1. Symantec/
  2. Security Response/
  3. Trojan.Poweliks


Risk Level 1: Very Low

August 3, 2014
September 23, 2015 11:32:35 AM
Also Known As:
TROJ_POWELIKS.A [Trend], Trojan.Poweliks.A [F-Secure], Trojan.Win32.Powerliks.a [Kaspersky], Trojan:Win32/Powessere.ATrojan.Win32.Powerliks.a [Microsoft]
Infection Length:
71,680 bytes
Systems Affected:
CVE References:
Trojan.Poweliks is a Trojan horse that installs as a fileless threat and performs click-fraud operations.

Trojan.Poweliks is a threat that installs itself into the Windows registry where it hijacks many existing CLSID entries to run itself when essential functions of Windows are performed.

In addition, it stores its own code within registry entries which allows it to remain persistent on a computer but not have any of its file stored directly on the computer file system.

Once installed, Trojan.Poweliks may contact its command and control (C&C) servers to download further instructions. The primary goal of Trojan.Poweliks is to perform click-fraud operations which involves covertly downloading large numbers of online advertisements onto the compromised computer and then automatically clicking or interacting with them with a view to earning fraudulent advertising revenue for the attacker.

In certain cases, secondary infections by other threats may occur due to the downloading of malicious adverts (malvertisement) leading to exploit kits. The ransomware, Trojan.Cryptowall has been seen on some computers compromised by Trojan.Poweliks due to malvertisement.

The following Symantec detections protect against this threat family.


Intrusion prevention system

Removal tool
Symantec has created a tool that can help users remove Trojan.Poweliks.

Additional information
For more information, please see the following resource(s):

Antivirus Protection Dates

  • Initial Rapid Release version August 4, 2014 revision 001
  • Latest Rapid Release version August 28, 2015 revision 018
  • Initial Daily Certified version August 4, 2014 revision 008
  • Latest Daily Certified version August 29, 2015 revision 002
  • Initial Weekly Certified release date August 6, 2014
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Masaki Suenaga

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube