Welcome to the Virus Encyclopedia of Panda Security.
It passes itself off as Google's original website in order to deceive users and carries out several modifications in the Windows Registry, which prevent the computer from working properly. It spreads through removable and mapped drives.
|First detected on:||Feb. 4, 2008|
|Detection updated on:||Feb. 4, 2008|
|Yes, using TruPrevent Technologies
ManClick.A is a worm that passes itself off as Google's original website. In order to do so, it shows a similar website to the original one in order to deceive users. The results offered in this website could point to malicious websites.
Additionally, it carries out several modifications in the Windows Registry, which prevent the user from working with the computer as usual.
These modifications prevent the user from carrying out the following actions, among others:
- Doing searches in a fast and straight way, as it disables the option Search from the Start menu.
- Viewing the processes that are being run through the Task Manager.
- Modifying the configuration of the features of the folders.
ManClick.A reaches the computer in a file that has the icon belonging to a Windows folder. It spreads through removable and mapped drives, making copies of itself in them.
ManClick.A is easy to recognize once it has affected the computer, as when it is run, it opens several websites with the Internet Explorer browser that display a website that seems to be Google's.
However, they are not Google's original website, as the URL that appears in the address bar points to http://clicanu.com, as can be seen in the following image: