Downloader.Delf.aww

Hello,

Ewido detects a malicious software called "Downloader.Delf.aww" but since it resides in memory (26 traces are detected) it cannot be quarantined or removed.

I tried running Ewido in safe mode and shut down all non-essential processes which left ony system with memory location of [4] but it was also infected.

I also tried several rootkit removal programs (F-Secure and others) but they dont detect a "Downloader.Delf.aww".

Any suggestions?

Thanks

 

One thing to try is go into safe mode, run a memory scan and note all the numbers in square brackets, next to the objects found, in the report. These are the PID numbers so you can then go to AVG-AS's analysis section and under the Process tab see which processes have the PIDs in question. You then need to select all the affected processes before clicking the Terminate application button.

If you reboot, come back immediately into safe and then run a full system scan. You may have to try the whole procedure a second time. See if that helps you make progress.

If you have a .dll being loaded into many processes this could be due to the AppInit_DLLs value on this Reg Key:-

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Windows

maybe you could check in Regedit?

 

Thanks for the quick reply TopperID.

Since system [4] process which seems to be the backbone (?kernel) is infected, there is no way I can shut it down and clean.

I was looking for an excuse to reformat anyway.

 

I was wondering if someone knows anything about this item?

What is downloader.delf.aww and who is using it?

I have one instance of it on my machine and have tried to no avail to quarantine it. Since I have a Dell and since I downloaded AVG my Dell maintenance programs are not working; I am wondering if the program is related to Dell's installed updates program or something and I want to be sure before I push hard to delete it.

Thanks