Global sites
SolutionsProductsPurchaseDownloadPartnersSupportCompanyThreat Center
Threat CenterEset Online scannerESET SysInspectorThreatSense® ThreatSense.Net® Security TipsThreat LevelThreat Dictionary
Threat Encyclopaedia
Update infoVirus Radar on your Website
Antivirus Software NOD32 > Threat Center > Threat Encyclopaedia > T

Threat Encyclopaedia

Print this pageSend

Win32/TrojanDownloader.Delf.PJB

Aliases:Agent2.AKLL (AVG), W32/Banload.E.gen!Eldorado (F-Prot), Backdoor.Trojan(Symantec) 
Type of infiltration:Trojan  
Size:663040 B 
Affected platforms:Microsoft Windows 
Signature database version:4898 (20100226) 

Short description

The trojan tries to download several files from the Internet. The files are then executed.

Installation

The trojan does not create any copies of itself.

Other information

The trojan contains a list of (2) URLs.

It tries to download several files from the addresses. The HTTP protocol is used.

These are stored in the following locations:
  • c:\windows\system32\ip.exe
  • c:\windows\system32\win.mp3
The files are then executed.

The following Registry entries are created:
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Run]
    "ip" = "c:\windows\system32\ip.exe"
This way the trojan ensures that the file is executed on every system start.

The trojan may create copies of the following files (source, destination):
  • c:\windows\system32\ip.exe, c:\windows\system32\com\video-player.exe
The trojan displays the following dialog boxes:
player1(1).jpg
player2.jpg