Win32/TrojanDownloader.Delf.PJB [Threat Name] go to Threat

Win32/TrojanDownloader.Delf.PJB [Threat Variant Name]

Category trojan
Size 663040 B
Detection created Feb 26, 2010
Detection database version 4898
Aliases Agent2.AKLL (AVG)
  W32/Banload.E.gen!Eldorado (F-Prot)
  Backdoor.Trojan (Symantec)
Short description

The trojan tries to download several files from the Internet. The files are then executed.

Installation

The trojan does not create any copies of itself.

Other information

The trojan contains a list of (2) URLs.


It tries to download several files from the addresses. The HTTP protocol is used.


These are stored in the following locations:

  • c:\­windows\­system32\­ip.exe
  • c:\­windows\­system32\­win.mp3

The files are then executed.


The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "ip" = "c:\­windows\­system32\­ip.exe"

This way the trojan ensures that the file is executed on every system start.


The trojan may create copies of the following files (source, destination):

  • c:\­windows\­system32\­ip.exe, c:\­windows\­system32\­com\­video-player.exe

The trojan displays the following dialog boxes:

Please enable Javascript to ensure correct displaying of this content and refresh this page.