|
|
|
|
| Virus Encyclopedia |  |
Riskware | |
Alerts | |
Analysis | |
News | |
Glossary | |
Weblog |
 |
| ||||||
|
| ||||||
|
| ||||||
| |||||||||||||
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / Trojan Downloaders
Trojan-Downloader.Win32.Delf.cfo
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 133120 bytes in size. InstallationWhen launched, the Trojan copies its executable file to the Windows root directory: %WinDir%\iexplorer.exe
In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan adds a link to its executable file in the system registry: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE" = "%WinDir%\iexplorer.exe" The Trojan adds a rule to Windows Firewall which permits any network activity caused by the malicious process.
The Trojan downloads files from the following URLs: http://www.site*****.com/top7_1.gif http://www.site*****.com/top7_2.gif http://www.sugo*****.kr/bbs/icon/private_name/top7_1.gif http://www.sugo*****.kr/bbs/icon/private_name/top7_2.gif At the moment of writing, these links were not working. Downloaded files will be saved as: C:\Documents and Settings\All Users\winsql.dat C:\Documents and Settings\All Users\DirectX.aud C:\Documents and Settings\All Users\services.exe C:\Documents and Settings\All Users\comctl64.dll Once successfully downloaded, the files will be launched for execution. The Trojan also opens the following link without the user’s knowledge or consent. http://pag*****.terra.com.br/arte/sonhosepoemas/paixao/cartao059.htm
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
| |||||||||||||
Copyright © 1996 - 2009
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
Email: webmaster@viruslist.com
