Trojan-Clicker.Win32.Small.f

tag:Trojan   Clickers  

The Trojan tracks which sites the user visits when using Internet Explorer. When certain sites are visited the Trojan will redirect the user to sites belonging to the remote malicous user by substituting IP addresses in the following file:

%System%\drivers\etc\hosts

The list of sites the user will be redirected to is downloaded from the remote malicious user

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Revert the DLL file registration by executing the following command: 
    regsvr32.exe /u  
    
    
    

    This Trojan opens a range of Internet sites without the knowledge or consent
of the user.  It is a Windows DLL file.  The file is approximately 10KB in size.
It is packed using UPX. The unpacked file is approximately 25KB in size.  
    

Installation

    When registering, the DLL file is installed to the system as a Browser Helper
Object, creating the following registry keys:
    

    [HKCR\CLSID\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF}]
    

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF}]
    

Payload

©Virus-Encyclopedia.com All Rights Reserved.