Real name unknown

Written in Delphi

Released in August 2002

more in this category

In an attempt to avoid detection, Backdoor.Win32.Delf.C stops the following processes
of some common antivirus and firewall programs:
ANTITROJAN
ANTI-TROJAN
TAU MONITOR
TAUSCAN
BACKWORK
PROTECTOR
ALIENSKIN
AVX
PC-CILLIN
TDS 
LOCKDOWN
HOOKPROTECT
TCACTIVE
CLEANER
MKS_VIR
TBAV
VIRUSAFE
QUICK HEAL
SOPHOS
RAV
VIRUSSCAN
VS_STAT
VIRUS FOUND
CENTINEL VXD
VIRUS PROTECT
ANTI VIRUS
F-AGENT
ANTI-VIRUS
ESAFE
AVAST
ANTIVIRENKIT
RGW32
ANTIVIRUS
ANTIVIRAL
AVP
L0PHTCRACK
MKS_VIRW
MKS_MENU
MKS_MON
PCCILLIN
VPTRAY
AAWIN95
NAVW32
_AVP32
AVP32
_AVPM
AVPM
(symantec)


Server:
c:\WINDOWS\SYSTEM\tapi32.exe 

size: 356.352 bytes 

port: 21, 5555 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Tapi32.exe"