Win32/TrojanClicker.Delf.NBK [Threat Name] go to Threat

Win32/TrojanClicker.Delf.NBK [Threat Variant Name]

Category trojan
Size 356889 B
Detection created Nov 25, 2009
Detection database version 4637
Aliases Trojan-Clicker.Win32.Agent.jjc (Kaspersky) (AVG)
Short description

Win32/TrojanClicker.Delf.NBK is a trojan which tries to promote certain web sites. The file is run-time compressed using ASPack .


The trojan does not create any copies of itself.

Other information

The trojan deletes files that contain one of the following strings in their name:

  • %desktop%\­*Firefox*
  • %desktop%\­*Internet Explorer*
  • %desktop%\­%variable%
  • %quicklaunch%\­*Firefox*
  • %quicklaunch%\­*Internet Explorer*
  • %quicklaunch%\­%variable%
  • C:\­Documents and Settings\­All Users\­%variable%\­*Firefox*
  • C:\­Documents and Settings\­All Users\­%variable%\­*Internet Explorer*
  • C:\­Documents and Settings\­All Users\­%variable%\­%variable%

The trojan creates the following files:

  • %desktop%\­Mozilla Firefox.lnk
  • %desktop%\­Internet Explorer.lnk
  • %desktop%\­%variable%.lnk
  • %quicklaunch%\­Mozilla Firefox.lnk
  • %quicklaunch%\­Internet Explorer.lnk
  • %quicklaunch%\­%variable%.lnk
  • %userprofile%\­%variable%\­%variable%.lnk
  • %userprofile%\­%variable%\­Mozilla Firefox.lnk
  • %userprofile%\­%variable%\­Internet Explorer.lnk
  • %userprofile%\­%variable%\­%variable%.lnk
  • %favorites%\­

Variables %variable% represent strings written in the Chinese language.

The trojan inserts a/an element with an URL link into the file.

The written data contains the following string:


The trojan connects to the following addresses:


It can send various information about the infected computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.