Trojan.Dropper.Delf.HS
HIGH
LOW
above 18K
(Backdoor.Win32.IRCBot.acd, Trojan.MulDrop.7373, W32.SillyIRC, Backdoor:Win32/IRCbot.OP, W32/Backdoor.AZWJ)
Symptoms
Presence of %system_dir%\sysprinters.dll and %windir%\myalbum2007.zip
High processor usage.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Marius Vanta, virus researcher
Technical Description:
This is a trojan which has the capabilities to drop and inject malware code into legitimate processes.
The variant having a higher spread comes with an embedded IM worm which is detected as Win32.Worm.Potos.A . It drops the worm as %system%\sysprinters.dll and then a copy of the whole package as %windir%\myalbum2007.zip.
The worm will run as a remote thread in explorer.exe. In order to infect other computers, the worm will try to fool users to download myalbum2007.zip pretending there are some pictures in the archive.
SHARE
THIS ON