Troj/LanFilt-J / Backdoor.Win32.Delf.zc

Discussion in 'malware problems & news' started by TimBud, Jul 4, 2005.

Thread Status:
Not open for further replies.
  1. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Ok, will cut my initial post up above down some. Sorry for not making myself up to date, I am just quite unnerved by this, never a virus, etc. until I got DSL. I have discovered I have the following:

    Troj/LanFilt-J: Alias: Backdoor.Win32.Delf.zc

    I run NOD32 2.5 trial, TDS and several of the known good Spyware/Malware prog's. Sygate Pro FW and I am on an Actiontec Gateway w/NAT. None of which has picked this thing up.

    I discovered I had it by Googling a string I found in my Bootlog which directed me here: http://www.mwti.net/virusnews/virusalertd.asp?id=604

    I did find the entry in my Registry as noted under "Advanced" tab.

    Thanks anyone that can help! I have just about amy log, etc. you may need to see.

    Tim
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello TimBud,

    Did u happen to post your HJT log at any of the sites listed at the link Ronjor posted in your other thread?

    If not, i would advise u to.

    Try this site if your not familiar with any of the ones listed,

    http://gladiator-antivirus.com/forum/index.php?showforum=170

    Make sure u read all the rules first there before posting a log.


    snowbound
     
  3. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Hi Snowbound,

    Yes, I am as of right now. I thank you and RonJor for your help. Man, you all probably think I am a dumba**. :rolleyes:

    I just have been on this thing since Friday, blew my whole 4th weekend, not even 1 beer! Let alone, occurances throughout the last month. This is just the 1st reavealing evidence of my machine actually having an infection today that I found. So, just delerious I suppose, a little anxious, aaggghhh....need more coffee.

    Take care you guys
     
  4. FanJ

    FanJ Guest

    Hi Tim,

    In addition to the good advices from Steve and Ron:

    I was wondering:
    1.
    Did you scan with NOD32 (fully updated) using Blackspear's settings?
    And maybe also in Safe Mode?
    2.
    Did you scan with TDS-3, fully updated, full system scan, all settings on highest?
    And also in Safe Mode?
    I hardly can imagine that TDS-3 did not find that Trojan.
    BTW:
    RAT.Delf.zc is in the Primary List of TDS-3, with lots of others; well, there is always the naming problem...

    Cheers, Jan.
     
  5. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Hi Jan,

    I am just meeting everyone now huh? :)

    No, not as of my point of discovery a couple hours ago. Last full in depth analysis scan I performed w/ NOD was on 6.29.05. Now, my TDS & NOD are both the trial versions so not sure if it's the "full operating version" of each.

    NOD gets it's updates as it should, just got one about 30 min. ago. I am not clear on the Blackspear's settings and do not see them in set-up....hence my Trialware?

    The TDS, I have set up to scan at start-up. Last re-boot performed was 20 hrs 33 minutes ago. Shockingly enough, TDS did not start and no, I have not investigated that yet. When it does it's scan, it finds three (3) streams but I have no idea if they are good or bad. I am very clueless to those.


    No, I have not tried either is Safe Mode, should I do this? Or should I say, imperative that I do?

    Tim
     
  6. FanJ

    FanJ Guest

    Hi Tim,

    Maybe it is indeed the best thing to post your HJT-log as Ron and Steve adviced already; for example at the Gladiator board as already mentioned.

    As for TDS-3:

    You have the trial version, as you wrote.
    The trial version has no resident protection.
    But you can do a full system scan with it !
    First make sure that you have the latest definitions.
    You have to manual download them.
    http://tds.diamondcs.com.au/index.php?page=update
    After you have downloaded the latest definitions (Radius) and rebooted:
    disconnect internet,
    temporarily close every running program (in particular other scanners),
    start TDS-3 (if it is not already started),
    in TDS-3 > System Testing > Full System Scan
    This scanning might take some time (hours maybe).
    When finished, there might be some warnings at the bottom of the TDS-3 window.
    Right click in that window, and save the scandump.txt; then rename the scandump so it will not be overwritten later.
    Then right click each entry at that bottom window of TDS-3, and let TDS-3 delete it (if possible).
    Then do the whole thing again but now in Safe Mode.


    Other remarks

    Blackspears settings for NOD32:
    https://www.wilderssecurity.com/showthread.php?t=37509

    I'd better leave the NOD32 issues to Blackspear and others.

    You might have a problem with left-overs from other AV-programs.

    Again:
    Seeing the situation, I fully agree with Ron and Steve:
    The best thing might indeed now be to post your HJT-log at one of the boards mentioned (like the Gladiator board).
     
Thread Status:
Not open for further replies.