Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BROWSELA (Trojan horse TR/Dldr.Delf.aeo)


  • Please log in to reply

#1
MattInLA

MattInLA

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I am a pretty advanced user and a consultant.
Hi, with regards to the above virus and some recent discussion on this, I have encountered something I have never seen before. Antivir Cannot remove this on reboot. I cannot manually remove the file. Even more scary. the Winlogon registry references to this Trojan file name cannot be deleted as they regenerate themselves!! WHAT??? Hijackthis does not work for the same reason. I am pretty advanced with this stuff. There is no hidden process running, I ran a rootkit detector it found nothing, THIS IS PRETTY SCARY.
ALL RESPONSES TO THIS ARE WELCOMED.
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results in this thread.

Thanks
  • 0

#3
MattInLA

MattInLA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
READ MY EMAIL. HijackThis is USELESS against this. We have now come to some of the most diabolical types of viruses I have ever seen. We are talking NASTY. This one creates a hidden process SOMEWHERE that cannot be found..its only purpose? To prevent you from deleting references to it from the registry, as it regenerates them. How do you prevent the loading of a file which is done on boot and then self-protects itself from being deleted in the registry! However, I found a very cunning way to delete BROWSELA.DLL that is pretty nifty.

Edited by MattInLA, 01 January 2006 - 04:01 AM.

  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
What email? Do you need help?
  • 0

#5
MattInLA

MattInLA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Excuse me there's no emails...Did you read my original posting? HIJACKTHIS is useless against this. The only solution I could find was to use my UBCD emergency windows boot diskette and remotely delete these files. Maybe you have a better way, I sure didn't. ??? DID YOU EVEN READ WHAT I POSTED??? Why are we posting messages on New Year's Day anyway...............

Edited by MattInLA, 01 January 2006 - 04:08 AM.

  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts

Why are we posting messages on New Year's Day anyway...............

I have no clue :) :)

Yes there is a tool that removes it. I believe its part of this family of trojans Downloader.Win32.Delf

Your way will certainly work to kill just about any file. Not recommended for most people though for obvious reosons :tazz: .
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP