A Trojan Horse Was Found![

[DIVYA LAHAD]

Avast! Warning
A Trojan Horse Was Found!

There is no reason to panic, though. Try to follow the given advice and links.

File name             C:\WINDOWS\system32\compstu.dll\[UPX]
Malware name       Win32:Delf-GXK [trj]
Malware type        Trojan Horse
VPS version           071208-0, 12/08/2007

The above information keeps popping up again and again that I am unable to work on my computer. The recommended action of Software is Move/Rename or Delete or Move to chest does not help at all but generates a new window.

Avast! Access is denied
Cannot process "C:\WINDOWS\system32\compstu.dll\[UPX]"

and we land back to where we started. This becomes an unending cycle.

If Schedule boot-time scan is opted than the system reboots but is unable to solve the problem and the we land in a larger non ending cycle of reboot again and again.

Tried other free softwares like Stinger, AVG Anti-Spyware, ClamWin Antivirus, A-Square but none could detect this file except Avast! Antivirus.

Even No action does not help it but gives you a breather for 5-7 minutes and the file is detected again.

Thanks to High level Scanning and Security provide by Avast! Antivirus. Please help me out to work on my computer

Kindly help if possible.

Divya Lahad
divya_lahad@indiatimes.com

[DavidR]

It may be that this is restored or downloaded again by a hidden (some delf infections may be hidden by rootkit)/undetected process.

Most Delf Trojans add a Startup entry:  Startup Entry Name, SysService  - Process Name, SysService.exe
Use Task Manager to End the Process. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.

Try SUPERantispyware On-Demand only in free version.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm.
Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

[Spiritsongs]

   Hi :

      A Delf "infection" CAN be a very serious type of malware; some have to
      reformat, then reinstall their Operating System . Best to start by using
      a special program that has been developed to combat SOME "versions"
      of this located at http://users.telenet.be/marcvn/tools/win32delfkil.exe  .

[greatcaesar]

I had a client with the exact same problem and we resolved it by using a program called combofix.exe. You can download it from download.bleepingcomputer.com/sUBs/ComboFix.exe

We tried everything else, Kaspersky, Avast, AVG, superantispyware, hijackthis etc etc. We tried all the manual registry removals and still no fix. We used combofix and it resolved it no problem. Hope this helps your situation.

[oldman]

If you do decide to give combofix a try please note:

Do not mouseclick the screen when combofix is running, it will freeze.

Combofix should never take more that 20 minutes including the reboot if malware is detected.

Do the following only if combofix stalls after 20 0r so minutes and there is no evidence of hard drive activity. ie no hard drive activity light or sound.

If combofix has stalled, open Task Manager  (press ctrl, alt and del at the same time) then Processes tab and end any processes of findstr, find, sed or swreg. Do this one at a time pausing each time to see if it has resumed.

If it won't resume, stop it and boot into safe mode and run it from there.

You can post the log here along with a hijackthis log if you wish.