Win32: Trojan-gen. {Delphi}.

[Eraser]

I donwloaded a file, (forgot to scna it which i ussually do  )
And then when i opened the file i heard:
Attention please, Your computer is infected by an virus (scared the hell outta me)
When i tried to open enything it needed the file: Winamp.exe
I searched on i-net and found out that ther were some changes in Register
My pc got laggy (once in a while it gets very slow and then is back to normal)
I did an:
-Scandisk
-Defrag

i thought, maybe it'll help
but it didn;t
then i started virus scan: AVast32

And i founded an infected file:

C:\Windows\System\HEST.exe

It was infected with: Win32: Trojan-gen. {Delphi}.
I directly searched on i-net (that's how i found this forum) and here it said it was this virus: Backdoor.G_Spot.20
Other alias i think

i didnt do anything with the scan yet, didnt clicked anything
Am waitin for your responses, pc will be on...

PLS HELP ME, i need this pc hard for work

Thnx in advance

Found somthin but dunno if i can trust it, or safe use it:

I found this and i found another file infected by the virus (same 1)
Dunnno if i can follow this instruciotns, i dunno which files also are infected to . Found 2 now:

gspotbot.exe and HEST.exe
and i found another 1  SERVER.exe
gspot looks like Backdoor.G_spot....
i think it's that and that's why my pc is slow, i got an rauter so hopefulley it blocks it...

But pls HELP  

NOTE: These instructions are for all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


1. Update the virus definitions.
2. Do one of the following:
Windows 95/98/Me: Restart the computer in Safe mode.
Windows NT/2000/XP: End the Trojan process.
3. Run a full system scan, and delete all files that are detected as Backdoor.Spigot.B.
4. Remove the value that the Trojan added to the registry.

[raman]

The Symantec tip is not bad. Start in safe mode and rename the files reported  to be infected. Than restart the Computer and see  if everything works well again. Scan the system with Avast and verify the result with an other scanner like KAV. Or try some of the onlinescanner like Trend or Bitdefender. Take a look at these links:

http://www.rokop-security.de/main/onlinescan.php

[Eraser]

is it also safe to delte te infected files??

i edited some things in msconfig:

i turned out the files : gspotbot and other suspiciouos, and the pc worked pretty good again.... but i duno if it's safe to remove them...

[raman]

It should be safe to delete them. Because they are not activ at the moment,  and you4r computer seems to work.

[Eraser]

But server.exe prog got an icon, with an doctor, it scaes me a littel, waht if i f*ck up pc by deletin it...

[raman]

Thats the reason why i said rename the file. If the system  still works after a rebot, you can delete the files, and if not, you still have the file and can rename it back and try another way to get rid of that Malware.

[Eraser]

I see the light m8

I'm soo tired...

takes some time be4 i understand, i will try in the mornin, am too tired now

Thnx allreayd i hope...

[Eraser]

Ok i think i almost ave my pc back to normal

again 1 problem...
I checked the registry file "regedit.exe"

and found in this map:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run-

Also i found this 1 (the original)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run

In the map Run- (the new one made by the trojan i think containsthe files i deleted)
Server.exe
yourworm.txt.vbs
gspotbot.exe
iexplorere.exe

is it safe to delete this map: Run- ??

if not what else can i do, if i allready have to do something.

Thnx in advance, you really did helped a lot Raman

[raman]

yes, you can delete  the "run-" Key. If you still have "fear" you can export it, if you want!;)

BTW: Do you know where you got infected? HEre is a "nice" description: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_GSPOT20.A

[Eraser]

The other 20 virusses i found weren't very dangerous,

one of them infected all *.exe file sin kazaa folder

The trojan was in a package with a key-gen
i can't remember wher i downloaded it but i sure dint liked the effect of it.

Thnx for all your help m8, i really appreciate it.

I'm gonna buy Norton soon so i'm even more safe: Avast+Norton
 
Thnx, maybe we post again soon

[raman]

This is only my opinion, but if you want to buy an other AV-Product, why not buy KAV? It is a better complement to Avast than Norton would.