Trojan.Delf.Inject.BK( (KAV)Trojan.Win32.Agent2.kwe )
SYMPTOMS: Increased network activityTECHNICAL DESCRIPTION: When executed it creates a copy of itself in "%system%\tray.exe" and registers this copy to the system startup:[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]\MicrosoftNAPC, [HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]\MicrosoftCorp When launched, this copy tries to connect to warraca.elcrazyfrog.com IRC server. It has the potential to download and execute a file (most probably a malware) specified by server. It will also search for sensitive data in some browser-related files like profiles.ini, signons.txt. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Ovidiu Visoiu, virus researcher |
