Virus Characteristics
This program is not a virus. However, the application does resemble trojan like behaviour. It is/was being distributed by several popular freeware programs. Such as certain versions of BonziBUDDY, Net2Phone.com, KaZaA, Grokster, and LimeWire. In some cases the user was not made aware that the program was being installed, and/or what the program was designed to do.
The program is related to the ClickTillUWin game. It is designed to relay the computer IP Address, URLs that the user has visited, and web browser version to http://www.2001-007.com, for the purpose of displaying advertisements. It creates the following files and registry entries:
- C:\Windows\dlder.exe
- C:\Windows\explorer\explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Games\Clicktilluwin
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run\dlder
The detection of this type of files is not automatically activated.
Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).
This type of detection also exists within e250/e500 Webshield filtering devices.