W32/Delf-DRA

Category:	Viruses and Spyware	Protection available since:	17 Oct 2006 00:00:00 (GMT)
Type:	Win32 worm	Last Updated:	17 Oct 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Delf-DRA is a worm for the Windows platform.

W32/Delf-DRA spreads to other network computers and the floppy drive, if present.

When first run W32/Delf-DRA copies itself to:

<Startup>\FlashPlayer7.exe
<Windows>\GameHouse.exe
<Windows>\Macromedia Flash Player\FlashPlayer.exe
<Windows>\_userinit32.cmd
<Windows>\help.pif
<Windows>\repair.bat
<System>\Macromed\Flash\build.bat
<System>\_support.exe
<System>\sol.exe
<System>\sol_sepatu.die

and creates the following files:

<Temp>\~dv1.exe
<Temp>\~dv2.exe
<Windows>\java\classes\java.pif
<Windows>\lucunya.exe
<System>\svchost.com
<Windows>\win_klr32.exe

These files are also detected as W32/Delf-DRA.

The following registry entries are created to run GameHouse.exe, FlashPlayer.exe, win_klr32.exe and help.pif on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Game House
<Windows>\GameHouse.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System Check
<Windows>\win_klr32.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Shockwave Support
<Windows>\Macromedia Flash Player\FlashPlayer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe
debugger
<Windows>\help.pif

W32/Delf-DRA terminates services and processes related to security applications. If one of the worm's components is terminated, the worm will attempt to reboot the infected computer.

Try Sophos products for free
Download now

W32/Delf-DRA

Free Mac Anti-Virus

Popular topics