Troj/Clecker-A is a Trojan for the Windows platform.
Troj/Clecker-A contains functionality to automatically click on adverts.
Troj/Clecker-A includes functionality to modify the HOSTS file.
When first run, Troj/Clecker-A copies itself to:
\CriticalUpdate.exe
\registry.pif
<Start Menu>\default.scr
<Start Menu>\usbwin32.exe
<Windows folder>\mshotfix.exe
<Windows folder>\twain_32.exe
and creates the file <Windows system folder>\inetconnect.dll, also detected as Troj/Clecker-A.
The following registry entries are set to run Troj/Clecker-A on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSUpdate
c:\CriticalUpdate.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RegistryMonitor
c:\registry.pif
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Security Hot Fix Update
<Windows folder>\mshotfix.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(0CDAAEC2-E245-44CC-8357-CAB70172D017)
StubPath
c:\CriticalUpdate.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(8E668361-C801-41B7-BF89-2FC2C8DE9167)
StubPath
<Windows folder>\twain_32.exe
Troj/Clecker-A modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.