Recently, my computer has been slowing down alot, it takes forever for me to start my computer up, takes like 10 minutes. Programs run so slow on my computer and my computer always freezes up. I ran an anti-virus and it said i have Trojan Horse Downloader.Delf.6.L
Does anybody know how to get rid of it?? I have AVG free but it says it deleted it, but my computers still messed up. Also, when i start up windows, it always says i'm missing a file and such. I've tried downloading some tools to remove trojan horses, but it wont let me even download anything.

What OS do you have? Is your AV up to date? Try scanning for viruses in safemode(hold F8 on boot until a menu comes up), if you have windows xp go in safemode with networking and run http://housecall.trendmicro.com
Take a look at this thread and post a HJT log after you tried everything to clean your pc.

I have Windows Xp Home service pack 1. My AV is up to date also.

Start up in Safe Mode with Networking. First go to run>msconfig and uncheck all the unnecessary stuff that is trying to start. Then go to Trendmicro.com and see if you can run an online scan.

OK you should turn off system restore and do your scans in safe mode.

First download MS antispyware to scan with as well if you can.
http://www.majorgeeks.com/download4466.html
Update it

Turn off system restore.
Right click "my computer" on the desktop
choose properties>systemrestore
disable system restore

then reboot, go into safe mode by pressing f8 repeatedly on bootup.
boot into safe mode with networking. Do the scan Ghost suggested. Download MS antispyware if you couldn't before.
Then reboot and scan with everything you have (MS antispyaware, AV scanner, anything else you have), in safe mode (Regular, no networking).

After all of that, post a Hijack this log. Download it here:
http://www.spywareinfo.com/~merijn/downloads.html

I wish i could download it, my computer isn't letting me download anything. Everytime i try, it says that there's something wrong with the site. I can't get online in safe mode with networking for some reason :confused:

what is hijack this log mean?

btw if it helps, the virus infected these 3 files:

A0064656.exe
CMD32.exe
A0064657.exe

I found this http://www.viruslibrary.com/virusinfo/Worm.P2P.Tanked.htm
If you can get to another computer download sysclean (http://www.trendmicro.com/ftp/products/tsc/sysclean.com) and run it on your pc in safemode. The readme (http://www.trendmicro.com/ftp/products/tsc/readme.txt) file will tell you how to set it up(get signatures).

thats what i have? I have the Tanked Worm? I thought i had that Trojan Horse Downloader.Delf.6.L

because thats the only thing that ever came up in my anti-virus scans... i'm running the trend micro scan right now.

Have you gone into safe mode and scanned yet?
i'm running the trend micro scan right now.
Running in regular mode with system restore turned on doesn't do anything but waste your time.

Edit:no matter what you want to call your malware, your PC is a bot under god knows whose control, doing god knows what. Start cracking down on removing it. Read my post above, and Panama's and Ghost's. Those are the things you need to do. Then download hijackthis like my post says and it asks you if you want to save a log. Say yes then post that here. Don't post it if you haven't scanned.

ok, uhh, it found two viruses called JAVA BYTEVER.A and they said its Non Cleanable....

Here you go this will tell you how to flush your java cache to remove java/byteverify:
http://java.com/en/download/help/cache_virus.xml

EDIT:that may be a little out of date you might be able to just click delete files when the java panel opens, under general>temporary internet files.

I also found this thread here with a fix linked to by Jeffr
http://forum.pcmech.com/showthread.php?t=126392&highlight=java%2Fbyteverify

does this trend micro search for every known virus in the world in my computer?Because i dont think that JAVA BYTEVER.A thing can do all this damage to my pc..... and on symantec,they said it was a low threat so iono??

Exploit.Java.Byteverify is an 'exploit' aimed at Microsoft's old VM for Java, it is not a trojan in itself but rather is designed to attempt to force a download on you. Long story short it is probably a symptom of a bigger problem, or possibly the way your main worm got in.

It usually means you have a homepage hijack or something similar. So, scan in safe mode and post a Hijackthis log. :)

um.... i still dont have any idea what the heck Hijack this log is... and what i dl or something

I am not sure why you wouldn't know, I posted this in this very thread:
After all of that, post a Hijack this log. Download it here:
http://www.spywareinfo.com/~merijn/downloads.html
it asks you if you want to save a log. Say yes then post that here.
You could also Google it.
http://www.google.com/search?q=%22what+is+hijackthis

I am honestly not really sure what to say my friend. If you don't want to scan in safe mode, or post a hijackthis log. There really isn't anything else I can help you with. :)

Edit:I am off to bed, if no one else happens by, I'll check back in the morning and see if you got it all worked out. Hopefully we can get it clean for you by then.

i already scanned in safe mode, and nothing.
umm i got that hijack thing, and i got some stuff on notepad?
Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

--------------------------------------------------

Enumerating Download Program Files:

[CoGSManager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GSManager.dll
CODEBASE = http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

[EARTPatchX Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EARTPX.dll
CODEBASE = http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 4,208 bytes
Report generated in 0.079 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


i think i have the sasser worm....

First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups

example

C:/HJT/
C:/hijackthis/

next


Click here (http://aumha.org/downloads/hijackthis.exe) to download Hijack This. 1.99.1 Save it to the folder you have just created

Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

we can see a little better whats going on with your computer


if you cant download it can you goto another computer and download it to a floppy it is a very small file and transfer it to your computer.

Logfile of HijackThis v1.99.1
Scan saved at 11:52:44 PM, on 4/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tim\Desktop\Cracks\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41327FEA-3460-47BD-BB0E-2A65E8DB0CC5}: NameServer = 206.13.28.12 206.13.31.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe




w00t w00t!! somehow, i can now download stuff off websites~!

i don't see anything wroing with your log

do you have the logs from the av scans that say you have a virus?

TDS is time-limited to 30 days

Let's use the program to scan for any trojans that may exist. Download TDS-3 (http://tds.diamondcs.com.au/index.php?page=download). Learn how to use it here (http://tds.diamondcs.com.au/index.php?page=easytouse). Make sure to update it after you installed it. You can get the manual updates here (http://tds.diamondcs.com.au/index.php?page=update). When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

Lobos

also start hijack this

click config - misc tools

put a check into the two little boxes next to the generate startup list button
then click generate startup list and post that log also


Lobos

RE:
---------------------
A0064656.exe
CMD32.exe
A0064657.exe
--------------------------------

"CMD32.exe" is a backdoor trojan, it opens your computer's ports to the hackers.
End the process in "Task manager" if it is running, then delete "cmd32.exe"
Usually found in /wondows/system32

Please donot do not delete "cmd.exe"; it is a legit file, only delete:"cmd32.exe".

As for:
A0064656.exe
&
A0064657.exe

I believe are found in your "/system information volume".
They can not be delete by ordinary means( most anti-virus programs can't do it).
To remove them, you have to "turn off" "system retore " under windows.
( This will take some time, depends on your system)
Then turn it back on, all your restore points are lost!
It is painful, maybe someone has a better solution then mine. :D


hope this helps :)

Osp, I forgot:

I reviewed your LOG and found that you dont have a firewall, it
it not wise to have no firewall nowadays.
Something like "Zonealarm" would have stop this trojan cold.

what is C:\WINDOWS\system32\lsass.exe ?

my computer took like half and hour to start today, its getting worse everyday. I think i'm just going to reboot my computer, saved all important files in flashdrive

It's not a virus or worm itself, but is a highly exploitable part of the Windows OS. Are you getting a shutdown in 60 seconds box sometimes?

Also, you never said, were you able to delete or quaratine these files:
A0064656.exe
CMD32.exe
A0064657.exe

Here is an easy way to check for some viruses that affect lsass.exe manually. Open the file "C:\windows\system32\drivers\etc\hosts" in notepad. Normally it will have one entry for something called "localhost". If in addition you see a list of anti-virus sites such as symantec, mcafee and more, then a worm has struck.

I would take the following steps if the above is the case:

Copy that C:\windows\system32\drivers\etc\hosts file to a floppy or somehow save a copy somewhere. (This may not be neccessary, but I'm paranoid and would rather save it in case you need something else in it later.) Label it as a possibly infected host file.

Delete C:\windows\system32\drivers\etc\hosts.

In a command shell, run the command "nbtstat -R". This should force Windows to re-lookup any of those names it might be keeping in memory.

Now you should be able to get to your anti-virus sites until you reboot - apparently the sasser worm will recreate these bogus host file entries each time you reboot. So download your updates, and scan to clean up the virus right away. Any major issues you can't deal with, just copy the file from the disk back from the floppy to C:\windows\system32\drivers\etc\hosts and try a different approach.

ok thanks for all the help, but i just bought a new harddrive today. My computer wouldnt get past this big blue screen, said all these files were missing, also, i COULDNT reboot my pc!! The message said that i didnt have and hard disks available, so i picked up a 80GB Hitachi Harddrive.

Since i got a new harddrive whats the BEST free anti-virus software that can prevent everything?
oh yeah, i think i knew how i got my virus or w/e in the first place: www.freeserials.com <---------- that sites filled with Trojans
i was installing a game, and tried to get a cd key from that site, but then AVG started popping up saying i got all these Trojans, but it deleted them, but i couldnt heal or delete 2 of them :( hopefully i haven't got my computer messed up again.
so i just want the best free anti-virus software that prevents all viruses/worms/ everything.

sorry for double posting, but while i was installing the drivers for my mobo and stuff, i found this thing on the cd called Trend Micro Internet Security and installed it. I was wondering if this was a good anti-virus?

oh yeah, i think i knew how i got my virus or w/e in the first place: www.freeserials.com <---------- that sites filled with Trojans
i was installing a game, and tried to get a cd key from that site, but then AVG started popping up saying i got all these Trojans, but it deleted them, but i couldnt heal or delete 2 of them hopefully i haven't got my computer messed up again.

Have you heard the saying, "Lie down with dogs, wake up with fleas"? It is quite apropos in this situation. Sorry to say, but thats what happens when you associate with warez sites. You'll soon learn it's easier to pay for the software or go without, hopefully. Or you can just do a reformat every couple weeks because all your resources are being spent DDoS'ing Microsoft's and SCO's servers, whatever works for you. ;)

The best piece of advice anyone will ever give you is this:
Think of the web as the real world. Not everyone plays nice, particularly the criminals and there is a reason the people from Carnegie Hill don't go to bars in the Lower East Side. They can't properly carry themselves and are marks from the moment they walk in. Not that it makes them any less intuitive in thier own world, be it business or computers for that matter. It's just that one is to foreign.

Enough lecture, on to the questions you had. Your hard drive from before was likely fine, the fact you were getting blue screen errors says that. You could have just formatted the drive you had, or even removed whatever virii were causing the trouble and repaired it. That may be a little advanced for you though, the repairing part. I would suggest you just format the drive, reinstall Windows and return the hard drive you bought if you want to and can. You can also slave it into the computer and use them both.

Trend Micro is good, what year is it though, the program should likely tell you in the help file along the top toolbar under "Help>About". Again though, no AV software can prevent viruses if you download pirated programs, cracks and warez. When you download legitimate programs, you should scan it before you run it.

Hope that helps, safe browsing will do more to prevent this than any software you can install. :)

No, i couldn't have reformated because after the blue screen, the computer shut off. I couldn't even get to the Windows loading screen, yes, i tried safe mode and with networking. When i tryed to reformat, Windows said it couldn't detect any hard disks available. Yes, i checked to make sure my harddrive was properly connected. I think my trend micro is 2002?

No, i couldn't have reformated because after the blue screen, the computer shut off. I couldn't even get to the Windows loading screen, yes, i tried safe mode and with networking. When i tryed to reformat, Windows said it couldn't detect any hard disks available. Yes, i checked to make sure my harddrive was properly connected. I think my trend micro is 2002?

IF you have your xp disk theres no reason you cant format.boot from your xp cd then before xp starts instalation you have the option of formating your disk before installing.

good luck