| Port No | 47262 |
| Service Name | Delta source |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Delta source 0.5 is a BO 1.20 take off Visual Basic trojan. The client has the same type layout as BO 1.20. The trojan infects incorrectly because it is missing a backslash in the registry entry. So, if you run the server at c:\test\server.exe it tries to load c:\testserver.exe. |
| Reference Link | Delta source Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: Ds admin tool It does the following : Delete file Get server info Hide/show taskbar List/Kill programs Mouse buttons swap Mouse freeze/unfreeze Ping Reboot server Send msgbox Send to url Spawn program visible or invisible Removal : 1.Remove the Ds admin tool key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program 2. Reboot the computer or close trojan file. 3. Delete the trojan file that is listed in the registry. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.