TechSpot

virus.win32.delf.ak

By katmullinax
Apr 5, 2007
  1. Hello. I also have this virus which is only detected by Xoftspy. I have the same experience as chirag_gajjar - Xoftspy detects it and removes it and as long as I don't shut down and restart my computer it stays that way. As soon as I boot up it's detected again. I followed the instructions from Howard Hopkinso and when rebooted - there it is again. I don't know what to do at this point. Any suggestions?

    thanks,

    Katrina
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type regedit into the runbox and press the enter key.

    Navigate to H_KEY_LOCAL_MACHINE/SYSTEM/SVKP and delete it.

    Close regedit and reboot your system.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
    1 person likes this.
  3. katmullinax

    katmullinax TS Rookie Topic Starter

    Hey Howie, I deleted the SVKP folder from the registry, rebooted and ran Xoftspy - which for the first time in 8 days came up without the bug. Can't tell you what a relief that is.

    I didn't have time to follow the remaining instructions because I had to leave my office (I'm writing this from home computer) but would you like me to still do that?

    thank you thank you thank you.

    Katrina
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    No problem if you can't post the log files right away. Just be sure to post them as soon as you have sufficient time.

    Without them, it's hard to tell whether or not your system is really clean.

    Regards :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes mate, I`d still like you to post the requested log files as soon as you can.

    Regards Howard :)

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. katmullinax

    katmullinax TS Rookie Topic Starter

  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, you need to attach a Combofix log. Also, please attach a fresh HJT log.

    Your AVG Antispyware log says all items have been ignored. This is because you didn`t tell AVG Antispyware to quarantine results. See HERE.

    Post fresh HJT, AVG Antispyware and Combofix logs.

    Regards Howard :)

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. katmullinax

    katmullinax TS Rookie Topic Starter

    Howard - I don't have Combofix, can you give me a link to the download? Running AVG Antispyware now, will send results and HJT results shortly.

    thank you,

    Katrina
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`ll find links to all programmes/tools in this thread HERE. Combofix is in step12 of the instructions.

    Regards Howard :)

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. katmullinax

    katmullinax TS Rookie Topic Starter

    here are HJT and AVG Antispyware reports...will download and run the Combofix now.

    Thanks,

    Katrina

    here is combofix log....

    thanks thanks thanks

    Katrina
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    What were the results of the AVG Antirootkit scan?

    It appears you`re running more than one antivirus programme. McAfee and AVG free. This is not recommended, will slow your system down and can cause serious conflicts. Uninstall one antivirus programme.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    SpywareBot<This is an antispyware programme of dubious repute.

    Close control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp

    O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)

    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\SpywareBot<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know the results of the AVG Antirootkit scan. Also, let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. katmullinax

    katmullinax TS Rookie Topic Starter

    good day Howard,

    the results of the AVG antirootkit scan were negative.

    Which of the antivirus software programs would you delete,
    McAfee or AVG free?

    deleted Spywarebot.

    followed instructions and here is updated hijackthis.

    No, thanks to you, I'm not having any problems.

    Katrina
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Personally, I recommend getting rid of McAfee. Once you`ve done that, You will need to install a separate firewall programme such as one of the free firewalls below.

    Zonealarm or Kerio free firewall programmes.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    SpywareBot.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\SpywareBot<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of katmullinax only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Thlaylie

    Thlaylie TS Rookie

    Hello everyone,

    I tried to follow the advise here, but did not have a H_KEY_LOCAL_MACHINE/SYSTEM/SVKP folder.

    I found the SVKP folder in HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SVKP and HKEY_LOCAL_MACHINE/SYSTEM/ControlSet002/Services/SVKP.

    There is a HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services, but no SVKP there.

    I deleted the 2 SVKP folders from the registry in safe mode, ran XoftSpySE and it's gone! I hope this helps you as well. Thanks everybody.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...