Troj/Delive-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer via IRC channels.
The Trojan will display a fake error message several times when run. The Trojan may attempt to steal passwords from a number of applications.
The Trojan may attempt to terminate a number of anti-virus and security-related applications.
When first run the Trojan copies itself to:
<Windows folder>\cftmon.exe
<Windows folder>\mirc.dll
and creates the following files:
<Windows folder>\0.0 - text data file
<Windows folder>\br.dll - Troj/SDBot-06
<Windows system folder>\ddial.exe - application used to recover dial-up passwords
<Windows system folder>\mmail.exe - application used to recover mail account passwords
<Windows system folder>\mmsn.exe - application used to recover MSN passwords
<Windows system folder>\wsystem.exe - Troj/Synflood-G
The following registry entry is created to run cftmon.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon
<Windows folder>\cftmon.exe