English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan-Clicker.JS.Agent.op

Detected Dec 09 2010 23:50 GMT
Released Dec 10 2010 08:07 GMT
Published Mar 28 2011 12:46 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan opens different websites in the browser without the user's knowledge. It is a Java Script. It is 3067 bytes in size.


Payload

When an infected page is opened, the Trojan launches its malicious script for execution. The Trojan then adds "mouseup" and "beforeunload" event handlers to this page. The malware tracks three user clicks on the HTML page and then opens the following page in a new browser window:

http://ne***be.org/in.cgi?8&group=od
The Trojan also tracks when the page is closed and displays the following message:

When the user clicks on Cancel, the Trojan opens the previously mentioned page in a new browser window. A click on the OK button closes the browser window. The malware then sets in the browser a cookie called "cook pop" with value "1" for 23 hours. After the page is opened from the specified link, the user is redirected to the following page:

http://por***us.net/


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Empty the Temporary Internet Files directory, which contains infected files (see How to delete infected files from Temporary Internet Files folder?):
    %Temporary Internet Files%
  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).


MD5: ab709403cd352bcab77612cf5955a513
SHA1: 5ef9a83b78b7b84c800e12cb577b53dc1361b7da


Bookmark and Share
Share
Trojan-Clicker

Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file).

A malicious user may use Trojan-Clicker programs to:

  • increase the number of visits to certain sites in order to boost the number of hits for online ads
  • conduct a DoS (Denial of Service) attack on a particular server
  • lead potential victims to viruses or Trojans.

Other versions