Trojan-Clicker.Win32.Delf.r

tag:Trojan   Clickers  

Once launched, the Trojan downloads a list of links from the following URL:

http://www.blazefind.com/xml/index.php?account****

At the moment of writing, this link was not working.

This list will be saved to the current directory as

"bt_2_t 
  

If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:


  1. Revert the DLL file registration by executing the following command:

    regsvr32 /u  
    
    
    

    This Trojan opens a range of Internet sites without the knowledge or consent
of the user.  It is a Windows DLL file.  The file is approximately 220KB in
size.  It is packed using UPX. The unpacked file is approximately 570KB in size.
It is written in Delphi. 
    

Installation

    When registering, the Trojan installs itself to the system as a Browser Helper
Object, creating the following registry keys:
    

    [HKCR\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}]
    

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}]
    

Payload

©Virus-Encyclopedia.com All Rights Reserved.