W32/Delf-JA is a worm for the Windows platform that spreads via unprotected shares and P2P networks.
When first run, W32/Delf-JA copies itself as Rundll~.exe into the Windows\System folder and sets the following registry entry to run itself automatically on log-on:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Rundll = "C:\WINDOWS\System\Rundll~.exe /out"
W32/Delf-JA also creates a number of registry entries under the new entry
HKCU\Software\MouseMX\
W32/Delf-JA spreads by altering the location of the KaZaA local content folder (if any) and copying itself to the new location using one of the following filenames:
GTA San Andreas Crack
Norton AntyVirus 2005 full
Half Life 2 Crack - multiplayer
Sims 2 crack
Directx10 v2.3 fullversion
GaduReader 3.5
Partition Magic 8.6
Partition Magic 9
Half Life 2 dodatek
Roller Coaster Tycoon 3 crack
W32/Delf-JA also moves existing executable files on the computer to a new folder called MouseMX and copies itself into the place of the original file.
W32/Delf-JA also attempts to spread to writable shares by replacing random executables on these shares with itself.
The worm creates a folder \Mouse_MX on all infected shares.