I'm having similar problems with TR/Dldr.Dyfuca to the problem I had with Drop.180SolutiA. It's detected but not deleted and AntiVir keeps showing dialog boxes offering to delete, move, quarantine etc, but it keeps reappearing. Could someone please tell me what is the specific treatment for this one?
With Thanks
Benaround

Howdy,

Run this online scan and it should help you.

http://housecall.trendmicro.com/

Also download and run CrapCleaner after your online scan.

download McAfee Stinger and run it, also get Trojan Remover and run it...
http://vil.nai.com/vil/stinger/
http://www.simplysup.com/tremover/download.html

Dear Swatkat, Rockford AND Serendipity
Sorry I ended up using two threads at once, due to clicking on "New Topic" instead of "Reply" withpout realising it.
Anyway, I'll try to keep this as the main thread. I can't get trendmicro site to work at all. Yesterday it started to scan slowly but jammed before finishing. Today, I select a location, (UK) and click on "go"but nothing happens at all when I click on the scan button, except that the "Hour glass" icon displays, I let it display for two hours this morning.
Swatkat, as I posted in then other thread, I got spybot and clean up done, but I found I had to use Netscape to download cleanup. In Internet Explorer it said there was something wrong with my security settings. (I changed cookies to the lowest possible setting but it made no difference) This was after I went to the Yahoo group to find a download, and I had to reduce my security settings even to get in to Yahoo groups. I never had to do that before, but there's loads of other junk cropping up on my machine as well, all has to be sorted out.
I also wrote in the other thread that I didn't know how to post a Hijack log in the Hijack section.
I suppose my next priority is to get trend micro to work, (need advice from Rockford) and to get the Hijack this scan posted, (need advice from Swatkat), then I'll go back to Serendiity about a Trojan scan.
Thank you gentlemen, and sorry about the mess. At least I still have AntiVir working
Benaround

hello benaround3,
this is actually a HijackThis Guide written and posted by me in other forum, for which i am a member, to help people. i am posting here the same.

What is HijackThis?

HijackThis is a tool which is normally to be used only when other tools like SpyBot SnD, AdAware etc can not find a solution to your Spyware/Adware/Malware problem.

HijackThis searches in some key areas of the System and Windows Registry and pulls out the information from it. These key areas are used by both Legitimate and Illegal software. So, if you remove all the entries that HijackThis shows, then you almost are guaranteed to perform a Format or at least a Windows Repair!

HijackThis searches and lists, Running processes, Default URLs, Search URLs of IE, IE Toolbars, WinSock Hijackers, BHOs, ActiveX components, Non-Microsoft Services and more!!!

How to install HijackThis?

Now, lets see how to install HijackThis. Remember that you should always have latest version of HijackThis.
When you download HijackThis, it normally comes in a ZIP file. Then, you have to unzip it to a correct folder.
Below listed things should be avoided:-
1] Unzipping HijackThis to Temp Folder.

2] Running HijackThis from within the compression utility like WinZip.

3] Unzipping it to Desktop.

Proper way to install is to make a dedicated folder for it any of the Drives (called as Root Level) and unzipping HijackThis in that Folder.(Like C:\HijackThisFolder\hijackthis.exe)


How to USE HijackThis?

Now, when you run HijackThis, it presents an Option Screen which contains a lot of buttons for different tasks.
These are:-
1] Do a system scan and save a logfile.
2] Do a system scan only.
3] View the list of backups
4] Open Misc. Tools section
5] Open online HijackThis Quickstart
6] None of the above, just start the program.

Let's see them in detail:-
Do a system scan and save a logfile:- When you click this button, HijackThis scans the System and automatically saves the file in the name "hijackthis.log" in the same folder where HijackThis.exe is present and also opens the log file in NotePad.
Remember that NotePad is the best application to view the LogFile.
If the log file is to be pasted to some Forums, then open it in NotePad and copy-paste it.

Do a system scan only. When you click this button, HijackThis only scans the system and does not save the log file automatically. And you have to save the log file manually by clicking "Save Log" in the main window of HijackThis after the system scan.

View the list of backups:- When you do some changes/deletion to Registry using HijackThis, these Registry entries are backed up by HijackThis, so that if any thing goes wrong, these can be restored. By clicking this button, the list of backups can be viewed.

Open Misc. Tools section:- HijackThis contains some cool tools in it!
Some of the tools are:-
1] Generate Startup list:- This generates the list of programs that run at System startup. Many ways are there to run a program at System Startup, like Startup folder, Autorun entries in Registry, Attaching to Explorer Shell by using System.ini entry, Autoexec.bat etc. This tool lists all and opens up the log in NotePad.

2] Open Process Manager:- This opens up a small Process Manager in main window of HijackThis, and it lists all the running processes. It also has options to kill processes.

3] Open hosts file manager:- The Hosts file manager makes it easy to find, read, and fix the Windows hosts file, which is a custom DNS table local to your computer. The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. These Hosts file can be altered by Adwares/Spywares to redirect you to some other sites.

4] Delete NT Service:- This is a tool used to delete the Services in NT based systems like WinNT, 2000, XP, 2003. Not recommended for beginners. This is available only if you are using NT based systems like WinNT, 2000, XP, 2003.

5] Open ADS Spy..:- ADS stands for Alternate Data Streams. These are the info hidden in files as Metadata, and Explorer doesn't show these Metadata when you open the file. Hence some Spywares/Hijackers use ADS to hide their codes inside a file. This tool is used scan ADS in the System. But ADS is available only in NT based Systems.

6] Uninstall Manager:- This tool lists all the softwares listed in the Windows Add/Remove Programs. Here you can edit the uninstall command of a particular software or delete it's entry from Add/Remove program. Not recommended for beginners.


How to Fix an item in HijackThis?

For fixing bad items it’s recommended to run the System in Safe Mode.This is normally made by pressing F8 while booting and selecting “Safe Mode” from the list.

To delete Files:-
First check whether files/programs to be deleted are running in background by the Process Explorer of HijackThis. If they are running, kill them by selecting the file and clicking Kill button.
Then you have to manually delete them using the Search feature in Windows. Also delete the Folders which contain these files (Do not delete Windows default Folders).

To Fix Registry entries using HijackThis:-
Now, run HijackThis and from Option Screen, click the button Do only a system scan button. After this, Select the entries which are to be fixed and click Fix.
Then restart the System to Normal mode.

Then it’s always almost necessary to clean Temp Files, Junk Files left behind by most of the Spywares/Adwares/Malwares, so you can use two very good programs namely CleanUp! and CCleaner.


Download HijackThis here
Download CleanUp! here
Download CCleaner here


i hope this info will help you.
But post the HijackThis log file in HijackThis Section of this Forum.
/f67-Trend_Micro_HijackThis_Logs.html

Hi Rockford
I finally got trend micro housecall to run, and am having my Hijack this scan analysed by littleeagle. Here's the trend micro reports, which show that it wasn't able to delete everything. I've also posted the result of the housecall to little eagle, but in case he/she? doesn't use it could you comment on it please?
If you think I should be concentrating on the Hijack this thread from now on please let me know and I'll try to avoid double posting and doing any further posts in this thread.
Report of scan:

Results:We have detected 18 infected file(s) with 18 virus(es) on your computer. Detected File Associated Virus Name
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048827.exe TROJ_ISTBAR.BZ
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048828.exe TROJ_AGENT.NZ
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048829.exe WORM_RBOT.ASU
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0049206.exe WORM_RBOT.ASU
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0049210.exe TROJ_AGENT.NZ
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050643.exe TROJ_AGENT.MX
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050644.exe TROJ_AGENT.MX
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050645.exe TROJ_LOADER.C
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050646.exe TROJ_LOADER.D
C:\WINDOWS\system32\cthelper.exe WORM_RBOT.ASU
C:\WINDOWS\system32\ukvob.dll TROJ_PURITYSCN.M
C:\inns.exe TROJ_ISTBAR.BZ
C:\innstal.exe TROJ_ISTBAR.BZ
C:\innstalla.exe TROJ_ISTBAR.BZ
C:\rk.exe TROJ_DLOADER.DE
C:\rt.exe TROJ_DLOADER.DM
C:\stealme.exe TROJ_ISTBAR.BZ
C:\test.exe TROJ_DROPPER.AY




Trojan/Worm Check 1 worm/Trojan horse detected

What we checked:Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:We have detected 1 Trojan horse program(s) and worm(s) on your computer.Trojan/Worm Name Trojan/Worm Type
WORM_RBOT.ASU Worm




Spyware Check 11 spyware programs detected

What we checked:Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:We have detected 11 spyware(s) on your computer. Spyware Name Spyware Type
ADW_ELITEBAR.E Adware
ADW_BADBITOR.A Adware
ADW_NAVISEARCH.B Adware
ADW_TOPCONV.A Adware
ADW_POPBAR.A Adware
ADW_APROPOS.51 Adware
SPYW_NAVEXCEL.A Spyware
ADW_WINDUPDATE.A Adware
ADW_SIDEFIND Adware
ADW_TOPREBATES.B Adware
SPYW_POWERSCAN.C Spyware




Microsoft Vulnerability Check No vulnerability detected

What we checked:Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:We have detected 0 vulnerability/vulnerabilities on your computer.

And here's what it was able/unable to do:


Results:We have detected 18 infected file(s) with 18 virus(es) on your computer: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 13 virus(es) deleted, 0 virus(es) undeletable
- 1 virus(es) not found, 4 virus(es) unaccessible
Detected File Associated Virus Name Action taken
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048827.exe TROJ_ISTBAR.BZ Deletion successful
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048828.exe TROJ_AGENT.NZ Deletion successful
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0048829.exe WORM_RBOT.ASU Deletion successful
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0049206.exe WORM_RBOT.ASU Deletion successful
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP255\A0049210.exe TROJ_AGENT.NZ Deletion successful
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050643.exe TROJ_AGENT.MX Unaccessible
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050644.exe TROJ_AGENT.MX Unaccessible
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050645.exe TROJ_LOADER.C Unaccessible
C:\System Volume Information\_restore{6FAEB32C-5B44-4D3E-A094-1770AB316934}\RP264\A0050646.exe TROJ_LOADER.D Unaccessible
C:\WINDOWS\system32\cthelper.exe WORM_RBOT.ASU File not found before action taken. Threat removed.
C:\WINDOWS\system32\ukvob.dll TROJ_PURITYSCN.M Deletion successful
C:\inns.exe TROJ_ISTBAR.BZ Deletion successful
C:\innstal.exe TROJ_ISTBAR.BZ Deletion successful
C:\innstalla.exe TROJ_ISTBAR.BZ Deletion successful
C:\rk.exe TROJ_DLOADER.DE Deletion successful
C:\rt.exe TROJ_DLOADER.DM Deletion successful
C:\stealme.exe TROJ_ISTBAR.BZ Deletion successful
C:\test.exe TROJ_DROPPER.AY Deletion successful




Trojan/Worm Check 1 worm/Trojan horse deleted

What we checked:Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:We have detected 1 Trojan horse program(s) and worm(s) on your computer: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 1 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action taken
WORM_RBOT.ASU Worm Deletion successful




Spyware Check 11 spyware programs removed

What we checked:Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:We have detected 11 spyware(s) on your computer: - 0 spyware(s) passed, 0 spyware(s) no action available
- 11 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action taken
ADW_ELITEBAR.E Adware Removal successful
ADW_BADBITOR.A Adware Removal successful
ADW_NAVISEARCH.B Adware Removal successful
ADW_TOPCONV.A Adware Removal successful
ADW_POPBAR.A Adware Removal successful (Please reboot your machine)
ADW_APROPOS.51 Adware Removal successful
SPYW_NAVEXCEL.A Spyware Removal successful
ADW_WINDUPDATE.A Adware Removal successful
ADW_SIDEFIND Adware Removal successful (Please reboot your machine)
ADW_TOPREBATES.B Adware Removal successful
SPYW_POWERSCAN.C Spyware Removal successful

Howdy,

Right now keep everything in your HJT thread. littleeagle will help you get through all this, to include the scans that you posted. Also, wait to set up your IE until you have a clean log as some of your problems will hinder the IE setup. If you have AVPE problems just drop by and let me know. You are in very capable hands with littleeagle.