TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_DELF.DW
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Delf.cb (Kaspersky), Downloader-OV (McAfee), Downloader.Trojan (Symantec), TR/Dldr.Delf.CB (Avira), Troj/Bizves-Gen (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

This Trojan downloads files from the Internet and then saves them in a target system.

The following are the URLs where the Trojan downloads files from:

  • http://vsbi.<BLOCKED>biz/counts/allnt.php
  • http://veiz.<BLOCKED>biz/counts/ncount.php
  • http://67.19.51<BLOCKED>.10/enter/aes.asp?user=stealth
  • http://www.vesbiz<BLOCKED>.biz/d/1346.exe
  • http://virgin-tgp<BLOCKED>.net/wioon.exe
  • http://selearch<BLOCKED>.biz/2.exe

    This Trojan downloads the following files and saves them in the Windows system folder:

    • com.exe
    • host32.exe
    • ide21201.vxd
    • mouse.exe
    • mwvlfqxx.exe
    • printer.exe
    • printer32.exe

    The file HOST32.EXE downloads and executes the files from the said URLs.

    It runs on Windows 95, 98, ME, NT, 2000, and XP.

    For additional information about this threat, see:
    Solution
    Technical Details

    Description created: Sep. 27, 2004 2:14:26 PM GMT -0800
    Description updated: Dec. 6, 2004 12:19:48 PM GMT -0800

    Search a new malware

    Tell us how we did. Take our quick survey.

    		•