shortwave
2008-08-03, 02:09
A couple of days ago my Avast! A/V programme spotted signs of a Trojan - it described it as "Win32:Delf-KZL". This concerned me as it was in a small programme I had downloaded back in April last year. It is a HEX/DEC key converter which was part of some other software - I've never actually used it, although I think I must have opened it once to see what it was. I'm sure that I scanned the package after downloading as I always do. I have been running the latest versions of Spybot and Adaware SE/2007, and until recently AVG7.5. I have also recently removed Adaware and installed SUPERAntispyware instead. All are updated and full scans carried out at least weekly. I also have the ZoneAlarm firewall (free version).
I tried Google searching this Trojan, but haven't had much luck identifying it. I initially posted on Avast!'s forum as it does seem to pick up a fair number of False Positives. As per their usual request I uploaded it to VirusTotal for analysis and that returned 13 "hits", but none with the same description. The latest reply I've had is particularly worrying pointing out that a "Delf" infection can be very bad, and adding that the "cpa" suffixes on several of the reports could indicate a "Backdoor" Trojan. They suggested you would be the best people to help. I've not seen any unexplained processes running in Task Manager. I checked in the ZA programme control and the only unusual thing was this:
Product name
File name C:\Documents and Settings\Owner\Local Settings\Temp\~nsu.tmp\Au_.exe
Last policy update Not applicable
Version
Last modified date 21/05/2008 22:25:02
File size 57 KB
It was set to request permission, but has never done so. However I have run CCleaner recently and it's not in that folder any more.
I would be grateful for your advice on how I should proceed.
I tried Google searching this Trojan, but haven't had much luck identifying it. I initially posted on Avast!'s forum as it does seem to pick up a fair number of False Positives. As per their usual request I uploaded it to VirusTotal for analysis and that returned 13 "hits", but none with the same description. The latest reply I've had is particularly worrying pointing out that a "Delf" infection can be very bad, and adding that the "cpa" suffixes on several of the reports could indicate a "Backdoor" Trojan. They suggested you would be the best people to help. I've not seen any unexplained processes running in Task Manager. I checked in the ZA programme control and the only unusual thing was this:
Product name
File name C:\Documents and Settings\Owner\Local Settings\Temp\~nsu.tmp\Au_.exe
Last policy update Not applicable
Version
Last modified date 21/05/2008 22:25:02
File size 57 KB
It was set to request permission, but has never done so. However I have run CCleaner recently and it's not in that folder any more.
I would be grateful for your advice on how I should proceed.