Trojan.Poweliks is a Trojan horse that installs as a fileless threat and performs click-fraud operations.
Trojan.Poweliks is a threat that installs itself into the Windows registry where it hijacks many existing CLSID entries to run itself when essential functions of Windows are performed.
In addition, it stores its own code within registry entries which allows it to remain persistent on a computer but not have any of its file stored directly on the computer file system.
Once installed, Trojan.Poweliks may contact its command and control (C&C) servers to download further instructions. The primary goal of Trojan.Poweliks is to perform click-fraud operations which involves covertly downloading large numbers of online advertisements onto the compromised computer and then automatically clicking or interacting with them with a view to earning fraudulent advertising revenue for the attacker.
In certain cases, secondary infections by other threats may occur due to the downloading of malicious adverts (malvertisement) leading to exploit kits. The ransomware, Trojan.Cryptowall
has been seen on some computers compromised by Trojan.Poweliks due to malvertisement.
SYMANTEC PROTECTION SUMMARY
The following Symantec detections protect against this threat family.
Intrusion prevention system
Symantec has created a tool that can help users remove Trojan.Poweliks
For more information, please see the following resource(s):
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.