Virus:TR/Click.Agent.AC
Date discovered:17/01/2005
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:90.112 Bytes
MD5 checksum:807ec8a8b8e28b11258ff2782f1f91be
VDF version:6.29.00.64

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Clicker.Win32.Agent.ac
   •  TrendMicro: TROJ_CLICKER.EQ
   •  Bitdefender: Trojan.Clicker.Agent.GQ


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a file
   • Registry modification
   • Third party control

 Files The following file is created:

%SYSDIR%\ansi.cfg

 Registry The values of the following registry key are removed:

–  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad
   • SystemChecÂwk
   • SystemChecÂwk1



It registers a browser helper object (BHO) by adding the following key:

– HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InProcServer32
   • (Default) = "%SYSDIR%\vbsys2.dll"



The following registry keys are added:

– HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
   • (Default) = "System Check Application"

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad
   • SystemCheck2 = "{54645654-2225-4455-44A1-9F4543D34546}"

 Backdoor Contact server:
All of the following:
   • http://www7.logih.com/777/**********
   • http://540.filost.com/randomsites/**********

As a result remote control capability is provided.

Remote control capabilities:
    • Visit a website

 File details Programming language:
 The malware program was written in MS Visual C++.

Description inserted by Marius T. Nicolae on Tuesday, September 12, 2006
Description updated by Marius T. Nicolae on Wednesday, September 13, 2006

Back . . . .