Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
NT-Sniffer.delf Analysis Report
Threat Submitted On: 9/18/2008 4:28:25 PM
Threat Analysed On: 9/18/2008 9:28:25 PM
Threat Updated On: 1/27/2011 9:23:53 PM
Type : NetworkTool (Sniffer)
Symptoms of delf
  • Spies network traffic to steal information
  • The compromised network router reads every packet of data that is passed to it, as well as the source and destination addresses.
Information
Alias : not-a-virus.nettool.win32.delf.se
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: appbait.exe
Path : %temp%

Md5Hash :89e9fd47be240711ce97525750fcf69f ( 445440 bytes)
File: update.exe
Path : %temp%

Md5Hash :62a13156f53fb28bcf065f366123176a ( 48640 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
23de5002ba446120805e4fcd689dadb4 ( 185874 bytes)
66de92c30810ba095251f6acf84c45fc ( 340994 bytes)
817bf69f9e29afb8ead64677e9a94bb1 ( 488448 bytes)
870f32032cf57169bfc7401f33b07c6a ( 344579 bytes)
a10d8bbaebb35e41b3da3c9f69cd3f4e ( 256000 bytes)
a95415413b1e2099d6a16129f6a7ec8a ( 333824 bytes)
acd20ff300d946772c2d31df43db3cf0 ( 333826 bytes)
bb7ee20ce3acc5af26e3077ac33c7457 ( 254466 bytes)
d37493a95807a8679ce0992568cde92d ( 231573 bytes)
f84da949318f9ae2fe5685c67035a956 ( 431616 bytes)
fd3b39034a7e9bcff2944c9a5c42d2b9 ( 237568 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : [randomname].exe
Path : %workingdir%

Md5Hash :338820e4e8e7c943074d5a5bc832458a ( 344576 bytes)

NOTE:

1. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
2. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.