SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Clicker.Small.AD

HIGH
MEDIUM
aprox 12Kb
()

Symptoms

The presence of this malware can be suggested by:
- hidden instances of explorer.exe (in task manager you can view process explorer.exe but not the associated window)
- presence of "sys32exploer.dll" of aprox. 5kb in size, in Windows Directory
- presence of "service32.exe" of aprox 12kb in size, in windows directory
- unusual network activity

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Radu Daniel, virus researcher

Technical Description:

    Trojan.Clicker.Small.AD writes in Windows Directory "sys32exploer.dll", which is a usermode trojan, used to hide the malware process and its associated registry entries.
    Creates a registry entry under
"HKLM\\SOFTWARE\\92LWP2OM8G\\92LWP2OM8G", which will be used when getting future files from the internet.
    Copies itself in windows directory under the name "service32.exe" and adds that file to startup.

    The malware hijacks explorer.exe and connects to a site (ip 69.31.41.177)to get a file which contains an encrypted list of available executable files for aditional download.

    After downloading the list, it downloads the files in there, one by one, executes them and then waits 1 min before going to next file and repeating the process.

    Trojan aims to download other malware.

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources