PDA

View Full Version : Win 32:Delf-XQ (trojan downloader)



Jax
05-07-2007, 05:20 AM
Hi,
I'm using Windows XP and Ubuntu on my laptop.
When I scan Windows witth Nod32, Ad-aware and Spydoctor, my system comes up virus and malware clean.
However, when I boot via Linux and run a virus scan using Avast, it alerts me to the Win 32: Delf-XQ [TR] virus in pagefile.sys. I googled it and I think it's a trojan downloader.
I think the scanner scans all the windows files too, even though I'm in Linux.
Avast asks if I want to remove the virus and I delete it each time, yet it comes back.
I had the same problem with a virus in the hiberfil.sys folder, but after I disabled hibernation, that warning disappeared.
Please help me remove this trojan downloader, and whether I can delete pagefile.sys.
Thanks a ton.

pctek
05-07-2007, 09:08 AM
I'd say its a false positive.

FoxyMX
05-07-2007, 03:08 PM
Please help me remove this trojan downloader, and whether I can delete pagefile.sys.

Disable the page file, reboot then enable it again:

Control Panel > System > Advanced > Performance settings > Advanced > Change > select No paging file (take note of current size) > Set > click OK all the way > Reboot.

To enable, repeat above but enter the size settings you took note of.

Jax
05-07-2007, 03:14 PM
Thanks to both of you for responding so quick.
Is it safe to clean out pagefile? And will clearing it, remove this alleged trojan downloader?
Basically. are there any downsides to wiping out pagefile?
Thanks again

FoxyMX
05-07-2007, 03:21 PM
It is safe and I don't know of any downsides. I have done it myself many a time. Your computer won't blow up or anything bad like that.

As for removing the alleged trojan downloader, it might get rid of it but there are no guarantees. Try it and see. :)

Jax
05-07-2007, 04:22 PM
Thanks FoxyMX:)

Agent_24
05-07-2007, 05:33 PM
Easier way may be to tell windows to clear the pagefile on shutdown:

http://support.microsoft.com/kb/314834

FoxyMX
05-07-2007, 06:20 PM
Easier way may be to tell windows to clear the pagefile on shutdown:

http://support.microsoft.com/kb/314834

Whilst that may be useful information for some of the more experienced PC users I really don't think it's a good idea for the original poster of this thread to try that one.

Jax
05-07-2007, 06:23 PM
Thank you

FoxyMX
09-07-2007, 04:36 PM
Jax, I received your email but was unable to reply as you have disabled receiving emails so I'll reply here.

Your email message was as follows:


So I wiped out the pagefile and reset it in Windows as you suggested.
I then scanned the computer with Avast having booted into Ubuntu.
I got a virus warning again. It was in the pagefile.sys folder, but it wasn't the Win 32:Delf-XQ (trojan downloader), it was some other Win:32 trojan downloader.
I don't know if these are just false positives. When I look at the host file directory in Linux (where are all the windows files and directories are) I see a pagefile folder. Should I delete that?
Any help would be great.
Thanks

They are possibly false positives but to put your mind at rest I would suggest that you ask at the Avast forums (http://forum.avast.com/). They might have better advice.

Good luck and let us know how you get on. :)

Jax
09-07-2007, 05:39 PM
FoxyMX, I'll let you know if I find anything. Thanks for all your help.

Jax
09-07-2007, 05:51 PM
FoxyMX,
Can a Windows virus, work in Linux? i.e. even though Avast is alerting me to it in Linux, can this virus - if it does exist - do any damage when I've booted into Ubuntu?
Also, I posted on the avast forum. FYI, I even logged into windows in safe mode and ran nod32, spybot and spyware doctor - nothing came up.

FoxyMX
09-07-2007, 06:28 PM
Can a Windows virus, work in Linux? i.e. even though Avast is alerting me to it in Linux, can this virus - if it does exist - do any damage when I've booted into Ubuntu?

No. Absolutely not. Windows viruses do not affect Linux. :)

If or when you are using Windows it will be a concern, however, if it is indeed a virus (or trojan).