Troj/Delf-EW is a backdoor Trojan for the Windows platform.
When first executed the Trojan will copy itself to the Windows system folder as SVÑHOST.exe and rundll16.exe and create the following registry entries in order that it may run when Windows starts up:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SYSTEM = "RUNDLL16.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
NETWORK SERVICE = "SVÑHOST.exe"
The Trojan also drops the files xamer32.exe and xamer32.dll in the Windows system folder. These files are Troj/Keylog-V.
Troj/Delf-EW will scan through the registry of the infected computer collecting various information which it then sends to a predetemined email address. The Trojan runs in the background allowing a remote attacker to have access to the infected computer.