Home / malwarePDF  

Trojan:Win32/Adclicker.KT


First posted on 30 June 2009.
Source: SecurityHome

Aliases :

Trojan:Win32/Adclicker.KT is also known as Also Known As:Win-Trojan/StartPage.18944.P (AhnLab), Win32/BHO.NFP (ESET), Trojan.Win32.StartPage.bky (Kaspersky), Generic StartPage (McAfee), W32/Startpage.LCM.dropper (Norman), Trj/BHO.BG (Panda), Troj/BHO-HS (Sophos), Trojan.Adclicker.RB (VirusBuster).

Explanation :

Trojan:Win32/Adclicker.KT is a trojan that changes the Web browser start page and also downloads advertisements and 'clicks' them without user interaction. This trojan may be installed by TrojanDownloader:Win32/Nonaco.J or other malware.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Trojan:Win32/Adclicker.KT is a trojan that changes the Web browser start page and also downloads advertisements and 'clicks' them without user interaction.

Installation
This trojan may be installed by TrojanDownloader:Win32/Nonaco.J or other malware and may be present as the following: <system folder>778670778670.dll

Payload
Modifies Internet Explorer SettingThe trojan modifies settings for Internet Explorer by modifying registry data. Modifies value: "StartDomain"With data: "v4.mainfeeedhere.com"In subkey: HKCUSoftwareMicrosoftInternet Explorer Downloads & Displays AdvertisementsWin32/Adclicker.KT may download content from the Web site 'v4.mainfeeedhere.com' to display advertisements on the computer. The advertisements are activated ("clicked") without user interaction.Additional InformationFor more information about TrojanDownloader:Win32/Nonaco.J, see our description elsewhere in the malware encyclopedia.

Analysis by Tim Liu

Last update 30 June 2009

 

TOP