Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Delf-CB

Mar 16, 2004 12:37AM PST

Aliases
Trojan.PSW.Delf.cn

Type
Trojan

Description
Troj/Delf-CB is a password stealing Trojan which gathers passwords and confidential information and emails it to a remote location.
The information includes cached passwords, RAS dialup information, Microsoft Outlook settings and information relating to the following software (if installed): ICQ, Miranda, RQ, Becky, The Bat!, Trillian, Total Commander, Far and EDialer.

When first run the Trojan copies itself to the Windows System folder as nm.exe and creates the following registry entry, so that nm.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\foffice = nm.exe


More: http://www.sophos.com/virusinfo/analyses/trojdelfcb.html

Discussion is locked