Troj/Delf-LP is an information stealing Trojan for the Windows platform.
Troj/Delf-LP includes functionality to download file, capture keystrokes, access the internet and communicate with a remote server via HTTP. The Trojan collects internet and email account information, submits to a predefined URL.
When first run Troj/Delf-LP copies itself to \recycled\winlogon.exe and creates the following files:
\recycled\0.0
\recycled\0.1
The following registry entry is created to run Troj/Delf-LP on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
(default)
C:\RECYCLED\WINLOGON.EXE 33173