ClickDLoader.B
Category: Trojan Downloader
Risk:
Elevated Risk
* Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: ClickDLoader.B downloads several adware files. Containing links to scripts on the following domains: install.xxxtoolbar.com c4tdownload.com frame.crazywinnings.com www.mt-download.com Deletes the following files: %System%\exdl1.exe %System%\kalvcar32.exe %System%\khooker.exe %System%\trkgif.exe %Windir%\bargains.exe %Windir%\cashback.exe %Windir%\pconugl.exe %Windir%\zeta.exe C:\DOCUME~1\PRODUC~1\LOCALS~1\Temp\iinstall.exe C:\Documents and Settings\..user...\Application Data\180ax.exe C:\Documents and Settings\..user...\Application Data\actalert.exe C:\Documents and Settings\..user...\Application Data\bargains.exe C:\Documents and Settings\..user...\Application Data\cashback.exe C:\Documents and Settings\..user...\Application Data\CMESys.exe C:\Documents and Settings\..user...\Application Data\exdl1.exe C:\Documents and Settings\..user...\Application Data\iinstall.exe C:\Documents and Settings\..user...\Application Data\kalvcar32.exe C:\Documents and Settings\..user...\Application Data\khooker.exe C:\Documents and Settings\..user...\Application Data\Netscp.exe C:\Documents and Settings\..user...\Application Data\optimize.exe C:\Documents and Settings\..user...\Application Data\pconugl.exe C:\Documents and Settings\..user...\Application Data\PIB.exe C:\Documents and Settings\..user...\Application Data\sais.exe C:\Documents and Settings\..user...\Application Data\TBPS.exe C:\Documents and Settings\..user...\Application Data\trkgif.exe C:\Documents and Settings\..user...\Application Data\WebRebates1.exe C:\Documents and Settings\..user...\Application Data\WSup.exe C:\Documents and Settings\..user...\Application Data\WToolsA.exe C:\Documents and Settings\..user...\Application Data\WToolsS.exe C:\Documents and Settings\..user...\Application Data\zeta.exe C:\PROGRA~1\Toolbar\PIB.exe C:\Program Files\180Solutions\sais.exe C:\Program Files\BullsEye Network C:\Program Files\BullsEye Network\bin\bargains.exe C:\Program Files\CashBack C:\Program Files\Common Files\CMEII\CMESys.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Toolbar\TBPS.exe C:\Program Files\Web_Rebates\WebRebates1.exe
Alias: None
Signatures:
process: iinstall.exe: MD5 Hash: b13517aadba6caebd01
process: iinstall.exe: MD5 Hash: 54836ef038f49f616eb
process: iinstall.exe: MD5 Hash: b13517aadba6caebd01..
Copyright @2006 THR Computer Solutions: ClickDLoader.B