WORM_DELF.GNR
別名:
Trojan:Win32/Malex.gen!J (Microsoft); RDN/Generic.dx!xx (McAfee); Virus.Win32.Delf.cf (Kaspersky); BehavesLike.Win32.Malware.wsc (mx-v) (Sunbelt); May be infected by unknown virus Win32/DH{LmQDZ19iD1w} (AVG)
プラットフォーム:
Windows 2000, Windows XP, Windows Server 2003
危険度:
ダメージ度:
感染力:
感染確認数:
マルウェアタイプ:
ワーム
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
ファイルサイズ 417,280 bytes
タイプ EXE
メモリ常駐 なし
発見日 2013年5月14日
侵入方法
ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
ワームは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- {malware path and file name}\patch.exe
- %System Root%\AUTOEXEC.BAT\patch.exe
- %System Root%\boot.ini\patch.exe
- %System Root%\CONFIG.SYS\patch.exe
- %System Root%\Documents and Settings\patch.exe
- %System Root%\IO.SYS\patch.exe
- %System Root%\MSDOS.SYS\patch.exe
- %System Root%\NTDETECT.COM\patch.exe
- %System Root%\ntldr\patch.exe
- %System Root%\pagefile.sys\patch.exe
- %Program Files%\patch.exe
- %System Root%\System Volume Information\patch.exe
- %Windows%\patch.exe
- {malware file name}\patch.exe
- AUTOEXEC.BAT\patch.exe
- boot.ini\patch.exe
- CONFIG.SYS\patch.exe
- Documents and Settings\patch.exe
- IO.SYS\patch.exe
- MSDOS.SYS\patch.exe
- NTDETECT.COM\patch.exe
- ntldr\patch.exe
- pagefile.sys\patch.exe
- Program Files\patch.exe
- System Volume Information\patch.exe
- WINDOWS\patch.exe
- WINDOWS\.\patch.exe
- WINDOWS\..\patch.exe
- WINDOWS\$MSI31Uninstall_KB893803v2$\patch.exe
- WINDOWS\$NtUninstallWIC$\patch.exe
- WINDOWS\0.log\patch.exe
- WINDOWS\addins\patch.exe
- WINDOWS\AppPatch\patch.exe
- WINDOWS\assembly\patch.exe
- WINDOWS\Blue Lace 16.bmp\patch.exe
- WINDOWS\bootstat.dat\patch.exe
- WINDOWS\clock.avi\patch.exe
- WINDOWS\cmsetacl.log\patch.exe
- WINDOWS\Coffee Bean.bmp\patch.exe
- WINDOWS\comsetup.log\patch.exe
- WINDOWS\Config\patch.exe
- WINDOWS\Connection Wizard\patch.exe
- WINDOWS\control.ini\patch.exe
- WINDOWS\Cursors\patch.exe
- WINDOWS\Debug\patch.exe
- WINDOWS\desktop.ini\patch.exe
- WINDOWS\Downloaded Program Files\patch.exe
- WINDOWS\Driver Cache\patch.exe
- WINDOWS\DtcInstall.log\patch.exe
- WINDOWS\ehome\patch.exe
- WINDOWS\explorer.exe\patch.exe
- WINDOWS\explorer.scf\patch.exe
- WINDOWS\FaxSetup.log\patch.exe
- WINDOWS\FeatherTexture.bmp\patch.exe
- WINDOWS\Fonts\patch.exe
- WINDOWS\Gone Fishing.bmp\patch.exe
- WINDOWS\Greenstone.bmp\patch.exe
- WINDOWS\Help\patch.exe
- WINDOWS\hh.exe\patch.exe
- WINDOWS\iis6.log\patch.exe
- WINDOWS\ime\patch.exe
- WINDOWS\imsins.BAK\patch.exe
- WINDOWS\imsins.log\patch.exe
- WINDOWS\inf\patch.exe
- WINDOWS\Installer\patch.exe
- WINDOWS\java\patch.exe
- WINDOWS\KB893803v2.log\patch.exe
- WINDOWS\MedCtrOC.log\patch.exe
- WINDOWS\Media\patch.exe
- WINDOWS\Microsoft.NET\patch.exe
- WINDOWS\msagent\patch.exe
- WINDOWS\msapps\patch.exe
- WINDOWS\msdfmap.ini\patch.exe
- WINDOWS\msgsocm.log\patch.exe
- WINDOWS\msmqinst.log\patch.exe
- WINDOWS\mui\patch.exe
- WINDOWS\netfxocm.log\patch.exe
- WINDOWS\NOTEPAD.EXE\patch.exe
- WINDOWS\ntdtcsetup.log\patch.exe
- WINDOWS\ocgen.log\patch.exe
- WINDOWS\ocmsn.log\patch.exe
- WINDOWS\ODBCINST.INI\patch.exe
- WINDOWS\OEWABLog.txt\patch.exe
- WINDOWS\Offline Web Pages\patch.exe
- WINDOWS\patch.exe\patch.exe
- WINDOWS\pchealth\patch.exe
- WINDOWS\PeerNet\patch.exe
- WINDOWS\Prairie Wind.bmp\patch.exe
- WINDOWS\Prefetch\patch.exe
- WINDOWS\Provisioning\patch.exe
- WINDOWS\regedit.exe\patch.exe
- WINDOWS\Registration\patch.exe
- WINDOWS\REGLOCS.OLD\patch.exe
- WINDOWS\regopt.log\patch.exe
- WINDOWS\repair\patch.exe
- WINDOWS\Resources\patch.exe
- WINDOWS\Rhododendron.bmp\patch.exe
- WINDOWS\River Sumida.bmp\patch.exe
- WINDOWS\Santa Fe Stucco.bmp\patch.exe
- WINDOWS\SchedLgU.Txt\patch.exe
- WINDOWS\security\patch.exe
- WINDOWS\sessmgr.setup.log\patch.exe
- WINDOWS\SET3.tmp\patch.exe
- WINDOWS\SET4.tmp\patch.exe
- WINDOWS\SET8.tmp\patch.exe
- WINDOWS\setupact.log\patch.exe
- WINDOWS\setupapi.log\patch.exe
- WINDOWS\setuperr.log\patch.exe
- WINDOWS\setuplog.txt\patch.exe
- WINDOWS\Soap Bubbles.bmp\patch.exe
- WINDOWS\SoftwareDistribution\patch.exe
- WINDOWS\srchasst\patch.exe
- WINDOWS\Sti_Trace.log\patch.exe
- WINDOWS\system\patch.exe
- WINDOWS\system.ini\patch.exe
- WINDOWS\system32\patch.exe
- WINDOWS\tabletoc.log\patch.exe
- WINDOWS\TASKMAN.EXE\patch.exe
- WINDOWS\Tasks\patch.exe
- WINDOWS\Temp\patch.exe
- WINDOWS\tsoc.log\patch.exe
- WINDOWS\twain.dll\patch.exe
- WINDOWS\twain_32\patch.exe
- WINDOWS\twain_32.dll\patch.exe
- WINDOWS\twunk_16.exe\patch.exe
- WINDOWS\twunk_32.exe\patch.exe
- WINDOWS\vb.ini\patch.exe
- WINDOWS\vbaddin.ini\patch.exe
- WINDOWS\vmmreg32.dll\patch.exe
- WINDOWS\Web\patch.exe
- WINDOWS\wiadebug.log\patch.exe
- WINDOWS\wiaservc.log\patch.exe
- WINDOWS\win.ini\patch.exe
- WINDOWS\WindowsShell.Manifest\patch.exe
- WINDOWS\WindowsUpdate.log\patch.exe
- WINDOWS\winhelp.exe\patch.exe
- WINDOWS\winhlp32.exe\patch.exe
- WINDOWS\winnt.bmp\patch.exe
- WINDOWS\winnt256.bmp\patch.exe
- WINDOWS\WinSxS\patch.exe
- WINDOWS\wmsetup.log\patch.exe
- WINDOWS\WMSysPr9.prx\patch.exe
- WINDOWS\Zapotec.bmp\patch.exe
- WINDOWS\_default.pif\patch.exe
- %System Root%\patch.exe\patch.exe
- %Windows%\.\patch.exe
- %Windows%\..\patch.exe
- %Windows%\$MSI31Uninstall_KB893803v2$\patch.exe
- %Windows%\$NtUninstallWIC$\patch.exe
- %Windows%\0.log\patch.exe
- %Windows%\addins\patch.exe
- %Windows%\AppPatch\patch.exe
- %Windows%\assembly\patch.exe
- %Windows%\Blue Lace 16.bmp\patch.exe
- %Windows%\bootstat.dat\patch.exe
- %Windows%\clock.avi\patch.exe
- %Windows%\cmsetacl.log\patch.exe
- %Windows%\Coffee Bean.bmp\patch.exe
- %Windows%\comsetup.log\patch.exe
- %Windows%\Config\patch.exe
- %Windows%\Connection Wizard\patch.exe
- %Windows%\control.ini\patch.exe
- %Windows%\Cursors\patch.exe
- %Windows%\Debug\patch.exe
- %Windows%\desktop.ini\patch.exe
- %Windows%\Downloaded Program Files\patch.exe
- %Windows%\Driver Cache\patch.exe
- %Windows%\DtcInstall.log\patch.exe
- %Windows%\ehome\patch.exe
- %Windows%\explorer.exe\patch.exe
- %Windows%\explorer.scf\patch.exe
- %Windows%\FaxSetup.log\patch.exe
- %Windows%\FeatherTexture.bmp\patch.exe
- %Windows%\Fonts\patch.exe
- %Windows%\Gone Fishing.bmp\patch.exe
- %Windows%\Greenstone.bmp\patch.exe
- %Windows%\Help\patch.exe
- %Windows%\hh.exe\patch.exe
- %Windows%\iis6.log\patch.exe
- %Windows%\ime\patch.exe
- %Windows%\imsins.BAK\patch.exe
- %Windows%\imsins.log\patch.exe
- %Windows%\inf\patch.exe
- %Windows%\Installer\patch.exe
- %Windows%\java\patch.exe
- %Windows%\KB893803v2.log\patch.exe
- %Windows%\MedCtrOC.log\patch.exe
- %Windows%\Media\patch.exe
- %Windows%\Microsoft.NET\patch.exe
- %Windows%\msagent\patch.exe
- %Windows%\msapps\patch.exe
- %Windows%\msdfmap.ini\patch.exe
- %Windows%\msgsocm.log\patch.exe
- %Windows%\msmqinst.log\patch.exe
- %Windows%\mui\patch.exe
- %Windows%\netfxocm.log\patch.exe
- %Windows%\NOTEPAD.EXE\patch.exe
- %Windows%\ntdtcsetup.log\patch.exe
- %Windows%\ocgen.log\patch.exe
- %Windows%\ocmsn.log\patch.exe
- %Windows%\ODBCINST.INI\patch.exe
- %Windows%\OEWABLog.txt\patch.exe
- %Windows%\Offline Web Pages\patch.exe
- %Windows%\patch.exe\patch.exe
- %Windows%\pchealth\patch.exe
- %Windows%\PeerNet\patch.exe
- %Windows%\Prairie Wind.bmp\patch.exe
- %Windows%\Prefetch\patch.exe
- %Windows%\Provisioning\patch.exe
- %Windows%\regedit.exe\patch.exe
- %Windows%\Registration\patch.exe
- %Windows%\REGLOCS.OLD\patch.exe
- %Windows%\regopt.log\patch.exe
- %Windows%\repair\patch.exe
- %Windows%\Resources\patch.exe
- %Windows%\Rhododendron.bmp\patch.exe
- %Windows%\River Sumida.bmp\patch.exe
- %Windows%\Santa Fe Stucco.bmp\patch.exe
- %Windows%\SchedLgU.Txt\patch.exe
- %Windows%\security\patch.exe
- %Windows%\sessmgr.setup.log\patch.exe
- %Windows%\SET3.tmp\patch.exe
- %Windows%\SET4.tmp\patch.exe
- %Windows%\SET8.tmp\patch.exe
- %Windows%\setupact.log\patch.exe
- %Windows%\setupapi.log\patch.exe
- %Windows%\setuperr.log\patch.exe
- %Windows%\setuplog.txt\patch.exe
- %Windows%\Soap Bubbles.bmp\patch.exe
- %Windows%\SoftwareDistribution\patch.exe
- %Windows%\srchasst\patch.exe
- %Windows%\Sti_Trace.log\patch.exe
- %System%\patch.exe
- %System%.ini\patch.exe
- %Windows%\tabletoc.log\patch.exe
- %Windows%\TASKMAN.EXE\patch.exe
- %Windows%\Tasks\patch.exe
- %Temp%\patch.exe
- %Windows%\tsoc.log\patch.exe
- %Windows%\twain.dll\patch.exe
- %Windows%\twain_32\patch.exe
- %Windows%\twain_32.dll\patch.exe
- %Windows%\twunk_16.exe\patch.exe
- %Windows%\twunk_32.exe\patch.exe
- %Windows%\vb.ini\patch.exe
- %Windows%\vbaddin.ini\patch.exe
- %Windows%\vmmreg32.dll\patch.exe
- %Windows%\Web\patch.exe
- %Windows%\wiadebug.log\patch.exe
- %Windows%\wiaservc.log\patch.exe
- %Windows%\win.ini\patch.exe
- %Windows%\WindowsShell.Manifest\patch.exe
- %Windows%\WindowsUpdate.log\patch.exe
- %Windows%\winhelp.exe\patch.exe
- %Windows%\winhlp32.exe\patch.exe
- %Windows%\winnt.bmp\patch.exe
- %Windows%\winnt256.bmp\patch.exe
- %Windows%\WinSxS\patch.exe
- %Windows%\wmsetup.log\patch.exe
- %Windows%\WMSysPr9.prx\patch.exe
- %Windows%\Zapotec.bmp\patch.exe
- %Windows%\_default.pif\patch.exe
(註:%System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。. %Windows%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、"C:\Windows" です。. %System%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では "C:\Windows\System32" です。. %Temp%フォルダは、標準設定では "C:\Windows\Temp" です。)
このウイルス情報は、自動解析システムにより作成されました。
対応方法
対応検索エンジン: 9.300
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「WORM_DELF.GNR」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください