TROJ_DELPACK.A
Windows 98, ME, NT, 2000, XP, Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, Specifically, it is a component file of PE_DELPACK.A, a file infector that infects files by compressing them, and then bundling them with the main file.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan may arrive as a file that exports functions used by other malware. It may be downloaded by other malware/grayware/spyware from remote sites. It may be downloaded by other malware/grayware from remote sites. It may be dropped by other malware.
TECHNICAL DETAILS
Arrival Details
This Trojan may arrive as a file that exports functions used by other malware.
It may be downloaded by other malware/grayware/spyware from remote sites.
It may be downloaded by the following malware/grayware from remote sites:
- PE_DELPACK.A
It may be dropped by other malware.
Installation
This Trojan is injected into the following processes running in memory:
- explorer.exe
Autostart Technique
This Trojan registers itself as a BHO to ensure its automatic execution every time Internet Explorer is used by adding the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{random CLSID}\
InprocServer32
(Default) = {malware path and file name}.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{random CLSID}
(Default) = {random value}
SOLUTION
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 2
Remove malware files dropped/downloaded by TROJ_DELPACK.A
- PE_DELPACK.A
Step 3
Scan your computer with your Trend Micro product and note files detected as TROJ_DELPACK.A
Step 4
Restart in Safe Mode
Did this description help? Tell us how we did.