| Port No | 113 |
| Service Name | Delf.E |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This Trojan drops files on the infected system. It does not have a destructive payload |
| Reference Link | DELF.E |
| Attack | Solutions: Click START>RUN, type REGEDIT then hit the ENTER key. In the left panel, click the "+" to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run In the right panel, search for any of the registry keys that contains the data value of Shell32 = "Registry.exe" In the right panel, highlight the registry key that loads the file and press the DELETE key. In the left panel, click the "+" to the left of the following: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run In the right panel, search for any of the registry keys that contains the data value of Shell32 = "Registry.exe" In the right panel, highlight the registry key that loads the file and press the DELETE key. Run your Windows Task Manager: On Windows 9x/ME systems, press the CTRL-ALT-DEL keys. On Windows NT/2000/XP systems, press CTRL-SHIFT-ESC. The list of running programs is located under the Processes tab. Search from the list of running programs for the malicious program named "Registry', select it, and then press the End Task / End Process button. This should remove the malicious program from memory. Delete the following files. On NT based the system folder would be WinNt\System32 : srv_capture.dll - located in the Windows\System directory Registry.exe - located in Windows\System directory A randomly named .EXE file dropped in the Windows\TEMP directory usually the first two characters start with ",D" A randomly named .JPG file dropped in the Windows\TEMP directory usually the first two characters start with ",D" Scan your system with Trend Micro antivirus and delete all files detected as TROJ_DELF.E To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.