McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Backdoor.Delf.bf (Kaspersky)

• Backdoor/Win32.Delf.BF (GeCAD)

• Trojan.Backdoor.Delf.Bf (MkS)

• Win32/Delf.BF (ESET)

Characteristics

This trojan consists of a client 231,424 bytes long, and a server 529,408 bytes long. This trojan, when run, will open a hidden server, which runs on the victim computer. The client part runs on the attacker's computer, and connects to the server. The server did not add itself to any autostart keys or copy itself to the Windows directory when it was run, so simply rebooting the computer will clear the server from memory. However, it may be possible that there is a unknown dropper program that copies the server to the Windows directory, and adds it to an autostart location.

This trojan only has the ability to use the Webcam on the victim's computers to spy on the victim.

Symptoms

The server program will open port 285.

Method of Infection

Running the server will cause it to go memory resident as a hidden process.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Backdoor.Delf.bf (Kaspersky)

• Backdoor/Win32.Delf.BF (GeCAD)

• Trojan.Backdoor.Delf.Bf (MkS)

• Win32/Delf.BF (ESET)

Characteristics

Characteristics -

This trojan consists of a client 231,424 bytes long, and a server 529,408 bytes long. This trojan, when run, will open a hidden server, which runs on the victim computer. The client part runs on the attacker's computer, and connects to the server. The server did not add itself to any autostart keys or copy itself to the Windows directory when it was run, so simply rebooting the computer will clear the server from memory. However, it may be possible that there is a unknown dropper program that copies the server to the Windows directory, and adds it to an autostart location.

This trojan only has the ability to use the Webcam on the victim's computers to spy on the victim.

Symptoms

Symptoms -

The server program will open port 285.

Method of Infection

Method of Infection -

Running the server will cause it to go memory resident as a hidden process.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A