Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/AutoRun.Delf.HA is a worm that spreads via removable media. The worm serves as a backdoor. It can be controlled remotely. The worm sends requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.
InstallationWhen executed, the worm copies itself into the following location:
"BrandPack" = "C:Brand.exe"
Spreading on removable mediaThe worm copies itself into the root folders of removable drives using the following filename:
- %drive%Brand.exe (1043968 B)
- %drive%autorun.inf (*.DLL PE32, 14400 B)
Other informationThe worm acquires data and commands from a remote computer or the Internet.
The worm contains a list of (1) URLs. The worm opens UDP port 2171.
It can execute the following operations:
- retrieve CPU information
- download files from a remote computer and/or the Internet
- run executable files
- open a specific URL address
- C:funk (12 MB)
- C:MKFNK.EXE (2288 B)
- C:Click.exe (436736 B)