Smart Computing Article - How To Get Rid Of Delf

Subscribe Today | Contact Us | Register Now

Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop

How To Get Rid Of…

Email This

Print This
View My Personal Library

How To Get Rid Of… Article Last Reviewed February 2005	Add To My Personal Library
How To Get Rid Of Delf

Description

Delf is a family of Trojan horse programs which allow a cracker to take complete control over infected PCs. Some versions log your keystrokes, allowing the cracker to review your passwords, credit card numbers, and any other information that you type. Backdoor.Delf.B is one common variant of this troublesome Trojan horse. Delf can install on a PC when you unwittingly run an infected email attachment or an infected file downloaded from a file sharing service.

How To Tell If Delf.B Is On Your PC

Delf tries to disable several common antivirus applications, so you may notice that your antivirus utility has stopped working properly. You may also notice slow-loading Web pages or other unexpected Internet activity.

A Delf.B-infected PC will have files named Kernel32.exe in the Windows system directory (C:\WINDOWS\SYSTEM or C:\WINNT\SYSTEM32, depending on the operating system). However, several other viruses and Trojan horse programs use that same file name in the same location. Having the file is always trouble, but the culprit is not necessarily Delf. To prove definitively that the uninvited visitor is Delf.B, use the Registry Editor (click Start and Run, type regedit in the Open box, and click OK) to look at the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

If both contain the value LoadWindowsFile, then Delf.B is the culprit.

WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin (Registry errors can render your computer inoperable if you don't have a backup). This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here."

How To Get Rid Of Backdoor.Delf.B

There are many versions of Delf; offshoots of this particular malware may require unique removal processes.

If you use the System Restore feature in Windows Me/XP, a copy of Delf could remain in the System Restore backup folder. To remove it, disable System Restore. To do this in WinXP, click Start and Control Panel, double-click the System icon, select the System Restore tab, check the Turn Off System Restore checkbox, and click Apply. Confirm that you want to disable System Restore, and the infected backups will be deleted.

To remove the System Restore feature's backup files in WinMe, right-click the My Computer icon on the Desktop, select Properties, and select the Performance tab. Click File System and Troubleshooting. Select Disable System Restore and click OK. The infected backups will be deleted. Restart your computer.

To remove Delf.B manually, start Windows in Safe Mode by pressing the F8 key as Windows begins to boot. Open Windows Explorer, navigate to the Windows system directory (C:\WINDOWS\SYSTEM or C:\WINNT\SYSTEM32, depending on the operating system) and delete the Kernel32.exe file.

Next, use the Registry Editor to remove Delf's remains from the Windows Registry. Click Start and Run, type regedit in the Open box, and click OK. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN. In the right pane, look for an item called LoadWindowsFile. Right-click it and select Delete. Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES. In the right pane, there should also be an item called LoadWindowsFile. Right-click it and select Delete. Close the Registry Editor to save your changes and restart the computer.

If you prefer, you can use an antivirus utility such as Symantec's Norton AntiVirus 2005 to remove Delf. Launch the program and click the LiveUpdate button to download the latest updates. Next, restart the computer. Start Windows in Safe Mode by pressing the F8 key when Windows begins to boot. Start Norton AntiVirus 2005 again, click the Scan button, and wait for the utility to find and remove the offending files. When the program is done, restart the PC.

After removing Delf using either method, WinMe/XP users should re-enable the System Restore feature.

by Kevin Savetz

Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant Trouble Shooting articles from within our Tech Support.

Home Copyright & Legal Information Privacy Policy Site Map Contact Us