Virus Encyclopedia

Computer Virus Encyclopedia

Home>Trojan Programs>Trojan Clickers>

Trojan-Clicker.Win32.Delf.r

Alert Level : Medium
Discovered: Feb 16 2007
Tag: Trojan   Clickers  
Discoverer and Source: http://www.kaspersky.com/

Malware Behavior and Technical Description

This Trojan opens a range of Internet sites without the knowledge or consent of the user. It is a Windows DLL file. The file is approximately 220KB in size. It is packed using UPX. The unpacked file is approximately 570KB in size. It is written in Delphi.

Installation

When registering, the Trojan installs itself to the system as a Browser Helper Object, creating the following registry keys:

[HKCR\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}]

Payload

Once launched, the Trojan downloads a list of links from the following URL:

http://www.blazefind.com/xml/index.php?account****

At the moment of writing, this link was not working.

This list will be saved to the current directory as

"bt_2_t 

        
Removal Trojan-Clicker.Win32.Delf.r instructions: 

        


If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:


  1. Revert the DLL file registration by executing the following command:

    regsvr32 /u     
    
		
      
     

      
    
        
          
    
            
    Need help?  Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!
 

©Virus-Encyclopedia.com All Rights Reserved.

Site Map
About Us