RE: Microsoft Search Assistant and Trojan Downloader Delf

From: Wayne Brinegar [MSFT] (wayneb_at_online.Microsoft.com)
Date: 01/15/05

  • Next message: David H. Lipman: "Re: Microsoft Search Assistant and Trojan Downloader Delf"
    Date: Sat, 15 Jan 2005 17:06:05 GMT
    
    

    Good Morning,

    The DELF family of malware are Backdoor Trojans. Anyone of the anti-virus
    vendors would have a decription
    of how the malware behaves and any removal instructions. Based on
    information from a major anti-virus vendors website,
    the malware captures private data such as logging keystrokes.

    The plan should be:

    1. visit www.Windowsupdate.com and download and install all the critical
    patches.
    2. go to http://support.Microsoft.com/?kbid=890830 and scan your machine.
    DELF is not one of the scanned viruses but this utility could identify any
    others.
    3. do a manual update of your anti-virus signatures (just to make sure that
    the signatures really downloaded)
    4. boot your machine into safe mode and do a virus scan
    5. visit an anti-virus vendor's website for removal instructions.

    Please make a backup of your machine before this virus scan.
    I have seen machines that were so infected that after running the virus
    scan from safe mode, the machine would not boot.

    Please contact your anti-virus vendor for help in removing the malware.

    There are three ways a machine can be compromised:
    1. weak passwords
    2. missing Windowsupdate patches
    3. social engineering

    Please see the Password policy whitepaper at
    http://www.microsoft.com/technet/community/columns/5min/5min

    Thanks,

    Wayneb@online.Microsoft.com

    This posting is provided "AS IS" with no warranties, and confers no rights.


  • Next message: David H. Lipman: "Re: Microsoft Search Assistant and Trojan Downloader Delf"

    Relevant Pages

    • Re: manual virus removal
      ... along with manual removal instructions. ... Several antivirus vendors offer online scans. ... malware names as other vendors. ... you can start trying to Google up descriptions, removal instructions, ...
      (alt.comp.anti-virus)
    • Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning
      ... abandoning some of the old DOS anti-virus security model may ... So far I have not found a exact list of what is needed by AV or Malware ... You use it to monitor actions another use it to do harm like steal data. ...
      (Linux-Kernel)
    • Re: Recurrent question
      ... If an Anti-Virus program knows how to detect a specific virus, ... If the malware is not written too dumb, ... No "Personal Firewall" provider can change this fact. ... A security system cannot be designed for "can control everything, ...
      (comp.security.firewalls)
    • Re: Recurrent question
      ... >> PFW, anti-virus, spam filter. ... Some people have installed a PFW which has ... >If the malware is not written too dumb, ... how exactly a "Personal Firewall" looks ...
      (comp.security.firewalls)
    • Re: [fw-wiz] Antivirus vendor conspiracy theories
      ... whereas AV have typically looked at Viruses ... A/V vendors do their job of fighting the viruses and related worms well, ... > FW/AV doesn't protect well against current malware. ... failures of the active components, but do not acively participate in the ...
      (Firewall-Wizards)