Backdoor.Win32.Delf.w
(Backdoor.Win32.Delf.w)

by ?

Written in Delphi


more in this category


message box displayed by backdoor

dropped files:
c:\WINDOWS\Rundll32_.pif        Size: 365.056 bytes 
c:\WINDOWS\SYSTEM\rundll16.pif  Size: 365.056 bytes 

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "LoadPowerProfile"
old data: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 
new data: C:\WINDOWS\system\rundll16.pif 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE4"
data: C:\WINDOWS\Rundll32_.pif 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE5"

	
	
	
		
tested on Windows 98
April 30, 2005

MegaSecurity