Follow:

 

TrojanClicker:Win32/Clikug.A


Microsoft security software detects and removes this threat.

This threat uses your PC for click fraud. It can run in the background whenever your PC is turned on. We have seen this threat using as much as 1 GB of bandwidth per hour - this can severely impact the speed of your Internet connection as well as lead to excess data usage charges from your Internet service provider.

Clikug is also known as GigaClicks.

It is usually installed by third-party software installation programs.

Find out ways that malware can get on your PC.  

 



What to do now

Remove programs

You might need to manually remove this program:

The entry for this program may be called "GigaClicks Crawler".

If an uninstaller is not available, does not work properly, or you do not want to use it, you can use the following free tools to detect and remove this program and other unwanted software from your PC:

You should also run a full scan. A full scan might find other, hidden threats.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Installation

We have seen TrojanClicker:Win32/Clikug.A installed by other malware and unwanted software. It can also be downloaded by software bundlers that install clean applications.

The image below shows an example of a software bundler that installs Clikug (also known as GigaClicks) at the same time as other applications. We detect this installer as TrojanDownloader:Win32/Clikug.A:

TrojanClicker:Win32/Clikug.A copies itself to the following locations:

The trojan creates a scheduled task so that is runs regularly:

A significant amount of disk space is also used by TrojanClicker:Win32/Clikug.A in the following directory. It is used to hold temporary Chrome profiles and extensions used for the crawling:

An uninstall entry is added under the display name “GigaClicks Crawler” with no developer information. Running the uninstaller might remove the threat from your PC:

Payload

Click fraud

This threat can use your PC for click fraud

We have seen it using as much as 1 GB of bandwidth per hour - this can severely impact the speed of your Internet connection as well as lead to excess data usage charges from your Internet service provider.

Analysis by Geoff McDonald


Symptoms

The following could indicate that you have this threat on your PC:

  • Slow Internet speeds when you browse websites or play games
  • Poor PC performance
  • Unusually high bandwidth usage reported or charged to you by your Internet Service Provider (ISP).
  • You have these files: 
  • You have the following uninstall entry:
     

Prevention


Alert level: Severe
First detected by definition: 1.169.260.0
Latest detected by definition: 1.177.688.0 and higher
First detected on: Mar 20, 2014
This entry was first published on: Mar 24, 2014
This entry was updated on: Aug 25, 2014

This threat is also detected as:
  • GigaClicks (other)