Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/AutoRun.Delf.CJ is a worm that spreads by copying itself into the root folders of available drives. The worm contains a backdoor. It can be controlled remotely.
InstallationWhen executed, the worm copies itself in some of the the following locations:
- %programfiles%Internet Explorersvchost.exe
"svchost" = "%programfiles%Internet Explorersvchost.exe"
- %system%schtasks.exe /Create /SC ONLOGON /TR "%profile%svchost.exe" /TN svchost /RL HIGHEST
- %system%schtasks.exe /RUN /TN "svchost"
The worm runs the following process:
- %programfiles%Internet Exploreriexplore.exe
SpreadingWin32/AutoRun.Delf.CJ is a worm that spreads by copying itself into the root folders of available drives.
The following filename is used:
Other informationThe worm may create the following files:
- %programfiles%Internet Exploreriesettings.ceb
The worm contains a list of addresses. The HTTP, IRC protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- perform DoS/DDoS attacks
- terminate running processes
- open a specific URL address
- operating system version
- Internet Explorer
- Mozilla Firefox