Avast finds this >> Win32:Delf-EPM (trj)

[Chrisatrax]

Hi Folks,

A buddy of mine sent me this email...

=====================================================
Chris,

wondered if you've dealt with this (Win32:Delf-EPM (trj).

Avast keeps finding this. It usually happens in pairs. It finds it twice
right after another. Both times I either have sent it to
quarantine or deleted it with Avast. Then I get an error message saying,
"cannot find microsoft.com", and icon appears on my desktop
briefly titled microsoft.com, and then disappears.
======================================================

I have googled this "Win32:Delf-EPM (trj)" without much luck, just a few translate this page site with the said trojan. Curious if anyone else has come across this trojen lately.

Thanks for any info on this little bugger (I assume)

Christopher

[polonus]

Hi Chrisatrax,

You can download the free X-Cleaner from here: http://www.xblock.com/download-freeware.php
against Win32:Delf-EPM(trj)

polonus

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
What Operating System is he using ? is it up to date ?

Most Delf Trojans add a Startup entry:  Startup Entry Name, SysService  - Process Name, SysService.exe. Check for other unknown startup entries and report, see below.

Use Task Manager to End the Process SysService.exe if it exists. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.

Malware that keeps coming back there may be other elements restoring it.
What is his firewall ?

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. AVG anti-spyware (formerly Ewido) If using winXP. or a-Squared free if using win98/ME. Or SUPERantispyware Or Spyware Terminator