Hello,
I'm a newbie in this forum but I have a strong feeling that this might be the right place to ask for help.
Two days ago I noticed that my hard-drive is flooded with hidden files named "_desktop.ini" (existing in almost every folder) so I searched the web to find some more info on this. Based on the description of its signs and behaviour I came to the conclusion that the reason for this is the presence of "Win32/Looked". After some searching I downloaded a file from Sophos which identified and deleted all its files and registry entries. For a while everything seemed to be fine again.
The above mentioned malware penetrated into the system through the HW firewall (router) together with resident antivirus (AVG 7.5 + firewall - incl. latest definitions and updates) so I decided to download some other antivirus programs (trials of well known products from the official sites) and check the system just to be sure.
Immediately after the installation of Kaspersky Labs AV it showed a warning about the presence of another one - "Trojan-PSW.Win32.Delf.sp". The system itself behaves as if nothing bad is going on (all programs running, quick and stable system) but already infected almost all the executables on the disk (it doesn't infect the data files). If I didn't check for viruses using some other software (it is found by Kaspersky and NOD32) I wouldn't probably notice the presence of "psw.win32.delf.sp" at all. The problem is that I can't find any solution how to clean the executables without sacrifying them via delete.
I would be really greatful if you could help me to solve this problem w/o formatting and complete reinstallation.
Many thanks for your reply in advance.
Petr

P.S. I could send a packed sample of some the infected files.

...one small addition to the previous post:
I'm also using "Ad-Aware SE Personal 1.06r1" and "Spybot - Search and Destroy 1.4" with the latest definitions.
Unfortunately, they didn't help me either...

Just to let you know:
The problem seems to be solved thanx to the help of the technical experts from Grisoft (AVG).
I obtained their updated virus cleaner called "vcleaner.exe" (freely downloadable from their site www.grisoft.com - http://www.grisoft.cz/softw/70/filedir/uti...r/vcleaner.exe) that solved everyhing by cleanig all the executables from the infection.
Note: The only thing I noticed was a different naming used by this software. When cleaning the files it mentioned the presence of "PSW.Generic2.PES" instead of "PSW.Win32.Delf.sp".

Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Glad to hear you got it sorted, petr

You should know that any virus or trojan that has a name starting with PWS is malware designed to monitor and capture information from the victim's PC, particularly passwords, etc. It would be wise for you to change all of your passwords and monitor any of your account information or other sensitive data on your PC and otherwise be aware of the possibility of identify theft or stolen account information.