          ********************
          * WIN32DELFKIL.EXE *
          ********************

win32delfkil.exe removes Trojan-Downloader.Win32.Delf.pa, also known as Trojan.Stwoyle, from the computer.

Use this tool on your own risk.

Unzip the files to your desktop. A new folder will be created: win32delfkil.
Close all open windows and save all your documents.
Open the win32delfkil folder and double click on fix.bat.
If the computer does not reboot automatically when the batfile is finished, you'll need to reboot your computer manually, by turning the power off and then back on.

At this moment the random filenames q*.dll and g*dll in the windowsdirectory are NOT deleted.(* = random numbers)
After rebooting, you can delete these files by using windows explorer and looking for the files. Rightclick on the files and choose "delete".

A Logfile is saved in c:\windelf.txt

If the tool doesn't work, there will be probably a new clsid under Sharedtaskscheduler and / or a new notify key.


BHO's which are being deleted:
----------------------------
{B212D577-05B7-4963-911E-4A8588160DFA}
{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
{0976BE78-EA53-4DD6-91E6-E6175940032B}
{405132A4-5DD1-4BA8-A181-95C8D435093A}
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
{16875E09-927B-4494-82BD-158A1CD46BA0}
{C7CF1142-0785-4B12-A280-B64681E4D45E}
{8D82BB89-B58C-4F21-9C5D-377F65947806}
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
{826B2228-BC09-49F2-B5F8-42CE26B1B711}
{826B2228-BC09-49F2-B5F8-42CE26B1B712}
{C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
{FCADDC14-BD46-408A-9842-111111111111}
{E412F14A-E998-4543-9E7A-1031A3189A87}
{D8569837-3CD6-4AD7-9A77-65975B581925}
{08DF42F3-792D-4944-941B-512582B87219}
{11111111-2222-408A-9842-CDBE1C6D37EB}
{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB}
{7507739F-BC2E-4DC3-B233-816783C25DC9}
{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}

Notify keys which are being deleted:
------------------------------------
style2
Style32
st3
st3i
gg
gggg
ggggg
gs
st3d
browsela

Sharedtaskscheduler keys which are being deleted:
-------------------------------------------------
{B212D577-05B7-4963-911E-4A8588160DFA}
{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
{16875E09-927B-4494-82BD-158A1CD46BA0}
{C7CF1142-0785-4B12-A280-B64681E4D45E}
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB}
{86AA461F-2A5B-4889-B543-E1BBA6746D61}
{31EE3286-D785-4E3F-95FC-51D00FDABC01}

Run keys which are being deleted:
---------------------------------
ClearCookies

Files which are being deleted:
------------------------------
windows\q*_disk.dll (or WINNT\q*_disk.dll)
windows\adsldpb*.dll (or WINNT\adsldpb*.dll)
windows\slassac.dll (or WINNT\slassac.dll)
windows\cc.exe (or winnt\cc.exe)
windows\alt.exe (or WINNT\alt.exe)
windows\mpatrol.dll (or WINNT\mpatrol.dll)
windows\netdde.dll (or WINNT\netdde.dll)
windows\prflbmsgp32.dll (or WINNT\prflbmsgp32.dll)
system32\winstyle2.dll
system32\winstyle3.dll
system32\winstyle32.dll
system32\prflbmsgp32.dll
system32\st3.dll
system32\browsela.dll


---------------
Version History
---------------
Version: 1.0

Version: 1.1
Fix for windows 2000 if shutdown.exe is not present.

Version: 1.2
new bho and Sharedtaskscheduler key added: clsid {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

Version 1.3
new bho and Sharedtaskscheduler key added: clsid {7A7E6D97-B492-4884-9ABB-C31281DCC4F2}

version 1.4
new bho and Sharedtaskscheduler key added: clsid {16875E09-927B-4494-82BD-158A1CD46BA0}

Version: 2.0
Logfile added: After running the tool you can find logfile in c:\windelf.txt)
Fixed the automatically reboot for windows 2000. 

Version: 2.1
new bho and Sharedtaskscheduler key added: clsid {C7CF1142-0785-4B12-A280-B64681E4D45E}

Version: 2.11
new bho added: clsid {8D82BB89-B58C-4F21-9C5D-377F65947806}

Version: 2.2
new bho and Sharedtaskscheduler key added: clsid {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
new key under notify: st3

Version: 2.21
new key under notify: st3i

Version: 2.30
new keys under notify: gg and gggg
new bho's: {826B2228-BC09-49F2-B5F8-42CE26B1B717} and {826B2228-BC09-49F2-B5F8-42CE26B1B712}
If the notifykey gg is present you need to reboot manually, by turning the power off and then back on.

Version: 2.31
new key under notify: ggggg
new bho: clsid {C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}

Version: 2.32
new key under notify: gs

version: 2.33
run key added: ClearCookies
new file: C:\WINDOWS\cc.exe
added a few older CLSID's (thanks to Ton)

version: 2.34
new files: adsldpbe.dll 
new bho: {7507739F-BC2E-4DC3-B233-816783C25DC9}

version: 2.35
new random files in windows directory: g*.dll

version: 2.36
run key added: AlexaToolbar
new file: c:\windows\alt.exe

version: 2.37
new file added: st3d.dll
new notify key: st3d
new sharedtaskkey: {86AA461F-2A5B-4889-B543-E1BBA6746D61}

version: 2.38
new notify key: browsela
new sharedtaskkey: {31EE3286-D785-4E3F-95FC-51D00FDABC01}
new file added: c:\windows\system32\browsela.dll
If the notifykey browsela is present you need to reboot manually, by turning the power off and then back on.

version: 2.39
new file: C:\WINDOWS\adsldpbf.dll
new bho added: {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}

version: 2.40
Fixed the hard reboot. The computer will reboot automaticly.

version: 2.41
new file: C:\WINDOWS\adsldpbg.dll

version: 2.42
added to find and delete windows\adsldpb*.dll (or WINNT\adsldpb*.dll)

-------------------------
Contact: marcvn@gmail.com
-------------------------
