high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 17 October 2006 12:56:19 (GMT) |
| Last updated | 11 April 2007 23:03:28 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Delf-DRA is a worm for the Windows platform.
W32/Delf-DRA spreads to other network computers and the floppy drive, if present.
When first run W32/Delf-DRA copies itself to:
<Startup>\FlashPlayer7.exe
<Windows>\GameHouse.exe
<Windows>\Macromedia Flash Player\FlashPlayer.exe
<Windows>\_userinit32.cmd
<Windows>\help.pif
<Windows>\repair.bat
<System>\Macromed\Flash\build.bat
<System>\_support.exe
<System>\sol.exe
<System>\sol_sepatu.die
and creates the following files:
<Temp>\~dv1.exe
<Temp>\~dv2.exe
<Windows>\java\classes\java.pif
<Windows>\lucunya.exe
<System>\svchost.com
<Windows>\win_klr32.exe
These files are also detected as W32/Delf-DRA.
The following registry entries are created to run GameHouse.exe, FlashPlayer.exe, win_klr32.exe and help.pif on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Game House
<Windows>\GameHouse.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System Check
<Windows>\win_klr32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Shockwave Support
<Windows>\Macromedia Flash Player\FlashPlayer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe
debugger
<Windows>\help.pif
W32/Delf-DRA terminates services and processes related to security applications. If one of the worm's components is terminated, the worm will attempt to reboot the infected computer.
|
