English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Clicker.JS.Agent.om

Trojan-Clicker.JS.Agent.om

Detected Dec 09 2010 23:37 GMT
Released Dec 10 2010 08:07 GMT
Published Mar 25 2011 10:34 GMT

Manual description Auto description
This description was created by experts at Kaspersky Lab. It contains the most accurate information available about this program.

Technical Details
Payload
Removal instructions

Technical Details

This Trojan opens different websites in the browser without the user's knowledge. It is a Java Script. It is 2852 bytes in size.


Payload

Once an infected HTML page is opened, the Trojan sets a "cookie" in the browser until the year 2037 named "cook15" with the current date and time. The Trojan, in order to test the "cookies" functionality, adds to the browser a "cookie" named "test". If "cookies" are disabled in the browser the Trojan ceases running. The Trojan tracks three user clicks on any part of the HTML document if the document is opened in MS Internet Explorer 6.0 and earlier versions or in SV1 browser. It then opens the following web resource in a new browser window: 

http://ne***be.org/in.cgi?8&group=dv
from which the user is redirected to the following web resource: 
http://por***platno.com/
A malicious script is downloaded from the main page of this web resource: 
http://por***platno.com/click3.js
This file is 3952 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-Clicker.JS.Agent.op.

In the following browsers: 

Opera
Netscape
Firefox
MS Internet Explorer 7.0
MS Internet Explorer 8.0
Safari
etc. once the user clicks on any part of the document, the Trojan opens a web resource in a new tab. The Trojan also tracks when the user clicks on any link on the HTML document and then opens the following site in a new window: 
http://por***platno.com/


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Empty the Temporary Internet Files directory, which contains infected files (see How to delete infected files from Temporary Internet Files folder?): 
    %Temporary Internet Files%
  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).


MD5: dbfb5d6712038db6cd20e5aa7c3f2a58
SHA1: 3595322c42a1eb53d6511e499cfcc03fbe56601c



Print
Bookmark and Share
Share
Trojans
Trojan-Clicker

Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file).

A malicious user may use Trojan-Clicker programs to:

  • increase the number of visits to certain sites in order to boost the number of hits for online ads
  • conduct a DoS (Denial of Service) attack on a particular server
  • lead potential victims to viruses or Trojans.

Other versions
Trojan-Clicker.JS.Agent.d
Trojan-Clicker.JS.Agent.op

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search