Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
TROJ_DELF.D 3
- Thread starter cacl
- Start date
According to this this virus is not even in the wild and has been around for 2 years. I wonder if it could be some other delf variant. What antivirus are you using? Search here for "delf" (without quotes) and you will find several variants. You might want to try an online scan with a different scanner - see faq760-3862
- Thread starter
- #3
katieb6253
IS-IT--Management
One of my network clients has just come up with this same trojan, TROJ_DELF.D. Trends Office Scan is the only software that has caught it. The only thing is, it won't clean, delete, or quarantine. There is a file left over in C:\Windows\System32\hnsys32.dll that the software keeps telling me it is infected, but I don't see it, and using search, still no results. It is an XP machine and show system folders has been checked....... would love to know if I have a hero out there that can help.......
I too got the troj_delf.d virus today. It was found by trend micro. I have done all the same as katie and have not corrected teh prob. I am XP home edition and use a cable modem. I have teh same left over file and it keeps sending teh following message:
APP_BK_038
Connection timed out (error #10060)
Any help?
APP_BK_038
Connection timed out (error #10060)
Any help?
-
3
- #7
snootalope
IS-IT--Management
Hi guys.. I got your cure.. 8)
Download and run this:
It's a small prog to remove the Sobig Virus
After running, it'll find like 6 files or something.. REBOOT!!
Once back up, stop the service cgtask.exe
remove the files:
The C:\WINNT\System32\cgtask.exe file
The C:\WINNT\winssk32.exe file.
You might not have winssk32.exe, no big deal..
next: DELETE C:\Windows\System32\hnsys32.dll If you can't see the file, make very sure you are showing ALL FILES.. Tools | Folder Options | Show all files & all protected files..
Once delete, use trend again.. vamoose!!
Be sure to let everyone know if this works for you!!!
"tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain
"I should of been a doctor.." Me
Download and run this:
It's a small prog to remove the Sobig Virus
After running, it'll find like 6 files or something.. REBOOT!!
Once back up, stop the service cgtask.exe
remove the files:
The C:\WINNT\System32\cgtask.exe file
The C:\WINNT\winssk32.exe file.
You might not have winssk32.exe, no big deal..
next: DELETE C:\Windows\System32\hnsys32.dll If you can't see the file, make very sure you are showing ALL FILES.. Tools | Folder Options | Show all files & all protected files..
Once delete, use trend again.. vamoose!!
Be sure to let everyone know if this works for you!!!
"tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain
"I should of been a doctor.." Me
SysAdminTim
IS-IT--Management
snootalope
Thank you very much for your posting regarding curing what was appearing to be an un-curable virus. One change I had to make you had said stop the service on cgtask.exe, I "ended-the-process" under task manager after I couldn't find the service.
Was extremely helpful.
SysAdminTim
Thank you very much for your posting regarding curing what was appearing to be an un-curable virus. One change I had to make you had said stop the service on cgtask.exe, I "ended-the-process" under task manager after I couldn't find the service.
Was extremely helpful.
SysAdminTim
katieb6253
IS-IT--Management
Thank you snootalope..... You are my Hero. I had run the symantec tool and it did delete 1 file. When I rebooted, I still had Trend finding the C:\Windows\System32\hnsys32.dll. I never did find this file,(even making the folder option changes) but after deleting cgtask.exe and winssk32.exe, rebooting and running another scan, all is great. Again, thanks, we would miss your expertise if you became a doctor.
- Status