My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Delf.Inject.BK

MEDIUM
MEDIUM
390KB
((KAV)Trojan.Win32.Agent2.kwe)

Symptoms

Increased network activity

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Ovidiu Visoiu, virus researcher

Technical Description:

When executed it creates a copy of itself in "%system%\tray.exe" and registers this copy to the system startup:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]\MicrosoftNAPC,
[HKLM\Software\Microsoft\Windows\
CurrentVersion\policies\Explorer\Run]\MicrosoftCorp
When launched, this copy tries to connect to warraca.elcrazyfrog.com IRC server. It has the potential to download and execute a file (most probably a malware) specified by server.  It will also search for sensitive data in some browser-related files like profiles.ini, signons.txt.