Win32/TrojanClicker.Agent.H [Threat Name] go to Threat

Win32/TrojanClicker.Agent.H [Threat Variant Name]

Category trojan
Size 480370 B
Aliases TrojanClicker:Win32/Agent.H (Microsoft)
  Trojan.Horse (Symantec)
Short description

Win32/TrojanClicker.Agent.H is a trojan that redirects results of online search engines to specific web sites.

Installation

When executed, the trojan creates the following files:

  • %systemdrive%\­istart.exe
  • %systemdrive%\­isearch2.dll
  • %systemdrive%\­ibho2.dll

The trojan runs the following applications:

  • C:\­istart.exe

The trojan creates copies of the following files (source, destination):

  • %systemdrive%\­isearch2.dll, %system%\­isearch2.dll
  • %systemdrive%\­ibho2.dll, %system%\­ibho2.dll

The following files are deleted:

  • %systemdrive%\­isearch2.dll
  • %systemdrive%\­ibho2.dll

The trojan executes the following commands:

  • %system%\­regsvr32.exe -s %system%\­isearch2.dll
  • %system%\­regsvr32.exe -s %system%\­ibho2.dll

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Uninstall\­i-Search.us]
    • "DisplayName" = "i-Search.us Toolbar"
    • "UninstallString" = "%system%\­rundll32.exe "%system%\­isearch2.dll"
  • [HKEY_CURRENT_USER\­software\­fasts\­history]
    • "%searchedkeywords%"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Classes\­CLSID\­{8F5A62E2-71F2-72D3-E045-DDF234CAE228}]
    • "(Default)" = "&i-Search.us"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Classes\­CLSID\­{8F5A62E2-71F2-72D3-E045-DDF234CAE228}\­InprocServer32]
    • "(Default)" = "%system%\­isearch2.dll"
    • "ThreadingModel" = "Apartment"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Internet Explorer\­Toolbar]
    • "{8F5A62E2-71F2-72D3-E045-DDF234CAE228}"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Classes\­CLSID\­{ECAD9C14-ED46-D58A-E847-ADBEFC8D37EB}\­InprocServer32]
    • "(Default)" = "%system%\­ibho2.dll"
    • "ThreadingModel" = "Apartment"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVerion\­Explorer\­Browser Helper Objects\­{ECAD9C14-ED46-D58A-E847-ADBEFC8D37EB}]
Other information

Win32/TrojanClicker.Agent.H is a trojan that redirects results of online search engines to specific web sites.


The user may be redirected to one of the following Internet web sites:

  • http://wvww.us/search.php

Please enable Javascript to ensure correct displaying of this content and refresh this page.