I posted the following message on 15th July 2006 (Reference Number 153463) I have received a backdoor virus via email called Backdoor.Delf. I updated through the Liveupdate Norton's Antivirus which detected 5 files which were infected, however it only deleted 4 of the 5 files which were infected. The Norton AV Status at the end of the virus scan states that the FILENAME infected is smss.exe and the THREATNAME is Backdoor.delf and the action states VIRUS FOUND and the status of the scan states DELETE FAILED. Further information states that the Master Boot Record is affected by 2 viruses and the Boot Record affected by 3 viruses. I have run the scan about 3 times but with the same final result. Can anyone suggest how to get rid of this virus? Many thanks Danny123 (Note Norton's AV was disabled at the time of the incoming affected email) Question 1. Some of your suggestions were to run AVG or Norton's AV in safe mode but firstly, I am unable to run the PC in safe mode or shut down the PC in the usual way by clicking the start key, as the mouse egg-timer comes up for 5 seconds and then disapears. I then have to click on "Start", then "Log Off" and change the User (but I am the only user of the PC) to get to the screen which offers me 3 options "Stand By" "Turn Off" and "Restart". How do I get the PC to give me these 3 options after clicking the Start Key, without having to log off first? and to get into the Safe Mode option? Question 2 I downloaded Spybot SD14 yesterday with the updates and ran a system check without making any changes and Spybot found 42 problems. Some of these are named for example Advertising.com, Coremetrics, Fastclick, Windows Security Centre.Antivirus Disable Notify, Windows Security Centre.Antivirus Overide and Winfixer to name just some. If I select "Fix Selected Programs from the Spybot menu, what will happen? Question 3 I also have a free Yahoo Anti-Spy program which I ran today and it shows me the following entries which it found as "Items to Remove" :- Name - Backweb, Objects - 2, Category - Downloader, Recommendation - Remove. and; Name - Eagle Boy 1.0, Objects - 1, Category - RAT, Recommendation - Remove. and; plus "Items to Review" :- DivX Pro, Objects - 22, Category - Adware, Recommendation - View Details Could advise if it is safe to remove these objects without there being any adverse effect on my PC. I await your comments as soon as possible. Many thanks Danny123

Did you follow Symantec's steps on how to remove this virus? To get into Safe Mode, you need to Restart the computer and press F8 before Windows loads. Then, you can login to Safe Mode and delete the Registry keys that this virus creates. Life is more painless for those who are brainless.

remove backdoor.delf http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2002-102817-4837-99&tabid=3 best of luck Frank :

You can also use Avast in the future. I read somewhere that it detects viruses better than AVG and it's also free. http://www.avast.com

This fix is easy! Stop wasting time trying to fix it. Format drive C: & reinstall XP & all your uncorrupted software and make a backup immediatly! Why doesnt anyone make a valid backup? Acronis - True Image makes it so easy! 50-Calibre

Sorry to add a comment after the horse as bolted so to speak but from one or two experiences of what you have mentioned I find McAfee is a great solution. They nip the bud quick.

Hi Thanks for your comments, although I wouldn't put 50-Calibre in charge of my system judging by what he said - but thanks to everyone else. Yahoo spyware removed Backweb and Eagleboy 1.0 and the system seems to be fine. I also checked the registry for keys of Backdoor.Delf but could not find any of the keys suggested so i don't consider there to be a threat any longer but I will continue to monitor the system. Thanks Danny123