Follow:

You have been re-routed to the VirTool:Win32/DelfInject.AE write up because VirTool%3aWin32%2fDelfInject.AE has been renamed to VirTool:Win32/DelfInject.AE
 

VirTool:Win32/DelfInject.AE


VirTool:Win32/DelfInject.AE is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.


What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

Threat behavior

VirTool:Win32/DelfInject.AE is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.
 
A malicious file is generally encrypted and/or compressed and stored inside another program, which decodes the malicious file and loads it. The malicious program may be injected into a clean process or loaded in a new process of its own. Unlike a "dropper", the malicious executable is never written to disk as a separate file.
 
VirTool:Win32/DelfInject.AE has been used on a variety of different malware, especially several different families of Instant Messaging (IM) spreading Internet Relay Chat (IRC) bots such as Worm:Win32/Scrimge, Worm:Win32/Slenfbot and Worm:Win32/Pushbot. Other malware families such as Win32/Rimecud, Win32/Zbot and Win32/Hamweq have also been observed using Delfinject.

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected computer.

Prevention


Alert level: Severe
First detected by definition: 1.123.2021.0
Latest detected by definition: 1.179.2721.0 and higher
First detected on: Apr 18, 2012
This entry was first published on: May 12, 2011
This entry was updated on: Oct 29, 2012

This threat is also detected as:
No known aliases