Troj/AdClick-FR

Category: Viruses and Spyware Protection available since:24 Jul 2009 05:20:34 (GMT)
Type: Trojan Last Updated:24 Jul 2009 05:20:34 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/AdClick-FR is a Trojan for the Windows platform.

When run Troj/AdClick-FR copies itself to <Root>\svchost.exe and creates the file <Root>\processor.bat (also detected as Troj/AdClick-FR).

The following registry entries are set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

HKLM\SOFTWARE\Microsoft\Security Center
FirewallDisableNotify
0

HKLM\SOFTWARE\Microsoft\Security Center
FirewallOverride
1

HKLM\SOFTWARE\Microsoft\Security Center
FirstRunDisabled
1

HKLM\SOFTWARE\Microsoft\Security Center
UpdatesDisableNotify
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Processor
<Root>\svchost.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0

HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp
Start
2

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr
Start
2

HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
4

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy