Gong is a Trojan that has the ability to alter Windows Explorer and other Windows programs so that it can run happily without the user ever knowing of its existence. After it’s installed by a large Trojan bundler like Dloader.Small.ele or ConCommand, it quickly phones home and gets an infected file named “svchost.exe” whose true purpose is sinister, but not entirely unexpected. This installs a file called “ctfmon.exe” which is ran with autorun.inf.
This .inf sets alters Windows to run the infected file whenever they try to open or explore.
Clicking either of these will run ctfmon.exe.
When Ctfmon.exe is run, it creates several hidden windows whose purpose has one thing in mind…clicks. While those hidden windows are running they are frantically clicking as many things as fast as they can in order to drive traffic to their site.
How can you detect these hidden windows? Well I don’t mean to pump my brand name but, X-cleaner Deluxe actually has a feature in it to allow you to see any and all windows open at the time.
From here you can see your attacker…or kill it.
More and more people are using these kinds of shady tactics to get traffic to their sites. It’s important to be aware of who is eating up your processing power, and remember that it’s not clean until its X-clean.
Original post by Chris Mannon and software by Elliott Back