ClamWin found my desktop to be infected by Trojan.Delf-818, I tried to delete the infected files by ClamWin but after a while, the files come back. And it's now infecting my portable harddisk and now to my notebook computer. I've scanned all 3 with ClamWin and deleted all the infected files, but they all come back after reboot. pls help to tell me how to clean this from all my desktop + protable hd + notebook.

below is the ClamWin report (C: is my desktop, and i got the same files infected on notebook. I: & J: is my protable hardisk)

C:\Program Files\Common Files\Microsoft Shared\bemfpen.exe: Removed
C:\Program Files\Common Files\System\gvsqajc.exe: Removed
C:\Program Files\Common Files\Microsoft Shared\bemfpen.exe: Trojan.Delf-818 FOUND
C:\Program Files\Common Files\System\gvsqajc.exe: Trojan.Delf-818 FOUND

I:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP60\A0010658.exe: Removed
I:\System Volume Information\_restoreCFB5718A-056E-45B2-8D1C-84D0C3D306D9\RP160\A0022201.exe: Removed
I:\System Volume Information\_restoreCFB5718A-056E-45B2-8D1C-84D0C3D306D9\RP162\A0023204.exe: Removed
I:\ejpyypm.exe: Removed
J:\ejpyypm.exe: Removed

I:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP60\A0010658.exe: Trojan.Delf-818 FOUND
I:\System Volume Information\_restoreCFB5718A-056E-45B2-8D1C-84D0C3D306D9\RP160\A0022201.exe: Trojan.Delf-818 FOUND
I:\System Volume Information\_restoreCFB5718A-056E-45B2-8D1C-84D0C3D306D9\RP162\A0023204.exe: Trojan.Delf-818 FOUND
I:\ejpyypm.exe: Trojan.Delf-818 FOUND
J:\ejpyypm.exe: Trojan.Delf-818 FOUND

When I inserted my SD card and any USB thumbdrive, it got infected with the I:\ejpyypm.exe too! I'm so frustrated and don't know what to do. PLS HELP~

I've also scanned with Sophos, AVG, bitDefender, Trend-Micro online but all found nothing. When I install Norton or NOD, the installation got interrupted and cannot be run. When I run Hijackthis, I can' t execute the .exe file without renaming it.
And if I search anything about "anti-virus / trojan / trojan.delf" in IE, the IE window will shut down automatically. This malicious trojan is very very tough!!! Pls help me!

I will provide you with some places/ideas--hope something helps. The ClamWin forums aren't really involved with malware cleanup.

You could do a search on Google and see what you can find out about your malware. You may run across some help that way.

If you are using a paid commercial antivirus program in addition to ClamWin, you should contact them for help. Many of them have downloadable cleanup tools for specific viruses. Some of them, including Semantec and McAfee provide manual removal instructions. You have to identify the malware you are dealing with and then see what they say about it, and you appear to have identified it on your machine(s).

The folks over at Castle Cops and Bleeping Computer.Com also provide assistance, and both places rely heavily upon you installing the Hijack This program. You furnish them copies of the Hijack This log, and they analyze it for you and then walk you through the cleanup process, which may involve downloading specific cleanup tools.

SELF HELP
Disable System Restore until you eliminate the malware.

You could try running an antispyware program if you don't have one. Some of them can eliminate some of the nasty trojans. You can download a trial version if you don't have one. Get one that has a resident scanner. Run it as usual, and then reboot and run it in Safe Mode. Safe Mode will sometimes prevent malware from hiding.

Run your antivirus in Safe Mode also, but some of them don't work as good in it (NOD32 for instance).

You may have a rootkit that is protecting the malware. I believe Delf is like that. Download and run the free Sophos Antirootkit. It is very user friendly and will tell you if it is safe to remove a file.

Good luck!

Download malwarebytes anti-malware tool, free
Download combofix, free
Download autoruns from sysinternals, free

Reboot and run in safe mode

run malwarebytes in quick scan mode, remove the malware and reboot back into safe mode
run malwarebytes in full scan mode, remove the malware and reboot back into safe mode
run combofix and let it do it's stuff, will fix any insertion into the registry, automatic normal reboot run malwarebytes in quick scan mode, just to be sure

buy malwarebytes and install it so that it checks for malware all the time, it is a lightweight, cheap tool and it does the job.

use autoruns and become familar with the set up on your PC, whenan unexpected process sits in startup then you can remove it yourself.

run clamwin regularly, run malwarebytes scans regularly. This malware will return.

Finally, don't access porn sites, don't access sites that are unfamiliar or could be dodgy. Don't open dodgy attachments in emails from anyone. Be careful what you download. Install a good firewall that does not try to do too much. Just a good quality firewall. Sygate Personal Firewall is still good and free.

Avoid Norton, McCaffee and generic big A/V tools as they slow down your system and act just like malware themselves (slow down your PC, make it do strange things with data, websites, interefere with your browser, compromise functionality, stop networking tools &c)

Yereverluvinunclebert