Troj/Delf-NK is a backdoor for the Window platform.
The Trojan allows a remote intruder to gain access and control over the computer. Troj/Delf-NK includes functionality to get clipboard data, download files, access the internet and communicate with a remote server via HTTP.
When first run Troj/Delf-NK copies itself to <System>\javams32.exe.
The following registry entry are created to run javams32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Service Monitor
<System>\javams32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Service Monitor
<System>\javams32.exe
HKCU\Software\Mircosoft\OLE
Service Monitor
<System>\javams32.exe
Registry entries are set as follows:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous