System32\msbe.dll
hit enter and say ok to any prompts

Go to add/remove

remove SycnroAd , webrebates and anything related to web p2p or p2p programs, shareaz and anything else that you don't recognize as valid software in the computer.

after uninstall , make sure these do not exist
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe

if they do, delete them upto their root folder (essentially, windows syncroad and web_rebates folders).


Then remove the following lines

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

 

ok done, ill elt ya know whats up with it soon. i gota goto work ill be back aorund 5-6 hrs thanks

and when i did the regsvr32 /u C:windows... etc.

it jus say "regsvr32 /u...\msbe.dll" successful... is that all? and then for the
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe

i jus went into C: and dleted them ( the folders while in safemode)

and the BHO etc. i did that trough HJT..

is that all done right?
but ill let ya know whats up and if its tilll on there later..


i appericate it

anthony

thanks for all ur help

 

perfect Anthony.. let me know how it goes.

 

problums, i ran AVG and it still found it. no software can quarantne or hold it at all nor delete it. its held in the temp folder. so anything else i can do?

thanks
anthony

 

ok ima try deledting them manually , and no AVG doesnt show logs... but ill get bck to you..
thanks

anthony

 

i dleted anything that i didnt need or i didnt know what it was in SAFEMODE. i deleted it from C:/ and now im running AVG again to see whats up now... but i think all my options ran out huh? is there ne thing else i can do?
thanks

anthony

 

damn, i spoke too soon its fine now, or atleaast for now, anything else changes u better bet ill be back here thanks ALOT guys

anthony

 

yes sir, well AVG didnt bring it up, and they were the only ones that were. so i hope its all well, ill let ya know if further problums permiss, thanks alot

anthony