Cart
Trojan.Crypt.Delf.F
SYMPTOMS: - the presence of an executable file named msnmsgr.exe in %SYSDIR% and two text files temper.txt and ctzz.txt- the presence of teh following startup registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Name --> Messenger Value --> %SYSDIR%\msnmsgr.exe TECHNICAL DESCRIPTION: This malware will make a copy of itself in %SYSDIR%, named msnmsgr.exe and create two files named temper.txt and ctzz.txt. In order to make sure it will run at every system startup it will create the registry key presented in symptoms section. Then it will attempt to download a file named hosts.txt.Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Dana Stanut, virus researcher |
