SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Crypt.Delf.F

MEDIUM
MEDIUM
~381 kbytes
()

Symptoms

- the presence of an executable file named msnmsgr.exe in %SYSDIR% and two text files temper.txt and ctzz.txt
- the presence of teh following startup registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Name --> Messenger
Value --> %SYSDIR%\msnmsgr.exe

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Dana Stanut, virus researcher

Technical Description:

This malware will make a copy of itself in %SYSDIR%, named msnmsgr.exe and create two files named temper.txt and ctzz.txt. In order to make sure it will run at every system startup it will create the registry key presented in symptoms section. Then it will attempt to download a file named hosts.txt.
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources