Troj/Delf-WH is a backdoor Trojan.
Troj/Delf-WH will display a fake error message stating:
Windows
Memory Error
When first run, Troj/Delf-WH will copy itself to the Windows folder. In order to run automatically each time a user logs on, Troj/Delf-WH will add its path and filename to the Userinit parameter of the Winlogon section of the WIN.INI file in the Windows folder. Under Windows NT-based systems, this will be reflected as a registry change. For example,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<path to Trojan>,<Windows system folder>\userinit.exe,
Troj/Delf-WH may also attempt to set the following registry entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
XpAspy
<path to Trojan>
The backdoor component of Troj/Delf-WH may be used to:
download and upload files from remote locations
log key presses
open a command shell
send emails
list and kill processes and services
change Internet Explorer's Start page
Open and close the CD drive tray