MSIL/TrojanClicker.Agent.NBY [Threat Name] go to Threat

MSIL/TrojanClicker.Agent.NBY [Threat Variant Name]

Category trojan
Size 68944 B
Detection created Jun 26, 2013
Detection database version 9404
Aliases Clicker.BDYD (AVG)
Short description

MSIL/TrojanClicker.Agent.NBY is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.

Information stealing

MSIL/TrojanClicker.Agent.NBY is a trojan that steals sensitive information.


The trojan collects the following information:

  • operating system version
  • MAC address
  • computer name
  • name, version of default Internet browser

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. It tries to download several files from the addresses.


These are stored in the following locations:

  • %commonappdata%\­csrss.exe
  • %currentfolder%\­task.exe

The files are then executed. The HTTP protocol is used.


The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "csrss" = "%commonappdata%\­csrss.exe"

This way the trojan ensures that the file is executed on every system start.


The trojan sends requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.

Please enable Javascript to ensure correct displaying of this content and refresh this page.