Delf trojan

Discussion in 'ESET NOD32 Antivirus' started by katy98, Jun 19, 2010.

Thread Status:
Not open for further replies.
  1. katy98

    katy98 Registered Member

    Joined:
    Sep 16, 2007
    Posts:
    5
    Hi, I did a search on Delf trojan and did not find anything for 2010.

    I noticed that I was receiving an email from a friend (Marcy) with subject area (no subject line) showing a website ~Possible malware link removed~ (don't go there, WOT reported this as unsafe site) and I knew this friend would not send an email like this (3 times). I did a scan with NOD32 and it found this: "C:\Users\xxxxxx\Documents\Downloads 2010\iddfree.exe » INNO » file0001.bin - probably a variant of Win32/Delf trojan - was a part of the deleted object"

    I deleted this file found within NOD32's scan, but I still wonder if I might have it somewhere on my system since it is known to create copies. Would just an additional scan show that all instances of this trojan are removed? My definitions are updated daily, I just don't scan regularly if ever.

    Also, I'm curious why NOD32 did not prevent this in the first place? I really respect NOD32, recommend it to all friends, including the friend Marcy who sent the suspicious email to me (I loaded NOD32 on their machine and it doesn't expire until Nov. 2010).
    Thanks for any help....Katy
     
    Last edited by a moderator: Jun 19, 2010
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. katy98

    katy98 Registered Member

    Joined:
    Sep 16, 2007
    Posts:
    5
    Thank you Cudni, I just sent the zip file to customer care. Thanks for telling me about this. Katy
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Your trojan worm could be any of the following:
    http://www.eset.eu/encyclopaedia/win32-autorun-delf-cj-trojan-sasfis-tq-ircbrute-w32-spybot-worm
    http://www.eset.eu/encyclopaedia/wi...t-oik-trojan-dropper-mudrop-fes-generic-c-cgk
    http://www.eset.eu/encyclopaedia/wi...krap-w-worm-sillysharecopy-gen-generic16-aowx
    http://www.eset.eu/encyclopaedia/win32-trojandownloader-delf-zeb-a-sisron-downloader-dqp
    http://www.eset.eu/encyclopaedia/wi...ent2-akll-w32-banload-e-gen-eldorado-backdoor
    http://www.eset.eu/encyclopaedia/win32-trojanclicker-delf-nbk-trojan-clicker-agent-jjc-horse-advq
    http://www.eset.eu/encyclopaedia/win32-trojandropper-delf-npx-antavka-qp-delfdru-a
    http://www.eset.eu/encyclopaedia/win32-delf-pbf-trojan-agent-dhbq-tachtoli-a-generic-dx-nkr
    http://www.eset.eu/encyclopaedia/win32-autorun-irc-bot-bn-email-worm-bspread-pushbot
    http://www.eset.eu/encyclopaedia/wi...trojan-gypikon-based-dm2-maximus-siggen-21931
    http://www.eset.eu/encyclopaedia/win32-delf-ntg-trojan-regrun-cnx-horse-generic-dx-fca
    http://www.eset.eu/encyclopaedia/win32-trojan-downloader-delf-pbd-hw-generic-blr-agent-aate
    http://www.eset.eu/encyclopaedia/wi...pbc-vwc-trojan-horse-generic-downloader-x-bgj
    http://www.eset.eu/encyclopaedia/win32-autorun-delf-cb-virus-delf-ct-generic-dx-hllw-autoruner-1073
    http://www.eset.eu/encyclopaedia/wi...32-smser-az-suspicious-mh690-a-troj-blocker-b
    http://www.eset.eu/encyclopaedia/tr...iptdrop_k_trojan_horse_trojan_generic_1230770
    http://www.eset.eu/encyclopaedia/de..._backdoor_trojan_generic_downloader_ab_trojan
    http://www.eset.eu/buxus/generate_page.php?page_id=14786
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest submitting iddfree.exe to ESET per the instructions here to confirm or deny that it's actually malicious.
     
Thread Status:
Not open for further replies.