Win32/Delf.NBJ [Threat Name] go to Threat

Win32/Delf.NBJ [Threat Variant Name]

Category virus,worm
Size 881664 B
Detection created Aug 16, 2005
Detection database version 7625
Short description

Win32/Delf.NBJ is a file infector. The file is run-time compressed using PE Compact .

Installation

When executed, the virus copies itself into the following location:

  • %appdata%\­WINWORD.EXE

In order to be executed on system start, the virus sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Nod32 Gui" =" %appdata%\­WINWORD.EXE"
File infection

Win32/Delf.NBJ is a file infector.


The virus searches local drives for files with the following file extensions:

  • .docx
  • .doc

The virus searches removable drives for files with the following file extensions:

  • .docx

The virus infects the files by inserting its code at the beginning of the original file.


The name of the infected file is changed to:

  • %originalfilename%.exe

When the infected file is executed, the original file is dropped to temporary file.


The original file is then executed.

Other information

The virus copies itself into the root folders of fixed and/or removable drives using the following name:

  • Thesis.doc.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.