Solved

Remove Trojan Horse downloader.delf.12.an

Posted on 2008-10-02
7
571 Views
Last Modified: 2013-11-22
I need help in removing a trojan horse from a system.

AVG 8 pops up with the following notification when you open anything:

Threat detected!
file name: c:\windows\system32\corpolw.dll
threat name: Trojan horse Downloader.Delf.12.AN

I have attached a copy of the hijack this log


hijackthis--2-.log
0
Comment
Question by:Beaver_Trucks
  • 4
  • 2
7 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
ID: 22625822
Have you run your anti-virus in Safe Mode?
Safe Mode:
http://www.computerhope.com/issues/chsafe.htm
You might also download and run malwarebytes. It's a good utility and it's free.
You can get it from:
www.malwarebytes.org
0
 

Author Comment

by:Beaver_Trucks
ID: 22625853
I have tried safe mode, no dice, it keeps coming back.
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 22626090
Disable System Restore and run your suites in Safe Mode again. If you don't disable System Restore it can reappear.
http://www.pchell.com/virus/systemrestore.shtml
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 27

Expert Comment

by:David-Howard
ID: 22626231
You may also be able to remove this with combofix. The directions and the free tool are at the link below. Please make sure that you follow the directions as they are not the standard click and run type.
Combofix is known to remove a wide varitey of trojans, etc.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 8

Expert Comment

by:eXpeLLeD_4RM_heLL
ID: 22626272
Download Combofix from:
www.bleepingcomputer.com/combofix/how-to-use-combofix
Follow the Steps on how to use ComboFix which is also on the site above
Post the ComboFix Log here once finished
0
 

Author Comment

by:Beaver_Trucks
ID: 22626465
The Malwarebytes Anti-Malware program solved my issue

Thanks very much
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 22626600
Great! You're very welcome.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now