Spyware Information Center
The Spyware Information Center serves as a rich, up-to-minute resource, containing information on latest spyware and malware provided by the ZoneAlarm Security Research Team. The team is constantly identifying new spyware, adware, and other potentially unwanted software by monitoring the latest security threat trends 24 hours, 365 days a year, and updating detections to protect systems immediately.
SmartDefense Advisor Article # 2903  |  Last updated on 2006-10-03

Win32.Trojan.Dropper.Delf.hl
Trojan (Tell me more.)

Type Trojan: This program enables a remote user to control your computer. It runs in the background and opens a back door on your computer. The back door allows an unauthorized remote user to connect to and access your computer, circumventing your computer's security. When you connect to the Internet, this program notifies the remote user that your computer is vulnerable. This program may also have built-in tools used to manage your files, run executables on your computer, control your mouse and CD tray, retrieve passwords, keystrokes and screen shots.Subtype Dropper: A type of Trojan that has been designed or modified to 'install' an additional malicious or unwanted application onto the target system. A Dropper file's intention is to create a spyware or adware and then execute it on the user's system. The malicious application code is usually contained in a dropper in such a way that it won't be detected by anti-spyware scanners that normally detect that unwanted application.


How Is It Installed?

This program is installed directly onto your computer. Trojans are frequently disguised as useful programs or hidden inside other programs to get you to install them.


How Dangerous Is It?

Privacy

This program enables a remote user access to your entire computer and everything on it.
Security
This program is a major security threat. The program includes server software that allows a remote user to connect to your computer and have complete access and control over it.


What Should I Do?

If this application has been prohibited by the site administrator you must remove it from your computer before accessing the site. If it has not been prohibited, you should delete it because it constitutes security and privacy risks and has no known usefulness.


How Can I Remove It?

Automatic Removal

The automatic removal option is not supported.

Manual Removal

The following Files/Registry Keys should be deleted:

File(s):

File Path="%SYSTEM%\ibm.dll" Size="151552" PartOfMd5="+ZSYFSr55P..."
File Path="%SYSTEM%\ibm.exe" Size="60463" PartOfMd5="rMzcHbEqX4..."
File Path="%WINDOWS%\Lineageaul.exe" Size="270289" PartOfMd5="2hpAtUz7iH..."
File Path="%WINDOWS%\[random name]" Size="60463" PartOfMd5="rMzcHbEqX4..."
Possible Name="Lineageaul.exe" Size="270289" PartOfMd5="2hpAtUz7iH..."
Possible Name="ibm.dll" Size="151552" PartOfMd5="+ZSYFSr55P..."
Possible Name="ibm.exe" Size="60463" PartOfMd5="rMzcHbEqX4..."
[random name] Size="382034" PartOfMd5="X5Y/QafXue..."

Registry Key(s):

Registry Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Name="ibm"


Links/Resources

How useful was this article?    

Copyright © 2006 Check Point Software Technologies Inc., 800 Bride Parkway, Redwood City, CA 94065, USA
All rights reserved. All other trademarks are the property of their respective owners.