Author Topic: Well known Win32:Delf-GD Help!  (Read 4522 times)

0 Members and 1 Guest are viewing this topic.

Pouncing Coyote

  • Guest
Well known Win32:Delf-GD Help!
« on: August 15, 2012, 05:00:57 PM »
Avast popped up several times that a threat (see subject line) had been blocked. More details from the pop-up takes me to Avast online where I can download Google Chrome which is suggested. I don't want to download anything, don't know who to trust. I use currently Firefox, I have automatic updates turned on.

Worried that my computer is infected and is trying to install the infection, I ran a total scan with Avast. No infected files.
Still concerned, I downloaded Trend Micro Housecall and ran a scan. No infected files.
Got another Pop-up, so downloaded Malwarebytes and ran a scan. No infected files. Log attached.
Even though I have not been on the internet, yet another pop-up this morning, but did not get to read it before it disappeared.

I have read the other threads, but their scans seem to have found files on the scan. My scans do not. But Avast logs show 19 web & network objects were found infected and blocked.

Should I be using Google Chrome?
Is my computer infected? Should I do online banking?

Thanks in advance for any help/direction I can receive!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Well known Win32:Delf-GD Help!
« Reply #1 on: August 15, 2012, 05:39:48 PM »
No idea what you mean by "Well known Win32:Delf-GD."

More important is the full information contained in the alert window or a screenshot of the alert window.
If posting a URL in that information - change the URL from http to hXXp or www to wXw[/b], to break the link and avoid accidental exposure to suspect sites, thanks.

The Protection Log in MBAM doesn't show scan information, just the programs internal admin stuff, Started, updates, etc. but not scans. That is in the Logs, the file name beginning mbam-log- followed by the date time info if the scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Well known Win32:Delf-GD Help!
« Reply #2 on: August 15, 2012, 05:58:00 PM »
I think this is the visicom issue that we did see yesterday

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Well known Win32:Delf-GD Help!
« Reply #3 on: August 15, 2012, 06:05:00 PM »
Possibly, but that is why I asked for further information rather than guess.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pouncing Coyote

  • Guest
Re: Well known Win32:Delf-GD Help!
« Reply #4 on: August 15, 2012, 06:06:35 PM »
What I meant by "Well known Win32:Delf-GD" was to let you know that I know I'm not the only person affected. I realize there are a lot of people with this popping up.

When I attached the log it was one of two files in "Logs" in Malwarebytes. Now when I look I have scan files under my user name from 2009? Here is the log file from yesterday, which I see it found and deleted 1 file!

I will try to grab a screen shot of the alert window the next time it pops up, sorry I only got the threat name.

I did a search on the C:\ drive for the visicom url that was in another thread and found nothing. Maybe I didn't do the search correctly?

Thank you for your reply



« Last Edit: August 15, 2012, 06:10:15 PM by Pouncing Coyote »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Well known Win32:Delf-GD Help!
« Reply #5 on: August 15, 2012, 06:15:09 PM »
That is why further information was sought as not all detections under a malware name are going to be the same.

You might not have to wait:
Depending on where this was found (web link or on the hard disk) will dictate what avast log to look in for the information on the alert.

It is most likely to be in either the WebShield.txt or FileSystemShield.txt files in this folder:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report (XP) or
C:\ProgramData\AVAST Software\Avast\report (Vista, win7) this folder ProgramData, may be hidden and you would need to change your Folder Options to 'Show hidden files and folders' to be able to view it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Well known Win32:Delf-GD Help!
« Reply #6 on: August 15, 2012, 06:26:18 PM »
Quote
I will try to grab a screen shot of the alert window the next time it pops up, sorry I only got the threat name.
if you have not restarted....
right click avast tray icon.....show last popup.....click pin in top right corne to make it stay on screen

Pouncing Coyote

  • Guest
Re: Well known Win32:Delf-GD Help!
« Reply #7 on: August 15, 2012, 07:34:29 PM »
I was looking for the ProgramData file and changed my settings to show hidden files. I don't know if I couldn't see it before or what, because I did a search for the visicom file and found nothing, but now I find a directory named "Anti-Phishing Domain Advisor" with two files dated 2/11/12. This is in the ProgramData directory. I checked my control panel and Ant-Phishing Domain Advisor was listed as an installed program. I did a uninstall, but I think I should get rid of this completely.

Thanks again for any help you can send my way!


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Well known Win32:Delf-GD Help!
« Reply #8 on: August 15, 2012, 07:56:40 PM »
If the folder is/was hidden the regular explorer search wouldn't find it.

Yes, the "Anti-Phishing Domain Advisor" is the one connecting to update signatures, unfortunately panda's refusal to encrypt signatures means any resident AV that is looking for virus signatures will see virus signatures an alert.

You should be able to uninstall the "Anti-Phishing Domain Advisor" from the regular windows uninstall programs, once uninstalled reboot, the "Anti-Phishing Domain Advisor" program should be gone. That should stop the update attempt by the "Anti-Phishing Domain Advisor," just monitor your system for a few days to confirm.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Pouncing Coyote

  • Guest
Re: Well known Win32:Delf-GD Help!
« Reply #9 on: August 15, 2012, 08:38:36 PM »
Uninstalled and will restart computer!

Thanks again for the assistance!


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Well known Win32:Delf-GD Help!
« Reply #10 on: August 15, 2012, 09:59:56 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security