Class Trojan-Clicker
Platform Win32

Technical Details

This Trojan will periodically load a designated web page in the Internet browser. It is a Windows PE EXE file. The executable file is 36 864 bytes in size. It is written in Visual C++.


Once launched, the Trojan copies itself to the Windows system directory as “winsvc32.exe”:


It then registers this file in the system registry:

“winsvc32.exe” = “%System%winsvc32.exe”

This ensures that the Trojan will be launched each time Windows is booted on the victim machine.

Every 30 minutes, the Trojan will open using the Windows command line.

At the time of writing, no page was placed on this address.

Removal instructions

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the following file:
  3. Delete the following system registry entry:
    “winsvc32.exe” = “%System%winsvc32.exe”
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Find out the statistics of the threats spreading in your region