Hi, I did a search on Delf trojan and did not find anything for 2010. I noticed that I was receiving an email from a friend (Marcy) with subject area (no subject line) showing a website ~Possible malware link removed~ (don't go there, WOT reported this as unsafe site) and I knew this friend would not send an email like this (3 times). I did a scan with NOD32 and it found this: "C:\Users\xxxxxx\Documents\Downloads 2010\iddfree.exe » INNO » file0001.bin - probably a variant of Win32/Delf trojan - was a part of the deleted object" I deleted this file found within NOD32's scan, but I still wonder if I might have it somewhere on my system since it is known to create copies. Would just an additional scan show that all instances of this trojan are removed? My definitions are updated daily, I just don't scan regularly if ever. Also, I'm curious why NOD32 did not prevent this in the first place? I really respect NOD32, recommend it to all friends, including the friend Marcy who sent the suspicious email to me (I loaded NOD32 on their machine and it doesn't expire until Nov. 2010). Thanks for any help....Katy
if you are still concerned create a SysInspector log and send to Eset http://kb.eset.com/esetkb/index?page=content&id=SOLN2219 it is good that dodgy email prompted you to scan the machine
Your trojan worm could be any of the following: http://www.eset.eu/encyclopaedia/win32-autorun-delf-cj-trojan-sasfis-tq-ircbrute-w32-spybot-worm http://www.eset.eu/encyclopaedia/wi...t-oik-trojan-dropper-mudrop-fes-generic-c-cgk http://www.eset.eu/encyclopaedia/wi...krap-w-worm-sillysharecopy-gen-generic16-aowx http://www.eset.eu/encyclopaedia/win32-trojandownloader-delf-zeb-a-sisron-downloader-dqp http://www.eset.eu/encyclopaedia/wi...ent2-akll-w32-banload-e-gen-eldorado-backdoor http://www.eset.eu/encyclopaedia/win32-trojanclicker-delf-nbk-trojan-clicker-agent-jjc-horse-advq http://www.eset.eu/encyclopaedia/win32-trojandropper-delf-npx-antavka-qp-delfdru-a http://www.eset.eu/encyclopaedia/win32-delf-pbf-trojan-agent-dhbq-tachtoli-a-generic-dx-nkr http://www.eset.eu/encyclopaedia/win32-autorun-irc-bot-bn-email-worm-bspread-pushbot http://www.eset.eu/encyclopaedia/wi...trojan-gypikon-based-dm2-maximus-siggen-21931 http://www.eset.eu/encyclopaedia/win32-delf-ntg-trojan-regrun-cnx-horse-generic-dx-fca http://www.eset.eu/encyclopaedia/win32-trojan-downloader-delf-pbd-hw-generic-blr-agent-aate http://www.eset.eu/encyclopaedia/wi...pbc-vwc-trojan-horse-generic-downloader-x-bgj http://www.eset.eu/encyclopaedia/win32-autorun-delf-cb-virus-delf-ct-generic-dx-hllw-autoruner-1073 http://www.eset.eu/encyclopaedia/wi...32-smser-az-suspicious-mh690-a-troj-blocker-b http://www.eset.eu/encyclopaedia/tr...iptdrop_k_trojan_horse_trojan_generic_1230770 http://www.eset.eu/encyclopaedia/de..._backdoor_trojan_generic_downloader_ab_trojan http://www.eset.eu/buxus/generate_page.php?page_id=14786
I'd suggest submitting iddfree.exe to ESET per the instructions here to confirm or deny that it's actually malicious.