Downloader.Delf.aww

Discussion in 'ewido anti-spyware forum' started by john canavar, Oct 22, 2006.

Thread Status:
Not open for further replies.
  1. john canavar

    john canavar Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    2
    Hello,

    Ewido detects a malicious software called "Downloader.Delf.aww" but since it resides in memory (26 traces are detected) it cannot be quarantined or removed.

    I tried running Ewido in safe mode and shut down all non-essential processes which left ony system with memory location of [4] but it was also infected.

    I also tried several rootkit removal programs (F-Secure and others) but they dont detect a "Downloader.Delf.aww".

    Any suggestions?

    Thanks
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    One thing to try is go into safe mode, run a memory scan and note all the numbers in square brackets, next to the objects found, in the report. These are the PID numbers so you can then go to AVG-AS's analysis section and under the Process tab see which processes have the PIDs in question. You then need to select all the affected processes before clicking the Terminate application button.

    If you reboot, come back immediately into safe and then run a full system scan. You may have to try the whole procedure a second time. See if that helps you make progress.

    If you have a .dll being loaded into many processes this could be due to the AppInit_DLLs value on this Reg Key:-

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Windows

    maybe you could check in Regedit?
     
  3. john canavar

    john canavar Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    2
    Thanks for the quick reply TopperID.

    Since system [4] process which seems to be the backbone (?kernel) is infected, there is no way I can shut it down and clean.

    I was looking for an excuse to reformat anyway.
     
  4. kensills

    kensills Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    1
    I was wondering if someone knows anything about this item?

    What is downloader.delf.aww and who is using it?

    I have one instance of it on my machine and have tried to no avail to quarantine it. Since I have a Dell and since I downloaded AVG my Dell maintenance programs are not working; I am wondering if the program is related to Dell's installed updates program or something and I want to be sure before I push hard to delete it.

    Thanks
     
    Last edited: Jan 12, 2007
Thread Status:
Not open for further replies.