Trojan.Delf.Inject.BK
MEDIUM
MEDIUM
390KB
((KAV)Trojan.Win32.Agent2.kwe)
Symptoms
Increased network activity
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
When executed it creates a copy of itself in "%system%\tray.exe" and registers this copy to the system startup:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]\MicrosoftNAPC,
[HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]\MicrosoftCorp
When launched, this copy tries to connect to warraca.elcrazyfrog.com IRC server. It has the potential to download and execute a file (most probably a malware) specified by server. It will also search for sensitive data in some browser-related files like profiles.ini, signons.txt.
SHARE
THIS ON