Trojan-Clicker.Win32.Small.f
| Alert Level : | Medium |
| Discovered: | Feb 16 2007 |
| Tag: | Trojan Clickers |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
This Trojan opens a range of Internet sites without the knowledge or consent of the user. It is a Windows DLL file. The file is approximately 10KB in size. It is packed using UPX. The unpacked file is approximately 25KB in size.
InstallationWhen registering, the DLL file is installed to the system as a Browser Helper Object, creating the following registry keys:
[HKCR\CLSID\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF}]
[HKLM\Software\Microsoft\Windows\CurrentVersion
The Trojan tracks which sites the user visits when using Internet Explorer. When certain sites are visited the Trojan will redirect the user to sites belonging to the remote malicous user by substituting IP addresses in the following file:
%System%\drivers\etc\hosts
The list of sites the user will be redirected to is downloaded from the remote malicious user
Removal Trojan-Clicker.Win32.Small.f instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Revert the DLL file registration by executing the following command:
regsvr32.exe /u
Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!
