Trojan horse Dropper.Delf.AJA

**Chewy** · 5 Mar 2008, 03:50 PM

I just enrolled last month in 1 of the 2 major online antimalware universities, there are close to 40 forums dedicated to fighting malware

when we see teatimer running the first thing we do is turn it off as it will keep us from fixing anything

same for a lot of the antivirus programs

I use the sd helper in spybot and update and immunize religiously now that I have been thru a full infection and cleansing of driveby maleware

**Chewy** · 5 Mar 2008, 03:56 PM

MBAM is a very new program, doesn't work effectively in safe mode yet

superantispyware is the other good scanner, it works in safe

it has a special tool if used in safe mode, that can make your computer unbootable, remember malware can infest/infect system files also, if you kill them you might not reboot

**snagel** · 6 Mar 2008, 12:50 AM

re: Chewy

So how did those logs look to you. Does the specific path indicated by AVG mean anything. I left the items in quarantine last night. I'll have to delete them when I get home tonight. I am not sure whether the Trojan that I already had in Virus Vault in AVG free is the same as the Trojan that was indicated in my Malwarebytes Antimalware scans last night.

P.S. Is it better to leave them in the virus quarantine to make sure everything else runs or is it better to just delete them?

**Chewy** · 6 Mar 2008, 01:22 AM

have you had any significant malware before?

MyWay Search Assistant

leave it in quarantine for a while and see if some legitimate program got broken

as malware evolves it gets harder and harder to detect without a lot of false positives

**snagel** · 6 Mar 2008, 01:51 AM

re: Chewy

I've never had any malware, viruses at all that I know of. This is a first. I think that is why I was so concerned how to get rid of it. I've heard the horror stories of how Trojans rewrite themselves and keep rewriting.

I currently use AVG free. AVG antispyware,
Spyware Terminator, Super Antispyware, as scanners only
Windows Defender with realtime protection
Spybot Search and Destroy and Adaware 2007.
and now will use Malwarebytes Antimalware after last night.

**snagel** · 6 Mar 2008, 01:53 AM

re: Chewy

Originally Posted by Chewy

have you had any significant malware before?

leave it in quarantine for a while and see if some legitimate program got broken

as malware evolves it gets harder and harder to detect without a lot of false positives

Does that mean that mine was a false positive?

**Chewy** · 6 Mar 2008, 03:10 AM

Does that mean that mine was a false positive?

not necessarily, something may just have sneaked by

I will run atf cleaner every now and then as a precaution before a scan if I suspect I have caught something, that way it's can't reinfect me from some temp/prefetch/cookie crud after reboot

adaware and windows defender need a lot work

not sure about spyware terminator?

**snagel** · 6 Mar 2008, 05:37 AM

re:Chewy

Originally Posted by Chewy

not necessarily, something may just have sneaked by

I will run atf cleaner every now and then as a precaution before a scan if I suspect I have caught something, that way it's can't reinfect me from some temp/prefetch/cookie crud after reboot

adaware and windows defender need a lot work

not sure about spyware terminator?

I have not been excited about Windows Defender for quite some time now. In fact I was just about ready to get rid of it entirely. Then I'd delegate the duties of real time protection to one of the others. More than likely that would be Super Antispyware or Spyware Terminator.

I'll have to check out the atf thing. (alcohol, tobacco, firearms) lol

**Chewy** · 6 Mar 2008, 05:41 AM

I like the new spybot with sd helper and immunize, what's the status of your hosts file?

**snagel** · 6 Mar 2008, 05:49 AM

re: Chewy

Originally Posted by Chewy

I like the new spybot with sd helper and immunize, what's the status of your hosts file?

I am not sure, I am at work right now! I'll have to check it in about another 7 hours.

One question on spybot search and destroy. I have it already and I do have the new version. I am not sure whether I have teatimer or not when I started the program. Should I not have it? If your advice is to not have it how do you disable it? Or would I be better off deleting the old one and reinstall it again this time taking the tick mark out of the box. (unchecking) teatimer. Would it be better to take the defaults that come with that particular program or uncheck some of them.

I think I accepted everything. sd helper in internet explorer and teatimer.

**snagel** · 6 Mar 2008, 05:52 AM

If you make changes to something in Spybot search and destroy (allow or disallow).
How do you reverse the changes made if you need to?

**Chewy** · 6 Mar 2008, 05:59 AM

I don't use teatimer for that reason, you can mess up a program install or uninstall and fixing it you have to redo everything and sometimes that doesn't work

the real protection is great if you remember to turn it off when you need to and everyone
remembers to deny changes when some malware tries to install

it's hard to know what all these programs are doing as you can create problems with duplicate protection

that's why I asked about the hosts file, only one program should be writting to it

**snagel** · 6 Mar 2008, 06:12 AM

So last night should I have allowed or disallowed changes to IE5. that would have been the prompt that I kept getting on scans 3-7. It kept saying spybot search and destroy that there were changes made to IE5 allow or disallow. Each time I would say disallow. Then I'd do the scan again and the Adware: MyWay would keep showing up as infected. I finally said allow and then did the scan again and finally the Adware:MyWay did not show up clean scan now. Did I do right my allowing the change.

**snagel** · 6 Mar 2008, 06:19 AM

re:Chewy

[quote=Chewy;555070]I don't use teatimer for that reason, you can mess up a program install or uninstall and fixing it you have to redo everything and sometimes that doesn't work

the real protection is great if you remember to turn it off when you need to and everyone
remembers to deny changes when some malware tries to install

How do you turn it off when you need to? Do you mean on Spybot? Because teatimer would be like reatime protection. or Anti-viruses

**Chewy** · 6 Mar 2008, 06:53 AM

I just right click on it and hit exit or tell it to quit loading at boot up under tools/resident

Trojan horse Dropper.Delf.AJA

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment