English
Deutsch
Francais
Español
Italian
Home
Virus Info
TR/Delf.RB.1
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
TR/Delf.RB.1 - Trojan
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
TR/Delf.RB.1
Descoperit pe data de:
02/10/2006
Tip:
Troian
ITW:
Nu
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Scazut spre mediu
Fisier static:
Da
Marime:
289.792 Bytes
MD5:
3c4b8ab92854cfb71668c26621bd0aef
Versiune VDF:
6.36.00.71
Versiune IVDF:
6.36.00.86
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
Alias:
• Kaspersky: Trojan.Win32.Delf.rb
• F-Secure: Trojan.Win32.Delf.rb
• Eset: Win32/Delf.RB trojan
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Descarca un fisier
• Creeaza un fisier malware
• Modificari in registri
Fisiere
Este creat fisierul:
–
%SYSDIR%
\webflier.dll Analiza ulterioara a relevat ca si acest fisier este malware.
Incearca sa descarce un fisier:
– Adresa este urmatoarea:
• http://download.vvget.net/download/**********
Fisierul este stocat pe hard disc la:
%SYSDIR%
\codspec.ini Acest fisier poate contine si alte locatii de descarcare si poate servi ca sursa de noi amenintari.
Registrii sistemului
Inregistreaza un browser helper object (BHO) prin adaugarea urmatoarei chei in registri:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{
%CLSID%
}]
Urmatoarele chei sunt adaugate in registrii sistemului:
– [HKCR\CLSID\{
%CLSID%
}]
• @=""
– [HKCR\CLSID\{
%CLSID%
}\InprocServer32]
• @="
%SYSDIR%
\webflier.dll"
• "ThreadingModel"="Apartment"
– [HKCR\CLSID\{
%CLSID%
}\ProgID]
• @="webflier.webflier"
– [HKCR\webflier.webflier]
• @=""
– [HKCR\webflier.webflier\Clsid]
• @="{
%CLSID%
}"
Detaliile fisierului
Limbaj de programare:
Limbaj de programare folosit: Delphi.
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• ASPack
Pentru o descriere scurta click
aici
.
Descriere introdusa de Adriana Popa la Mon, 09 Oct 2006 16:53 (GMT+1)
Descriere actualizata de Adriana Popa la Wed, 11 Oct 2006 10:38 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Bagle.FJ
Worm/Mytob.AD
TR/Crypt.CFI.Gen
W32/Elkern.C
Worm/Mytob.AP
TR/PSW.Delf.CRW
TR/Dldr.VB.FSW
DR/Dldr.VB.VYP
TR/Dldr.Renos.CH
TR/Buzus.iij
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Delf.RB.1
Print this page
.gif)
