Backdoor.Win32.Delf.bm
(Backdoor.Win32.Delf.bm)

by ?

Original name unknown

Written in Delphi

Made in Russia

more in this category


Backdoor.Win32.Delf.bm:
dropped files:
c:\WINDOWS\obnov.exe           Size: 319 bytes 
c:\WINDOWS\SYSTEM\MPSEXE.EXE   Size: 507.392 bytes 

port: 26666 TCP

added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Options"
data: C:\WINDOWS\SYSTÅM\CLARIÎN.EXE 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WindowsService"
data: C:\WINDOWS\SYSTEM\MPSEXE.EXE 

HKEY_CLASSES_ROOT\.kil
HKEY_CLASSES_ROOT\WinAmp





tested on Windows 98
May 01, 2005

MegaSecurity