Home / malwarePDF  

TrojanClicker:Win32/Frosparf


First posted on 01 April 2015.
Source: Microsoft

Aliases :

There are no other names known for TrojanClicker:Win32/Frosparf.

Explanation :

Threat behavior

Installation
This threat can create files on your PC, including:

  • %ALLUSERSPROFILE%\desktop\mozilla firefox.lnk
  • %ALLUSERSPROFILE%\start menu\programs\mozilla firefox.lnk
  • %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk
  • %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
  • %APPDATA%\microsoft\internet explorer\quick launch\mozilla firefox.lnk
  • %USERPROFILE%\desktop\google chrome.lnk
  • \programs\internet explorer.lnk


We have also seen this threat create the following files in %SystemRoot%:

  • ads.exe
  • click.exe
  • miniads.exe
  • miniads2.exe


Payload


Clicks on advertisements

This trojan can use your PC to click on online advertisements without your permission or knowledge.

A malicious hacker can earn money out of these clicks by making a website or application appear more popular than it is.

Changes web browser settings


It can change your Internet Explorer start page by modifying the following registry entry:

In subkey: HKCU\software\microsoft\internet explorer\main

Sets value: "Start Page"
With data: "http://www.vinacf.cf"



This malware description was published using automated analysis of file SHA1 d7109d83414019944bf1117cedebbec50e92331a.

Symptoms

The following can indicate that you have this threat on your PC:

  • You see a file similar to:
    • %ALLUSERSPROFILE%\desktop\mozilla firefox.lnk
    • %ALLUSERSPROFILE%\start menu\programs\mozilla firefox.lnk
    • %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk
    • %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
    • %APPDATA%\microsoft\internet explorer\quick launch\mozilla firefox.lnk
    • %USERPROFILE%\desktop\google chrome.lnk
    • \programs\internet explorer.lnk
  • You see registry modifications such as:
    • In subkey: HKCU\software\microsoft\internet explorer\main
      Sets value: "Start Page"
      With data: "http://www.vinacf.cf"

Last update 01 April 2015

 

TOP

Malware :