Threat Information for "Trojan.Click.1237"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.Click.1237
  • Aliases:Win32:CodBas-24, Hijacker.Small.jf, JS/Zquest.A!tr, Zquest
  • Date Discovered: 2006-07-27
  • Protection Added: 2006-08-16
Description Top 
-- Ease of Removal

1: Consistent file contents
2: Consistently named
3: Creates new registry entries with consistent data

-- Privacy Risks/Security Changes

1: Downloads other threats

-- Damage/Intrusion/Annoyance

1: Autoruns at startup without an option to be disabled
2: Displays targeted popup advertisements [SPYWARE ONLY]

-- Propagation/Saturation

1: Creates new files
2: Significantly slows down the computer
3: Displays error messages due to buggy code
4: Spreads from embedded code in an email [VIRUS ONLY]
5: Spreads through Peer-2-Peer software [VIRUS ONLY]
Technical Details Top
  • Added Directory/File:
    FilePath: %ROOTDRIVE%VSL*
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\Messenger\kydezu.html
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\html2.htm
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\ComPlus Applications\hovemage*
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\wallpap.js
  • Added Directory/File:
    FilePath: %WINDIR%\wallpap.exe
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\Windows NT\hobywive.html
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\ComPlus Applications\* MD5: 55122a72ffc521f8f0c8381b5c7ea00c
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\html1.htm
  • Added Directory/File:
    FilePath: %PROGRAMFILESDIR%\wallpap.exe
  • Added Registry Data:
    Key: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1 Value: [RANDOM VALUE] Data: hobywive
  • Added Registry Data:
    Key: HKU\S-*\Software\Microsoft\Internet Explorer\Desktop\Components\0 Value: [RANDOM VALUE] Data: kydezu
  • Added Registry Data:
    Key: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0 Value: [RANDOM VALUE] Data: kydezu
  • Added Registry Data:
    Key: HKCR\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: hovemage
  • Added Registry Data:
    Key: HKLM\SOFTWARE\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: hovemage