Virus:W32/Delf.BO is malware that connects to malicious websites. Virus:W32/Delf.BO may download files, or get instructions for its malicious acts.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Once Virus:W32/Delf.BO has been executed, it will display a non-malicious file. Typically, office documents, text files, or log files. The clean file is dropped into the following folder:
Virus:W32/Delf.BO drops the following malicious file component in the Windows directory:
It also drops the following files in the Windows System Directory:
Moreover, it also drops the following file in the Startup folder:
Malicious drop files may use the following parameters to execute:
To enable its automatic execution upon boot up it adds the following autostart registry entries:
Delf.BO modifies the default entry for the program used to open the clean file and executes itself upon opening the same file extension of the clean file.
Example for .TXT files:
Along with adding or modifying registry entries for its autostart technique, it also adds the following entry in "%windir%\win.ini"
This is under the following criteria:
It may connect to the following domain to download other files:
Note: As of this writing the domains above are unavailable. It checks for Internet connection by querying the following site:
It has a backdoor/proxy server functionality that may use the following commands:
Virus:W32/Delf.BO also connects to the following URL:
Description Created: 2007-05-14 11:50:04.0
Description Last Modified: 2007-05-14 14:14:57.0