Troj/Delf-KM is a Trojan for Windows based systems. The Trojan periodically opens a pre-specified webpage.
The Trojan copies itself to the Windows directory as yahoo.exe. To ensure that it is run on system start it creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Winhost
C:\WINDOWS\yahoo.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Winhost1
C:\WINDOWS\yahoo.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Winhost2
C:\WINDOWS\yahoo.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Winhost3
C:\WINDOWS\yahoo.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Winhost4
C:\WINDOWS\yahoo.exe