English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Clicker.Win32.Small.fn

Trojan-Clicker.Win32.Small.fn

Detected Apr 22 2005 09:01 GMT
Released Apr 22 2005 09:01 GMT
Published Jan 25 2008 14:05 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan opens web sites without the knowledge or consent of the user. It is a Windows PE EXE file. It is 3584 bytes in size. It is written in C++.

Installation

When launching, the Trojan causes the following message to be displayed:

It then copies its executable file as follows:

C:\Windows\erxs.exe

In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"DPA" = "c:\windows\erxs.exe"

Payload

Every 60 minutes, the Trojan uses Internet Explorer to open the link below:

http://xlogin.netfirms.com/*****.html

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Delete the following file:
    C:\Windows\erxs.exe
  4. Delete the following system registrykey:
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "DPA" = "c:\windows\erxs.exe"
  5. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).


Print
Bookmark and Share
Share
Trojans
Trojan-Clicker

Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file).

A malicious user may use Trojan-Clicker programs to:

  • increase the number of visits to certain sites in order to boost the number of hits for online ads
  • conduct a DoS (Denial of Service) attack on a particular server
  • lead potential victims to viruses or Trojans.

Other versions
Trojan-Clicker.Win32.Small.ae
Trojan-Clicker.Win32.Small.ai
Trojan-Clicker.Win32.Small.bh
Trojan-Clicker.Win32.Small.eb
Trojan-Clicker.Win32.Small.f
Trojan-Clicker.Win32.Small.h
Trojan-Clicker.Win32.Small.ie
Trojan-Clicker.Win32.Small.kj

Aliases

Trojan-Clicker.Win32.Small.fn (Kaspersky Lab) is also known as:

  • Trj/Downloader.LZ (Panda)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search