Backdoor.Win32.Delf.y
(Backdoor.Win32.Delf.y)

by ?

Written in Delphi


more in this category


message box displayed by backdoor

dropped files:
c:\WINDOWS\snnp.sys                   Size: 107 bytes 
c:\WINDOWS\Fonts\FONTMNGR.EXE         Size: 650,240 bytes 
c:\WINDOWS\Fonts\fontmngrupdate.txt   Size: 2,648 bytes 

startup;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Font Manager"
data: C:\WINDOWS\fonts\FONTMNGR.EXE 

attempts to download fontmngrupdate.txt from http://www.infectusscript.cjb.net



tested on Windows XP
May 02, 2005

MegaSecurity