WIN32:Delf-mzg{trj}

Discussion in 'Malware Help (A Specialist Will Reply)' started by GEEKWANNAB, Dec 3, 2009.

  1. GEEKWANNAB

    GEEKWANNAB Private First Class

    Hello everyone, I got a Virus and than my computer caught it. I found it today when I tried to open Spybot S&D. I ran a boot scan with Avast! and deleted all infected files. Then ran Avast in normal mode and deleted infected files. I deleted all infected programs.

    WORKS 9
    ROXIO CREATOR DE 10.1 (both came with my computer)
    IO SMARTDEFRAG
    SPYBOT S&D

    COMPUTER IS RUNNING:

    INTEL CORE 2 QUAD Q6600 240MHZ

    32 BIT OS

    VISTA SP2

    MEM 3 GIG

    I also went back a couple of restores but WIN32 DELF KEEPS RETURNING

    I have a restore point in spyware blaster from last July but I didn't try it because Vista restore didn't work.

    I followed the READ ME FIRST STEPS and I am ready to run SUPER ANTI-SPYWARE AND THE REST ( I had to save MGTOOLS to the desktop)

    Is there anything else I need to download or check before runnig these programs??
    Also, when I tried to run Hijack This and save a log file got an error saying "'it couldn't write the entire file and to run as administrator". but that's how I opened Hijack to begin with.

    I know this little #*&@ is still hiding in there somewhere.

    Thanks
     
    GEEKWANNAB, Dec 3, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Have to be cautious with Avast! as sometimes it's reports about finding threats can be false positives.
    You need to ensure that you now get the MGTools.exe moved directly to the C: Drive before we continue.
    You just need to follow through the instructions in the Read and Run me First procedures which I shall link to for reference:

    READ & RUN ME FIRST. Malware Removal Guide
    Hijack this is built into our own tools here anyway.

    Then work your way through the cleaning procedures and attach the requested logs. Until I see those I cannot offer you assistance. :)

    Thanks
    kes13!
     
    Kestrel13!, Dec 5, 2009
    #2
  3. GEEKWANNAB

    GEEKWANNAB Private First Class

    Hello Kestrel13, thanks for the reply.

    I moved MGTOOLS by dragging and droping it into OS(C:). However, it does NOT show up in the OS(C:) directory list. If I double click the OS(C:) icon it DOES show up on the list in the right side window. Is this OK or do I need to get it onto the directory list?

    As for the false positive issue. After my first cleaning attempt, when I downloaded SPYBOT and tried to reinstall it, AVAST picked up the Trojan again and when I tried to download SMARTDEFRAG I got an AVAST alert saying the Trojan was in the SMARTDEFRAG download from the MG DOWNLOAD site and I should abort the connection.

    So I ran a boot scan with Avast! again and deleted all infected files. Then ran Avast in normal mode and deleted infected files. I deleted all infected programs. Then I was able to download and reinstall both SPYBOT AND SMARTDEFRAG no problems since.

    I do still want to work through the READ ME AND RUN ME FIRST and post logs. For future problems and to make sure that the trojan is in fact gone.

    Also when I reinstalled SPYBOT, during the installation, SPYBOT had to download additional files. Is that the normal Installation procedure with the latest version of SPYBOT S&D??

    Thanks again
     
    GEEKWANNAB, Dec 5, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Dec 8, 2009
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then please attach the requested logs if you still require assistance :)
     
    Kestrel13!, Dec 10, 2009
    #5
  6. GEEKWANNAB

    GEEKWANNAB Private First Class

    Hello Kestrel13, MG'S,

    I must of had the false positive issue with AVAST UPDATE DATED DEC 4TH.
    After reading here about the false positive issue, I reinstalled all uninstalled programs and no problems since.

    I ran SAS and Malewarebytes both scans turned up clean.
    SAS did pick up Adware/Tracking cookies and I removed them. I have been running scans to see where the tracking cookies were coming from and finally found that many sites that i would visit off Google searches were the source of the tracking cookies.

    Do Tracking Cookies really follow what sites you visit on the internet?

    When you pick up a Tracking Cookie, is there a way to immunize against detected Tracking Cookies? (I have Spybot, SpywareBlaster, I am using SAS as an additional scanner only)

    Also I was a little hesitant to run ComboFix, after reading the instructions, I didn't want to get in over my head, And because I wasn't having any other problems.

    Sorry about taking so long to reply, I had a nasty flu virus for two weeks, and I wanted to see if any other problems surfaced before posting a reply.

    Thanks again for helping me and answering my questions.

    sorry about all the smiles in my previous post, they were supposed to be semi colon and right parantheses
     
    GEEKWANNAB, Dec 16, 2009
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Glad to hear it :)

    Cookies aren't anything much to be concerned with see section 11 of this link

    Run Ccleaner (not the registry section) on your machine at the end of each surfing session if you are concerned.
    Me too, rotten flu's had me for a fortnight now.

    No problem :)

    Happens to me too sometimes LOL

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Dec 17, 2009
    #7
  8. GEEKWANNAB

    GEEKWANNAB Private First Class

    Hello kestrel13,

    I hope the flu is just a memory, too much of that stuff going around. I hope you had a good holiday season. I just have a couple of questions.

    When I downloaded MGTOOLS, I had to save it to the desktop, I then I moved MGTOOLS by dragging and droping it into OS(C). However, it does NOT show up in the OS(C) directory list. If I double click the OS(C) icon it DOES show up on the list in the right side window. Is this OK or do I need to get it onto the directory list?

    Also, can I just delete it from this location now that it is obsolete?

    I don't know if I need to start a new thread for this, but would you know if I can run through the READ ME RUN ME FIRST (or at least some of the steps) on a computer running windows 95??

    Thanks again
     
    GEEKWANNAB, Jan 6, 2010
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, I still have the rotten cold, chest infection and I ache and ache :-D

    Try searching your machine for

    and double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

    If you have Windows 95, 98, or ME, continue here:

    Windows 98 and ME Cleaning Procedure     But do indeed start a new thread for this machine. :)
    You're most welcome.
     
    Kestrel13!, Jan 7, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds