Win32 Delf AK

Hi,

After I ran my XoftSpySE program, it found the Win32 Delf AK infection & stated the location is in C/Windows/rundll32.exe. I removed the infection from XoftspySE & found out I could not do anything in my control panel. This was due to XoftspySE removing the file from my hard drive.

I have two hard drives on my computer, so I went to system file checker & replaced with a clean file from my D drive. I rebooted my computer & ran another scan, by the way when I replaced the missing file, my control panel started working.

After running the Xoftspy scan again, it re appeared. I then disabled the rundll32.exe file from my WinPatrol program, still after another scan, the infection showed to be there.

I am using Windows 98SE as my OS & until now, I have not had problems except the occasional blue screen.

Reading a few posts from the net & looking into my registry via (regedit), I could not find anything that looks suspicious in my registry.

I would deeply appreciate any help you can provide for me to rid myself of this problem. Is there anyway I can re-name the rundll32.exe file to correct the problem or place it in another directory in Windows?

Also, I ran scans from these programs on my computer:
AVG 7.5 free edition (no infection)
Lavasoft Ad Aware SE free edtion (no infection)
SuperAntispyware free edition (no infection)
Glarysoft Registry Repair (nothing to repair)

Waiting to hear from you,
Roy

 

Hi romeroy!
Welcome to Major Geeks!
I'm not sure if you can evade the infection by renaming the file. Is that what you are trying to do? I think it would be better to try and remove it. If you would like help with this, please follow the instructions in this link and post the requested logs to us. Be sure to note special instructions for Win98 users.

READ & RUN ME FIRST


abri

 

Hi Abri,

Thanks for trying to help!!!!

The only things I could not do was the Bitdefender scan as it did not load all of the virus definitions & I have not had time to do the Panda scan as of yet. My OS is Windows98SE. Like in my opening post, I have done all the scans with the programs I have on my computer & there is no threat to be warranted.

I don't know why XoftspySE is alerting me to my Rundll32.exe file with the Virus.Win32 Delf AK infection. When I remove the infection, it removes the file & I cannot do anything in my control panel. Also, after replacing the file with a clean file, my computer does not shut off after 15 minutes like it use to. There were two load profiles on here, but know there is only one.

I am sending the required HiJack log & I await any assistance you can give.

Thanks

 

Hi romeroy,
Please scan the file XoftSpySE is identifying as having the virus at either jotti or VirusTotal and let me know the results. The Win32 Delf AK is a virus that should be picked up by a lot of the antivirus programs and these sites scan single files with a number of different anti-virus scans. If you've not used these websites before, you will see a small window with a browse button next to it where you can look for the file on your system and then an upload or submit button to upload the file and start the scan. Sometimes you have to wait, if there are a lot of people using the sites, but it should be a relatively quick way to see what the other companies list.

Please see if you can run both ShowNew and GetRunKeys and attach the logs to your next post. One of the 04 entries in your HijackThis log indicates you have a worm, but the files may have to be run manually.

abri

 

Once again thanks Abri for the help,

Well, after running the Jotti & VirusTotal scans, the Rundll32.exe file did not show to be infected.

The problem with my computer not shutting down happened after I replaced the file with a clean Rundll32.exe file.

Instead of two load profile power files on my computer now, I only have one & now the machine does not turn off automatically after 15 minutes as it once did. In my C drive in the Windows folder, both the Rundll.exe & Rundll32.exe files are there & signed by Microsoft. They seem to be legitimate.

Would deleting both of them & replacing them into another folder, such Windows/System or Cabs help?

I did run both programs you requested & placed the results in attachments.
I am just confused as no other program I have has found any type of infection, only XoftspySe.

You stated I may have a worm.
I hope you can help me resolve this crazy problem )

Thanks to you & Tim

 

Hi romeroy,
I have a couple of questions, but first I want to tell you that I don't think you have a worm. There was a lot of conflicting information about the program scanregw.exe /autorun, which is a legitimate file, but if it shows up in the wrong directory, it indicates a bad file. In your case it's in the correct directory.

I realized as I reread your posts that I do not understand everything and that it's easy to make a lot of assumptions, so I wanted to clarify some things. When you scanned the file at Jotti or VirusTotal, did you have the file scanned which was the same one identified by XoftSpySE, or is that one no longer on your computer? If you run XoftSpySe now, is the virus still showing up? The reason I ask, is because there seem to be both good and bad Rundll32's on your computer and so it would only be possible to check if XoftSpySE is giving a false positive, if the same file is scanned by the other antivirus companies as the one which XoftSpySE is identifying as being infected.

Secondly, you mentioned that you lost your task manager, replaced the Rundll32 file, rebooted and then the task manager was back again. It's not clear whether your replacing the file or your rebooting or both was the reason your task manager came back.

And another thing I wasn't clear about was what you said about your computer shutting down after 15 minutes. Do you want it to shut down after 15 minutes? Is this some kind of a timing mechanism?

abri

 

HI Abri,

I am glad to hear I do not have a worm on my computer. Though considered to be a dinosaur & relic to many, this computer has survived a fire & but for the occasional freeze & blue screen, it works just fine.

Ok, to answer your first question, I ran a XoftspySe scan before posting this reply & it still states I have the Win32 Delf AK infection in the C:/Windows/Rundll32.exe location.

When I first received the infection message, I clicked remove & XoftspySe deleted the file. I replaced it with the one I have on here now & it is the same file Jotti & VirusTotal scans did not not find anything wrong with it. This file is located in my D drive & it is a clean one. I downloaded it about two years ago & the site said it was clean. I guess I should have not removed it per the instruction by XoftspySe, but I did not know about false positives, if this is the case.

Secondly, when the file was removed by XoftspySE, I could not access anything in my control panel. I needed to reset my clock & when I tried to, a pop up stated the Rundll32.exe file was missing. I replaced it & I can access the control panel, but now my monitor does not shut down after 15 minutes of idle time like it use to.

Is there anyway to restore this function? I guess if I have to live with it like that I can.
In the start up programs of my WinPatrol & Registry Repair two loadpowr profiles were there, but now there is only one. You can view this in the hijack log I attached.
Something happened when XoftspySe removed the file.

By the way, I contacted Paretologic about this issue & there has been no response from them since this happened. It has been four days now. I renewed my license for another year with Paretologic this past September & now I am sorry I did.

Thanks for all of the great help & I await any assistance you can provide.

 

Hi Tim,

I did a System File Checker scan & these are the files that it said could be corrupted:

1. Setupx.dll (C:\Windows\System)
2. Ati_dd32.dll (C:\Windows\System)
3. EMSABP32.DLL (C:\Program Files\Common Files\System\Mapi\1033\95)

I clicked on ignore for these, because I did not know what to do.

Thank you so much for trying to help me solve the problem with my computer & I will await for assistance you can provide.

 

Hi Tim,

I do not have the restore/recovery Windows98SE disc nor the installation disc. I do have a boot98sc.exe file on my C drive. Will this help me in any way?

For now, since it seems I have a false positive from XoftspySE I will continue using this computer as always.

If you, Abri or anyone else can shed some more light on my problem I await the information.

To Tim, Abri, & the entire Major Geek squad you are a first rate bunch of people with a lot of class. Keep up the wonderful service you provide for people like me.

:wave Take Care

 

Hi romeroy!
Thanks so much! I have to say that the member of Major Geeks most knowledgeable about Win98 in general is Bill_Marsden, who is here most everyday. If you post about this in the Software Forum and call Bill's attention to it by putting "Win98 problem" in the title line, I think he will tell you whether this is a problem he's familiar with or not. I've mentioned to him to check your thread in the Malware section so he knows what we've done so far. Good luck with this. Sorry we weren't able to resolve it for you.
abri

 

Hi Abri,

Reinforcing my sentiments from yesterday's post, this support group is a wonderful example to us that giving is a great thing. If more people would care about helping others than capital gains, this world would certainly be a better place to live.

No need to apologize for not resloving the problem, it seems like it was not one at all, just a company (Paretologic:XoftspySE) not making sure their product is a good as it can be. Things do happen, but with all of the places I have researched my problem, the Win32 Delf AK infection seems to be limited to XoftspySe users. I have not found one with the Rundll32.exe problem like mine. So strang!

Once again, to the Major Geeks team, keep giving & you will receive much more. I will post this fiasco of mine in the Software forum to the attenion of Bill Marsden & see if he can help me get my monitor to turn off like it use to.

Take care Abri,
Don :wave

 

Hi Tim,

Wiil do!

I am just going to let this run its course & if I have to get another computer I will, but like I told Bill in the Software forum, with all of the ills people seem to have with XP, my next puter will probably have Windows98SE as the OS.

Be proud of the work you & the other Major Geeks squad is doing!
A wonderful group of people indeed.

Take care,
Don

 

Thanks romeroy!

I think there must be a club in the world of Win98 fans. I know someone who would only part with his if you dragged him away with chains. He's very attached really.

Hoping all your computer adventures will be happy and productive ... or at least good learning experiences.


abri

 

Hi Abri,

Indeed, I feel the same way & if there was ever a call for President of a Windows98SE club, I will surely run for office!

In one of my posts, I stated that I like things that are simple & this program allows me to do certain without having to consult a manual.

I know Microsoft XP & Vista appeals to the masses, but some of us still want ease of operation & the no frills approach to solutions when problems arise with our computers.

Who needs Microsoft when Major Geeks Team is on the scene?

I just finished a post with Studiot in the Software forum, so I guess another chapter comes to a close in my computer world.

Continue to offer people like me the wonderful advice & cheerful conversation, this world certainly needs more of it.

To a stellar group of people, I bid farewell!!!!! :wave

Don

 

Thanks romeroy! I just ran across this in MajorGeeks software downloads section and wanted to show it to you. I have no idea what it is or does, but the description seemed like it might be something that could interest you.

Program which restores Win95/98 3.6.5

I'm glad if studiot was able to help you futher. Unless you have further questions, good luck and happy surfing!
abri

 

Hi Abri,

Major Geeks Team, I state to each of you this day that you have certainly outdone & surpassed any expections I had in joining this fourm. To Abri, Bill, Halo, Studiot, & Tim, munch a bunch of thanks.

Abri, in showing the quote I posted for this group further enhances my deep appreciation for this team. I owe a debt I cannot not pay for all of the (Free) advice & knowledge each of you gave to me. I stand proxy for all in this group in saying "Thank You" for all that you do, giving of yourselves without reservation.

Though my problem was not corrected, the burden lies solely on the shoulders of Paretologic to help me now, but it seems as if I will have to live with this default of my monitor shutdown. This group enlightened me to knowledge of False Positives & I will definetly research any future infections before deleting any file(s).

Thank for the link to the Windows 98 info & I will take a look at it to see if there is anything I can use.

To the entire "Major Geeks Team" I say "Salutations" & may each of you enjoy blessings of happiness, peace, & prosperity!

Until another time,

Take Care,
Don
:wave

 

You're welcome romeroy and thanks for all your kind words. I found another person interested in the Win98 club, so maybe there's some potential there. Good luck with your computer. I hope a solution to the shutdown problem will present itself since we couldn't provide it.

Happy Surfing!
abri

 

Hi Abri,

Truly, the pleasure has been mine & please alert me to any type of Windows 98SE club in this stellar forum.

I must re-state that I am a person that enjoys the simple things this life offers & to meet other members who have the Windows 98SE OS on their computers they use & to offer support for any problems that arise from using that system would do my heart good!

I still possess a mint condition Intellivision II with rare Donkey Kong Jr. & Centipede games, so you can see I am
"Old School."

Maybe I will find the answer to my monitor shutdown problem in the future, but like I said before, me & my Premio PII will keep on going.

Until a later time my friend,

Take Care,
Don
:wave

 

I'll let you know if anything like that gets going or if I hear of it elsewhere!
Bye bye!

abri