Backdoor.Win32.Delf.hq
(Backdoor.Win32.Delf.hq)

by ?

Original Filename unknown

Written in Delphi

Related to Backdoor.Win32.Delf.iv and Backdoor.Win32.Delf.va

more in this category 


dropped file:
c:\WINDOWS\svchost.exe         Size: 623,104 bytes 
c:\WINDOWS\Temp\ssshost.exe    Size: 623,104 bytes 

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: C:\WINDOWS\svchost.exe "%1" %* 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft"
data: C:\WINDOWS\svchost.exe 


tested on Windows XP
October 16, 2005
MegaSecurity