W32.Adclicker.C.Trojan


Aliases: AdClicker-C, Troj/AdClicke-C, Troj/AdClick-D, TROJ_NETBUIE.I, TrojanClicker.Win32.Netbuie.i
Variants: Generic AdClicker.c, Trojan:Win32/Agent.ET, TrojanClicker.Win32.Agent, Troj/Autotroj-C

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: Europe
Removal: Easy
Platform: W32
Discovered: 01 May 2003
Damage: Low

Characteristics: The W32.Adclicker.C.Trojan Trojan Horse malware was designed by its author to automatically click on banner advertisements that are found in specific websites. As a result, the computer user of the infected machine may experience uncontrolled launching of Web browser windows. This action requires the redirection of the browser to predefined websites.

More details about W32.Adclicker.C.Trojan

Aside from creating an associated entry in the startup folder of the Operating System, the W32.Adclicker.C.Trojan Trojan Horse may also initiate the downloading or requesting of files from various websites. In general, computer system infected by this malware experience proliferation of popup advertisement Windows. Presumably this is done by modifying certain configurations of the Web browser which are associated with the implementation of security settings. It is believed by most antivirus experts that the prunnet.exe serves as the main executable file of the malware. The Windows Registry is used to allow this executable file to load together with the Operating System on boot up. Other files which have been identified with this malware include index.html and index.jpg.

The manual removal of the W32.Adclicker.C.Trojan malware from the infected system involves the deletion of the associated files and the startup entries added by the malware. To remove startup entries, click on the Run option in the Start menu and type the command MSCONFIG. Under the startup tab, uncheck any entries which are associated with the malware. To delete the main executable and other files, the computer system may need to be rebooted in Safe Mode. During the reboot process, press the F8 button on the keyboard and select the Safe Mode option from the boot menu list. The associated files are normally located on the root directory or in the System folder of the Windows directory. An alternative is to use an antivirus application which has an updated engine and database definition file.