Win32/TrojanClicker.Delf.NBK [Threat Name] go to Threat

Win32/TrojanClicker.Delf.NBK [Threat Variant Name]

Category trojan
Size 356889 B
Detection created Nov 25, 2009
Detection database version 4637
Aliases Trojan-Clicker.Win32.Agent.jjc (Kaspersky)
  Trojan.horse.Clicker.ADVQ (AVG)
Short description

Win32/TrojanClicker.Delf.NBK is a trojan which tries to promote certain web sites. The file is run-time compressed using ASPack .

Installation

The trojan does not create any copies of itself.

Other information

The trojan deletes files that contain one of the following strings in their name:

  • %desktop%\­*Firefox*
  • %desktop%\­*Internet Explorer*
  • %desktop%\­%variable%
  • %quicklaunch%\­*Firefox*
  • %quicklaunch%\­*Internet Explorer*
  • %quicklaunch%\­%variable%
  • C:\­Documents and Settings\­All Users\­%variable%\­*Firefox*
  • C:\­Documents and Settings\­All Users\­%variable%\­*Internet Explorer*
  • C:\­Documents and Settings\­All Users\­%variable%\­%variable%

The trojan creates the following files:

  • %desktop%\­Mozilla Firefox.lnk
  • %desktop%\­Internet Explorer.lnk
  • %desktop%\­%variable%.lnk
  • %quicklaunch%\­Mozilla Firefox.lnk
  • %quicklaunch%\­Internet Explorer.lnk
  • %quicklaunch%\­%variable%.lnk
  • %userprofile%\­%variable%\­%variable%.lnk
  • %userprofile%\­%variable%\­Mozilla Firefox.lnk
  • %userprofile%\­%variable%\­Internet Explorer.lnk
  • %userprofile%\­%variable%\­%variable%.lnk
  • %favorites%\­%variable%www.114.com.cn

Variables %variable% represent strings written in the Chinese language.


The trojan inserts a/an element with an URL link into the file.


The written data contains the following string:

  • http://www.114.com.cn/tindex.html

The trojan connects to the following addresses:

  • 6085.vh.cnolnic.com

It can send various information about the infected computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.