Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BROWSELA (Trojan horse TR/Dldr.Delf.aeo)

Started by MattInLA , Jan 01 2006 02:16 AM

  • Please log in to reply

#1
MattInLA
Posted 01 January 2006 - 02:16 AM

MattInLA

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I am a pretty advanced user and a consultant.
Hi, with regards to the above virus and some recent discussion on this, I have encountered something I have never seen before. Antivir Cannot remove this on reboot. I cannot manually remove the file. Even more scary. the Winlogon registry references to this Trojan file name cannot be deleted as they regenerate themselves!! WHAT??? Hijackthis does not work for the same reason. I am pretty advanced with this stuff. There is no hidden process running, I ran a rootkit detector it found nothing, THIS IS PRETTY SCARY.
ALL RESPONSES TO THIS ARE WELCOMED.
  • 0

Advertisements

#2
loophole
Posted 01 January 2006 - 03:20 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results in this thread.

Thanks
  • 0

#3
MattInLA
Posted 01 January 2006 - 03:49 AM

MattInLA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
READ MY EMAIL. HijackThis is USELESS against this. We have now come to some of the most diabolical types of viruses I have ever seen. We are talking NASTY. This one creates a hidden process SOMEWHERE that cannot be found..its only purpose? To prevent you from deleting references to it from the registry, as it regenerates them. How do you prevent the loading of a file which is done on boot and then self-protects itself from being deleted in the registry! However, I found a very cunning way to delete BROWSELA.DLL that is pretty nifty.

Edited by MattInLA, 01 January 2006 - 04:01 AM.

  • 0

#4
loophole
Posted 01 January 2006 - 03:57 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
What email? Do you need help?
  • 0

#5
MattInLA
Posted 01 January 2006 - 04:05 AM

MattInLA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Excuse me there's no emails...Did you read my original posting? HIJACKTHIS is useless against this. The only solution I could find was to use my UBCD emergency windows boot diskette and remotely delete these files. Maybe you have a better way, I sure didn't. ??? DID YOU EVEN READ WHAT I POSTED??? Why are we posting messages on New Year's Day anyway...............

Edited by MattInLA, 01 January 2006 - 04:08 AM.

  • 0

#6
loophole
Posted 01 January 2006 - 04:15 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts

Why are we posting messages on New Year's Day anyway...............

I have no clue :) :)

Yes there is a tool that removes it. I believe its part of this family of trojans Downloader.Win32.Delf

Your way will certainly work to kill just about any file. Not recommended for most people though for obvious reosons :tazz: .
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP