This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Adware.ClickAlchemy communicating and requesting information from its controlling server.
Adware.ClickAlchemy is a Browser Helper Object (BHO) that connects to various adware Web sites and downloads advertisements.
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a website that downloads the adware with or without an End User License Agreement
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Symantec Security Response has developed a removal tool for Adware.ClickAlchemy. Use this removal tool first, as it is the easiest way to remove this threat.
The tool can be found here:
The current version of the tool is version 1.0.6. It will have a digital signature timestamp equivalent to 01/24/2005 04:20 AM PST.
Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
It has been reported that a computer on which Adware.ClickAlchemy is installed may also have other security risks. Symantec recommends that the following steps be carried out:
1. Apply the Adware.ClickAlchemy Removal Tool.
2. Update the definitions by starting the Symantec program and running LiveUpdate.
3. Run a full system scan to detect any other security risks on the computer.
4. If the scan detects any further security risks, check for removal tools at http://securityresponse.symantec.com/avcenter/security.risks.tools.list.html.
5. If there are no removal tools for the security risks that are detected, follow the manual removal instructions listed in the threat report.