HELP - Dropper.Delf.CD

Discussion in 'malware problems & news' started by Jason404, Jan 17, 2006.

Thread Status:
Not open for further replies.
  1. Jason404

    Jason404 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    13
    Location:
    London, UK
    I have a Windows2003 Server with Symantec AntiVirus Corporate running on it. It has not reported any problems.

    When connecting to a shared drive on the server, FreeAVG on the workstation found Dropper.Delf.CD trojan.

    How come SAV didn't find it, and what tool can I use to find this particular trojan elsewhere on the server without having to install FreeAVG or another AV prog on it? What does this trojan actually do?

    Please help.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Please submit the file to jotti first in order to get at least an indication this isn't a false positive from AVG.

    regards,

    paul
     
  3. Jason404

    Jason404 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    13
    Location:
    London, UK
    When I tried uploading it from the workstation I get this message:

    "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

    uploading it directly from the server worked:
    ________________________________________________
    Status: INFECTED/MALWARE
    MD5 7ecbab19521c2fd5c31f4fa09ba4f69f
    Packers detected: UPX
    Scanner results
    AntiVir Found Trojan/Delf.QU.2
    ArcaVir Found nothing
    Avast Found Win32:Trojan-gen.
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found Trojan.Delf-79
    Dr.Web Found Trojan.MulDrop.3186
    F-Prot Antivirus Found W32/Downloader.LUE
    Fortinet Found W32/Delf.QU-tr
    Kaspersky Anti-Virus Found Trojan-Dropper.Win32.Delf.qu
    NOD32 Found Win32/TrojanDropper.Delf.QU
    Norman Virus Control Found W32/DLoader.NUF
    UNA Found nothing
    VBA32 Found Trojan-Dropper.Win32.Delf.qu
    ________________________________________________

    It's a bit strange that AVG didn't find it on this test when FreeAVG here did on the workstation. What can I do here. Could this be the cause of the server crashing everyday for the last few days?
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  5. Jason404

    Jason404 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    13
    Location:
    London, UK
    Thanks, but is this Keylog-Keylf the same thing?
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Vgrep says so, but I'm not sure.
     
  8. Jason404

    Jason404 Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    13
    Location:
    London, UK
    Thanks. The behaviour described for Keylog-Keylf hasn't happened. I don't have Sophos, so I'm at a bit of a loss here.
     
  9. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Either try the ewido scanner/cleaner, or download a fully functional copy. Disable the guard when installing. Update after installing and perform a full system scan.
     
Loading...
Thread Status:
Not open for further replies.