Backdoor.Win32.Delf.ac

Backdoor.Win32.Delf.ac
(Backdoor.Win32.Delf.ac)

by ?

Original name unknown

Written in Delphi


Backdoor.Win32.Delf.ac:
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run "Internet.exe" 
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" 

added:
c:\%current directory%\set.ini 
c:\WINDOWS\winupdate.exe 
c:\WINDOWS\SYSTEM32\internets.exe 
c:\WINDOWS\hosts (replaced)
c:\WINDOWS\WINVER.EXE (replaced)

registry changed:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "Default_Page_URL" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "Start Page" 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "CustomizeSearch" 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Default_Page_URL" 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "SearchAssistant" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "CustomizeSearch" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "SearchAssistant"

MegaSecurity