Delf trojan

Hi, I did a search on Delf trojan and did not find anything for 2010.

I noticed that I was receiving an email from a friend (Marcy) with subject area (no subject line) showing a website ~Possible malware link removed~ (don't go there, WOT reported this as unsafe site) and I knew this friend would not send an email like this (3 times). I did a scan with NOD32 and it found this: "C:\Users\xxxxxx\Documents\Downloads 2010\iddfree.exe » INNO » file0001.bin - probably a variant of Win32/Delf trojan - was a part of the deleted object"

I deleted this file found within NOD32's scan, but I still wonder if I might have it somewhere on my system since it is known to create copies. Would just an additional scan show that all instances of this trojan are removed? My definitions are updated daily, I just don't scan regularly if ever.

Also, I'm curious why NOD32 did not prevent this in the first place? I really respect NOD32, recommend it to all friends, including the friend Marcy who sent the suspicious email to me (I loaded NOD32 on their machine and it doesn't expire until Nov. 2010).
Thanks for any help....Katy

 

if you are still concerned create a SysInspector log and send to Eset
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219

it is good that dodgy email prompted you to scan the machine

 

Thank you Cudni, I just sent the zip file to customer care. Thanks for telling me about this. Katy

 

Your trojan worm could be any of the following:
http://www.eset.eu/encyclopaedia/win32-autorun-delf-cj-trojan-sasfis-tq-ircbrute-w32-spybot-worm
http://www.eset.eu/encyclopaedia/wi...t-oik-trojan-dropper-mudrop-fes-generic-c-cgk
http://www.eset.eu/encyclopaedia/wi...krap-w-worm-sillysharecopy-gen-generic16-aowx
http://www.eset.eu/encyclopaedia/win32-trojandownloader-delf-zeb-a-sisron-downloader-dqp
http://www.eset.eu/encyclopaedia/wi...ent2-akll-w32-banload-e-gen-eldorado-backdoor
http://www.eset.eu/encyclopaedia/win32-trojanclicker-delf-nbk-trojan-clicker-agent-jjc-horse-advq
http://www.eset.eu/encyclopaedia/win32-trojandropper-delf-npx-antavka-qp-delfdru-a
http://www.eset.eu/encyclopaedia/win32-delf-pbf-trojan-agent-dhbq-tachtoli-a-generic-dx-nkr
http://www.eset.eu/encyclopaedia/win32-autorun-irc-bot-bn-email-worm-bspread-pushbot
http://www.eset.eu/encyclopaedia/wi...trojan-gypikon-based-dm2-maximus-siggen-21931
http://www.eset.eu/encyclopaedia/win32-delf-ntg-trojan-regrun-cnx-horse-generic-dx-fca
http://www.eset.eu/encyclopaedia/win32-trojan-downloader-delf-pbd-hw-generic-blr-agent-aate
http://www.eset.eu/encyclopaedia/wi...pbc-vwc-trojan-horse-generic-downloader-x-bgj
http://www.eset.eu/encyclopaedia/win32-autorun-delf-cb-virus-delf-ct-generic-dx-hllw-autoruner-1073
http://www.eset.eu/encyclopaedia/wi...32-smser-az-suspicious-mh690-a-troj-blocker-b
http://www.eset.eu/encyclopaedia/tr...iptdrop_k_trojan_horse_trojan_generic_1230770
http://www.eset.eu/encyclopaedia/de..._backdoor_trojan_generic_downloader_ab_trojan
http://www.eset.eu/buxus/generate_page.php?page_id=14786

 

I'd suggest submitting iddfree.exe to ESET per the instructions here to confirm or deny that it's actually malicious.