MSIL/TrojanClicker.Agent.NBY [Threat Name] go to Threat
MSIL/TrojanClicker.Agent.NBY [Threat Variant Name]
Category | trojan |
Size | 68944 B |
Aliases | Clicker.BDYD (AVG) |
Short description
MSIL/TrojanClicker.Agent.NBY is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
Information stealing
MSIL/TrojanClicker.Agent.NBY is a trojan that steals sensitive information.
The trojan collects the following information:
- operating system version
- MAC address
- computer name
- name, version of default Internet browser
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (2) URLs. It tries to download several files from the addresses.
These are stored in the following locations:
- %commonappdata%\csrss.exe
- %currentfolder%\task.exe
The files are then executed. The HTTP protocol is used.
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "csrss" = "%commonappdata%\csrss.exe"
This way the trojan ensures that the file is executed on every system start.
The trojan sends requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.