Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

[kentec]

A message from one of my customers any ideas?

Following is the info that Amon brings up when I ma running AdAware:
File: C:\ DOCUME~1\Owner\LOCALS~1\Temp\AAWTMP\C107697328\161B4\UniDist.ocx

Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

Comment: Amon cannot clean this finfiltration. Event occurred on a newly created file.
When I run the NOD scan it finds nothing however the AMON logscan tells me there are now 1773 infected files.
HELP!!!

[quexx88]

It seems as though Ad-Aware is unpacking something that AMON is picking up as infected. Although you could disable AMON while Ad-Aware is scanning to let it finish, try to delete the file (from the AMON alert screen...uncleanable does not mean un-deletable! There is a "delete button"). In any event, Ad-Aware will probably either detect and clean the offending malware, or at the very least delete those temporary files that it is creating. After you're through with that, try a scan with a product like ewido (www.ewido.net for a free 30 day trial) Let us know what happens!

[kentec]

I down loaded Ewido and ran that. It picked up a file and cleaned it.

I also uninstalled the latest version of Adaware dated 11/01/2005 which was what seemed to be causing all the problems. I reloaded my old Adaware personal SE but it still reads as the latest version and still brings up the AMON.
I had tried Delete and Quarantine but Amon says the same thing as previously : Cannot clean this infiltration..etc

Interestingly after I ran Ewido the virus log reset to Nil files infected!

You may like to pass this info on to Eset.

[Sweetie(*)(*)]

Hi,

WIN32/TrojanDownloader.Dyfica.BMtrojan is designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

The 1773 Files that are comming up infected may be a result of the additional downloads this Trojan has preformed.

Possible solutions I would suggest:

If available use System restore (you should be able to tell the install date from Nod32 logs.)

Online AV Scan followed by Nod32 in safe mode with max settings using clean function.

Install Microsoft Anti-Spyware, scan as back up to Adaware. (ive had good results using this with my customer PC's)

[ronjor]

Quote:

I had tried Delete and Quarantine but Amon says the same thing as previously : Cannot clean this infiltration..etc

When the trojan is found in a file, select to delete it. After the scan completes, you'll be prompted to reboot the machine for the cleaning to take effect.

http://www.wilderssecurity.com/showthread.php?t=61016