Trojan horse Dropper.Delf.AJA

**paglamon** · 5 Mar 2008, 01:45 AM

I quarantined it to the Virus vault.

So, what's the problem?

**Chewy** · 5 Mar 2008, 01:58 AM

download and install malwarebyte's antimalware

update the program and run the quick scan and post the log

let it move infected items to quarantine

for any really bad infections it's best to have the recovery console installed and to be very careful with powerful tools from safe mode

an exact link to the malware would be helpful for the avg name

**snagel** · 5 Mar 2008, 02:34 AM

Originally Posted by Chewy

download and install malwarebyte's antimalware

update the program and run the quick scan and post the log

let it move infected items to quarantine

for any really bad infections it's best to have the recovery console installed and to be very careful with powerful tools from safe mode

an exact link to the malware would be helpful for the avg name

Thanks Chewy,
I'll have to do this tonight when I get home from work.

**Chewy** · 5 Mar 2008, 02:36 AM

well it looks like 1 of 2 possibilities

false positive or something rare and possibly bad

**snagel** · 5 Mar 2008, 03:03 AM

re: Chewy

I've been searching for four hours straight this morning and it is referred to in several Google searches but didn't seem to explain how to get rid of it.
I'm just concerned it it reappears after deleting it from the virus vault.

**gonwk** · 5 Mar 2008, 01:41 PM

Hi Snagel,

I have a "dumb" question ... where do you think you got it from!?!?

Thanks,

G!

**snagel** · 5 Mar 2008, 02:51 PM

re: gonwk

Originally Posted by gonwk

Hi Snagel,

I have a "dumb" question ... where do you think you got it from!?!?

Thanks,

G!

I am not sure I have been downloading alot of games lately from Giveaway of the Day. But I am not sure where I got it though. I'll try to post logs in a bit from AVG free and Malwarebytes.

**snagel** · 5 Mar 2008, 02:57 PM

Ok. here is the path from AVG free
C:\System Volume Information\ _restore{202550A8-7A53-4BCA-9586-051D24DDBF8F}\RP436\A0057432.exe

**snagel** · 5 Mar 2008, 03:01 PM

I have run several logs from Malwarebytes 8 of them I think. I kept having one infection of Adware but when it said that Spybot Search and Destroy found a change I kept saying disallow. So it kept showing up. Finally I tried allow. and the next scan came back clean with no infections at all. I hope I did right by allowing it. Your reply would be appreciated. I'll try to get the logs in a little bit

**snagel** · 5 Mar 2008, 03:10 PM

re:Chewy heres the logs

first scan show trojan

Malwarebytes' Anti-Malware 1.05
Database version: 451
Scan type: Quick Scan
Objects scanned: 57240
Time elapsed: 14 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM\SYSRegC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

**snagel** · 5 Mar 2008, 03:12 PM

re: Chewy

second scan

Malwarebytes' Anti-Malware 1.05
Database version: 451
Scan type: Quick Scan
Objects scanned: 57276
Time elapsed: 13 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

**snagel** · 5 Mar 2008, 03:14 PM

The last one was clean the four or five in between the last one and this one l think were the same.

Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57228
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**snagel** · 5 Mar 2008, 03:20 PM

Thank you, Thank you, Thank you Chewy.

I believe logs 3, 4 , 5, 6 , &7 all looked the same had the same HKEY number etc. When I finally said to allow the change it finally did a complete clean scan.

log 3

Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57272
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log 4

Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57263
Time elapsed: 14 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log 5
Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57263
Time elapsed: 14 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log 6

Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57246
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log 7

Malwarebytes' Anti-Malware 1.05
Database version: 451

Scan type: Quick Scan
Objects scanned: 57202
Time elapsed: 12 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**snagel** · 5 Mar 2008, 03:24 PM

As long as it kept saying that Spybot search and destroy found changes to IE5 and I said to disallow it kept coming up with 3, 4, 5, 6, 7 when I finally said allow it gave me a complete clean scan

I hope I did the right thing by saying allow.

Trojan horse Dropper.Delf.AJA

Trojan horse Dropper.Delf.AJA

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment