AdAware SE, latest version, latest data file. Win 98 computer. AA detects a Win32.delf trojan (not detected by Spybot). But when specifying to remove it, after the progress bar shows 100%, the program hangs. I can close it, I can move the mouse, I can run other programs, etc., but AdAware won't finish on its own after several hours of waiting.
A new scan shows the same badware present. Scanning in safe mode, no diff.
During the registry scan, I get an Explorer error even tho no IE window exists, saying Explorer encountered an error and has to close. It doesn't stop the scan and the error win can be closed.
Following some suggestions on another thread in this forum, I checked out Rootkitrevealer. It doesn't run on 98. Neither does Blacklight's beta.
Main drive is clean according to scandisk. And removing other baddies found by AdAware does not cause this hang, only the ".delf" trojan. I can't find this particular strain in the virus lists, altho I see several that are similar.
Any suggestions on how to clean this computer up? I have no objections to manual removal, registry manipulation, DOS file deletion, etc. Would appreciate any help.
Full Version: Trojan found but AA won't remove it
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
OK, I found the solution, so I will contribute my observations in the hope that it might help someone else.
I did not know that AA gave enuf detailed info to manually remove badware, but checking a few tabs showed two lines of data that proved useful. One was a DLL file, the other, a registry entry. Because my situation may have been unique, and the file names may be generated by the badware, I won't list the data in exact detail here, just the rough outlines.
The DLL file was \Windows\G132450062.DLL
The registry entry was HKCU...\policies\system\"Disable Task Manager"
Just for fun, I removed the registry entry first. A new AA scan produced the same IE error and showed the same DLL badware file. I could not remove it, as AA hung after the 100% bar as before.
The DLL file could not be deleted, ATTRIB changed, or renamed, as it was in use.
Booting to DOS, I canned that sucker and sent the DLL file to DLL Hell where it belongs.
New boot, new scan, AA shows nothing bad. Yay!
I find it interesting that a scan alone would cause a IE error with that DLL active. Intentional? Hmmm.
Still, I would like to know what caused AA to hang and what could be done to prevent it in the future.
I did not know that AA gave enuf detailed info to manually remove badware, but checking a few tabs showed two lines of data that proved useful. One was a DLL file, the other, a registry entry. Because my situation may have been unique, and the file names may be generated by the badware, I won't list the data in exact detail here, just the rough outlines.
The DLL file was \Windows\G132450062.DLL
The registry entry was HKCU...\policies\system\"Disable Task Manager"
Just for fun, I removed the registry entry first. A new AA scan produced the same IE error and showed the same DLL badware file. I could not remove it, as AA hung after the 100% bar as before.
The DLL file could not be deleted, ATTRIB changed, or renamed, as it was in use.
Booting to DOS, I canned that sucker and sent the DLL file to DLL Hell where it belongs.
New boot, new scan, AA shows nothing bad. Yay!
I find it interesting that a scan alone would cause a IE error with that DLL active. Intentional? Hmmm.
Still, I would like to know what caused AA to hang and what could be done to prevent it in the future.
Glad you were able to resolve your problem.
Some of today's malware is very difficult if not impossible to remove once you are infected with it. Delf (a coolwebsearch variant) is one of them. Prevention is really the key.
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks (does not apply to Windows98).
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
Some of today's malware is very difficult if not impossible to remove once you are infected with it. Delf (a coolwebsearch variant) is one of them. Prevention is really the key.
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a stronghold on your PC
http://www.lavasoft.com/
Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!
Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).
A word about shared computers and networks (does not apply to Windows98).
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)
If you should have any further issues, please feel free to post a new topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.