Troj/AdClick-AQ is a Trojan for the Windows platform.
Troj/AdClick-AQ periodically connects to a remote website and displays popup advertisements.
When first run Troj/AdClick-AQ copies itself to:
<System>\gedit.exe
<System>\msscript.exe
and creates the file <System>\wups32.dll. Wups32.dll is a non-malicious file and may be deleted.
The following registry entries are created to run gedit.exe and msscript.exe on
startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
systemr
<system>\gedit.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<system>\msscript.exe
Registry entries are created under:
HKCU\Software\Microsoft\Internet Explorer\Extensions\(7713E8D2-850A-101B-AFC0-4210102A8DA7)