Solved

Remove Trojan Horse downloader.delf.12.an

Posted on 2008-10-02
7
575 Views
Last Modified: 2013-11-22
I need help in removing a trojan horse from a system.

AVG 8 pops up with the following notification when you open anything:

Threat detected!
file name: c:\windows\system32\corpolw.dll
threat name: Trojan horse Downloader.Delf.12.AN

I have attached a copy of the hijack this log


hijackthis--2-.log
0
Comment
Question by:Beaver_Trucks
  • 4
  • 2
7 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
ID: 22625822
Have you run your anti-virus in Safe Mode?
Safe Mode:
http://www.computerhope.com/issues/chsafe.htm
You might also download and run malwarebytes. It's a good utility and it's free.
You can get it from:
www.malwarebytes.org
0
 

Author Comment

by:Beaver_Trucks
ID: 22625853
I have tried safe mode, no dice, it keeps coming back.
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 22626090
Disable System Restore and run your suites in Safe Mode again. If you don't disable System Restore it can reappear.
http://www.pchell.com/virus/systemrestore.shtml
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Expert Comment

by:David-Howard
ID: 22626231
You may also be able to remove this with combofix. The directions and the free tool are at the link below. Please make sure that you follow the directions as they are not the standard click and run type.
Combofix is known to remove a wide varitey of trojans, etc.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 8

Expert Comment

by:eXpeLLeD_4RM_heLL
ID: 22626272
Download Combofix from:
www.bleepingcomputer.com/combofix/how-to-use-combofix
Follow the Steps on how to use ComboFix which is also on the site above
Post the ComboFix Log here once finished
0
 

Author Comment

by:Beaver_Trucks
ID: 22626465
The Malwarebytes Anti-Malware program solved my issue

Thanks very much
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 22626600
Great! You're very welcome.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now