Home / malware TrojanClicker:Win32/Yabector.gen
First posted on 04 October 2019.
Source: MicrosoftAliases :
TrojanClicker:Win32/Yabector.gen is also known as a variant of Win32/Adware.ADON, W32/Agent.QMRA, Trojan.CL.Yabector.C.
Explanation :
TrojanClicker:Win32/Yabector.gen is a generic detection for variants of TrojanClicker:Win32/Yabector.A. TrojanClicker:Win32/Yabector.A is a program that notifies a web server of its presence without user consent. It may be bundled with an installation program as a file "eBayShortcuts.exe". InstallationIn the wild, this program was observed installed by an installation for the audio application "Exact Audio Copy" (EAC) as a file named "eBayShortcuts.exe". Payload Notifies remote web serverWhen run, the installed component checks for the file "%APPDATA%Desktopiconconfig.ini" and creates it if it does not exist. It creates a section within the configuration data file named "[Shortcut]" with content as in the following example: [Shortcut]
= The component then starts a Web browser instance (Internet Explorer) and connects to the domain "adon-demand.de" and sends the above content as a string, as in the following example: adon-demand.de/ /?s= &c= Upon visiting the website, the user is then redirected to the online auctioning site "ebay.com". Analysis by Dan Kurc Last update 04 October 2019
