Home / malware Trojan.Vikadclick
First posted on 30 May 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Vikadclick.
Explanation :
When the Trojan is executed, it creates the following files:
%System%\[5 TO 7 RANDOM DIGITS].[3 RANDOM LETTERS] %UserProfile%\Application Data\locallow\[RANDOM CHARACTERS].dll %System%\sysprep\cryptbase.dll %UserProfile%\Application Data\roaming\[RANDOM CHARACTERS].dll
The Trojan deletes the following files:
%System%\rpcss.dll %System%\dllcache\rpcss.dll
The Trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\"Name" = "[TROJAN PATH]" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\"ID" = [RANDOM DIGIT]
The Trojan may perform click fraud activity.
The Trojan may contact the following servers:
[http://]asgardmen.com [http://]azogroman.com [http://]5.79.86.97 [http://]goeorhbmsd.com [http://]5.79.86.98 [http://]qwertyport.com [http://]88.150.180.37 [http://]ramatuar12.com [http://]futurama88.comLast update 30 May 2014
