Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Win32/Delf.PBF

Aliases:	Trojan.Win32.Agent.dhbq (Kaspersky), Trojan:Win32/Tachtoli.A (Microsoft), Generic.dx!nkr (McAfee)
Type of infiltration:	Trojan
Size:	168960 B
Affected platforms:	Microsoft Windows
Signature database version:	4877 (20100218)

Short description

The trojan is designed to artificially generate traffic to certain Internet sites.

Installation

When executed the trojan copies itself in the following locations:

%localappdata%microsoftwindowswtnmm.exe
%startup%wtnmm.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Winlogon]
"SHELL" = "explorer.exe, "%localappdata%microsoftwindowswtnmm.exe""

Other information

The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.

The trojan is sent data and commands from a remote computer or the Internet.

The trojan contains a list of (1) URLs. The HTTP protocol is used.

It can execute the following operations:

download files from a remote computer and/or Internet
run executable files

The trojan may create the following files:

%localappdata%MicrosoftWindowsthumbcac_888.db
%localappdata%MicrosoftWindows%variable%.exe

A string with variable content is used instead of %variable%.

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.