RE: Microsoft Search Assistant and Trojan Downloader Delf
From: Wayne Brinegar [MSFT] (wayneb_at_online.Microsoft.com)
Date: Sat, 15 Jan 2005 17:06:05 GMT
The DELF family of malware are Backdoor Trojans. Anyone of the anti-virus
vendors would have a decription
of how the malware behaves and any removal instructions. Based on
information from a major anti-virus vendors website,
the malware captures private data such as logging keystrokes.
The plan should be:
1. visit www.Windowsupdate.com and download and install all the critical
2. go to http://support.Microsoft.com/?kbid=890830 and scan your machine.
DELF is not one of the scanned viruses but this utility could identify any
3. do a manual update of your anti-virus signatures (just to make sure that
the signatures really downloaded)
4. boot your machine into safe mode and do a virus scan
5. visit an anti-virus vendor's website for removal instructions.
Please make a backup of your machine before this virus scan.
I have seen machines that were so infected that after running the virus
scan from safe mode, the machine would not boot.
Please contact your anti-virus vendor for help in removing the malware.
There are three ways a machine can be compromised:
1. weak passwords
2. missing Windowsupdate patches
3. social engineering
Please see the Password policy whitepaper at
This posting is provided "AS IS" with no warranties, and confers no rights.