Content

AdClicker-GN!C1EB636A

Type
Trojan
SubType
-
Discovery Date
10/15/2008
Length
364032
Minimum DAT
5405 (10/14/2008)
Updated DAT
5405 (10/14/2008)
Minimum Engine
5.3.00
Description Added
10/15/2008
Description Modified
10/15/2008 2:02 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File PropertyProperty Value
FileNamegetmod~1.exe
McAfee DetectionAdClicker-GN
Length364,032 bytes
CRCC1EB636A
MD59FAD18271A6576613A4F6F573E58DBE8
SHA1E542F7ABAF25F614B5D115182AA0197DB1868430

Other Common Detection Aliases

Company NameDetection Name
avastWin32:Adware-gen [Adw]
AVG (GriSoft)adware generic3.sta
AviraADSPY/Agent.fnj
EsetWin32/Adware.ISM application
KasperskyTrojan.Win32.Pakes.krq
normanw32/smalltroj.hmtt
SymantecAdware.ISMonitor
Trend MicroTROJ_PAKES.BBN
vba32AdWare.Win32.Agent.fnj

Avert® Labs has observed the following system activities:

ActivityRisk Level
Uses shared memory of other processes
Low
Performs a shell execute of downloaded or existing files
Informational

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following registry elements have been created:

  • hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\getmodule\
    • installdt = 1011
    • version = 23

    • The applications created the following network connection(s):

  • http
    • hxxp://interplusclick.com/v/***************
    • hxxp://interplusclick.com/v
      /**********************************************************************
      ***************************

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

    Characteristics

    Characteristics -

    File PropertyProperty Value
    FileNamegetmod~1.exe
    McAfee DetectionAdClicker-GN
    Length364,032 bytes
    CRCC1EB636A
    MD59FAD18271A6576613A4F6F573E58DBE8
    SHA1E542F7ABAF25F614B5D115182AA0197DB1868430

    Other Common Detection Aliases

    Company NameDetection Name
    avastWin32:Adware-gen [Adw]
    AVG (GriSoft)adware generic3.sta
    AviraADSPY/Agent.fnj
    EsetWin32/Adware.ISM application
    KasperskyTrojan.Win32.Pakes.krq
    normanw32/smalltroj.hmtt
    SymantecAdware.ISMonitor
    Trend MicroTROJ_PAKES.BBN
    vba32AdWare.Win32.Agent.fnj

    Avert® Labs has observed the following system activities:

    ActivityRisk Level
    Uses shared memory of other processes
    		Low
    Performs a shell execute of downloaded or existing files
    		Informational

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following registry elements have been created:

  • hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\getmodule\
    • installdt = 1011
    • version = 23

    • The applications created the following network connection(s):

  • http
    • hxxp://interplusclick.com/v/***************
    • hxxp://interplusclick.com/v
      /**********************************************************************
      ***************************

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A