¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:Worm/Delf.DW
Date discovered:08/01/2008
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:377.344 Bytes
IVDF version:7.00.01.20 - Thursday, November 29, 2007

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Worm.Win32.Delf.dw
   •  Grisoft: Worm/Delf.GWN
   •  Eset: Win32/Delf.NEX
   •  Bitdefender: Win32.Worm.Delf.NEC


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

 Files It copies itself to the following locations:
   • %WINDIR%\Inf\smss.exe
   • %SYSDIR%\Sexy Girls.scr
   • %APPDATA%\svchost.exe
   • %APPDATA%\smssexe
   • %APPDATA%\lsass.exe

 Registry The following registry keys are changed:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   New value:
   • FrameWorkService =

– [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   New value:
   • FrameWorkService =

Various Explorer settings:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   New value:
   • DisallowRun = 0
   • NoFolderOptions = 0
   • NoRun = 0
   • NoFind = 0

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
   DisallowRun]
   Old value:
   • 1 = "cmd.exe"
   • 2 = "mmc.exe"
   • 3 = "rstrui.exe"
   • 4 = "regedit.exe"
   • 5 = "regedt32.exe"

 File details Programming language:
The malware program was written in Delphi.

Descripción insertada por Andrei Gherman el lunes, 16 de junio de 2008
Descripción actualizada por Andrei Gherman el lunes, 16 de junio de 2008

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.