English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Clicker.Win32.VB.gkp

Trojan-Clicker.Win32.VB.gkp

Detected Feb 12 2011 04:50 GMT
Released Feb 12 2011 11:53 GMT
Published Apr 05 2011 12:34 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan opens different websites in the browser without the user's knowledge. It is a Windows PE EXE file. It is 16 416 bytes in size. It is written in Visual Basic.


Payload

The Trojan launches "Explorer" by sending the following link in parameters: 

http://www.****etgy.com/cpm/10102/10194.jsp?s=11054&dm=2
The Explorer then launches the default browser and opens the downloaded link in its window.

The Trojan then ceases running.


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).



Print
Bookmark and Share
Share
Trojans
Trojan-Clicker

Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file).

A malicious user may use Trojan-Clicker programs to:

  • increase the number of visits to certain sites in order to boost the number of hits for online ads
  • conduct a DoS (Denial of Service) attack on a particular server
  • lead potential victims to viruses or Trojans.

Other versions
Trojan-Clicker.Win32.VB.fy
Trojan-Clicker.Win32.VB.l
Trojan-Clicker.Win32.VB.sd
Trojan-Clicker.Win32.VB.se
Trojan-Clicker.Win32.VB.sk
Trojan-Clicker.Win32.VB.sv
Trojan-Clicker.Win32.VB.sw
Trojan-Clicker.Win32.VB.sy
Trojan-Clicker.Win32.VB.uo

Aliases

Trojan-Clicker.Win32.VB.gkp (Kaspersky Lab) is also known as:

  • Trojan: Generic.dx!wcu (McAfee)
  • Mal/Generic-L (Sophos)
  • Trojan.Clicker-4022 (ClamAV)
  • Trj/Clicker.ATI (Panda)
  • W32/Trojan2.NMIH (FPROT)
  • Trojan.Click.20429 (DrWeb)
  • Win32/TrojanClicker.VB.NTA trojan (Nod32)
  • Trojan.Generic.5442465 (BitDef7)
  • Trojan.CL.VB!0JD33FKp6o4 (VirusBuster)
  • Win32:Trojan-gen (AVAST)
  • Trojan.Agent (Ikarus)
  • Downloader.VB.KIP (AVG)
  • Trojan.Gen (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • Trojan.Win32.Fednu.aix (Rising)
  • Trojan.CL.VB!0JD33FKp6o4 (VirusBusterBeta)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search