Backdoor.Win32.Delf.ek
(Backdoor.Win32.Delf.ek)

by ?

Original name unknown

Written in Delphi

more in this category


Fake Error Box by Backdoor

dropped file:
c:\WINDOWS\navawp32.exe
size: 229,943 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispCPL"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "NoDispCPL"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Explorer"
data: C:\WINDOWS\navawp32.exe 

tries to download data from http://www.alibabanet.net



tested on Windows XP
June 01, 2005

MegaSecurity