Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

Discussion in 'NOD32 version 2 Forum' started by kentec, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. kentec

    kentec Registered Member

    A message from one of my customers any ideas?

    Following is the info that Amon brings up when I ma running AdAware:
    File: C:\ DOCUME~1\Owner\LOCALS~1\Temp\AAWTMP\C107697328\161B4\UniDist.ocx

    Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

    Comment: Amon cannot clean this finfiltration. Event occurred on a newly created file.
    When I run the NOD scan it finds nothing however the AMON logscan tells me there are now 1773 infected files.
  2. quexx88

    quexx88 Registered Member

    It seems as though Ad-Aware is unpacking something that AMON is picking up as infected. Although you could disable AMON while Ad-Aware is scanning to let it finish, try to delete the file (from the AMON alert screen...uncleanable does not mean un-deletable! There is a "delete button"). In any event, Ad-Aware will probably either detect and clean the offending malware, or at the very least delete those temporary files that it is creating. After you're through with that, try a scan with a product like ewido ( for a free 30 day trial) Let us know what happens!
  3. kentec

    kentec Registered Member

    Re: Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan/Result from Customer

    I down loaded Ewido and ran that. It picked up a file and cleaned it.

    I also uninstalled the latest version of Adaware dated 11/01/2005 which was what seemed to be causing all the problems. I reloaded my old Adaware personal SE but it still reads as the latest version and still brings up the AMON.
    I had tried Delete and Quarantine but Amon says the same thing as previously : Cannot clean this infiltration..etc

    Interestingly after I ran Ewido the virus log reset to Nil files infected!

    You may like to pass this info on to Eset.
  4. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member


    WIN32/TrojanDownloader.Dyfica.BMtrojan is designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

    The 1773 Files that are comming up infected may be a result of the additional downloads this Trojan has preformed.

    Possible solutions I would suggest:

    If available use System restore (you should be able to tell the install date from Nod32 logs.)

    Online AV Scan followed by Nod32 in safe mode with max settings using clean function.

    Install Microsoft Anti-Spyware, scan as back up to Adaware. (ive had good results using this with my customer PC's)
  5. ronjor

    ronjor Global Moderator

    When the trojan is found in a file, select to delete it. After the scan completes, you'll be prompted to reboot the machine for the cleaning to take effect.
Thread Status:
Not open for further replies.