By SpideyMan in Browser Hijackers

Karmaklick.com Image

Karmaklick.com is a search engine that plagiarizes the layout of the legitimate search engine Bing. Karmaklick.com also contains a message claiming that Karmaklick.com is 'powered by Yahoo.' Despite these claims, there is absolutely no connection between Karmaklick.com and these legitimate search engines. Karmaklick.com is a search engine that exhibits nothing but advertisements and spam every time a computer user tries to accomplish a search on this malicious website. Karmaklick.com is also associated with a browser toolbar that has the capacity to alter the infected computer's normal online activity severely. More specifically, this browser toolbar forces the infected browser to carry out all of its searches on Karmaklick.com, despite the computer user's preferences. That is, after entering a search in Google, Bing, Yahoo or any other legitimate search engine, the results displayed will come from Karmaklick.com. Since these results will almost always be irrelevant to the victim's original search, ESG security researchers strongly recommend removing all malware associated with Karmaklick.com from your computer system immediately. As long as this malware remains on your computer you are at risk for other, more severe malware infections.

Why Criminals Want to Force You to Visit Karmaklick.com Repeatedly

Search engines like Karmaklick.com are a substantial source of illegal income for online criminals. They have several functions, some obvious and some which may be a bit more subtle. The main way in which criminals profit from Karmaklick.com is through advertising revenue. That is, each time an infected computer system is forced to visit Karmaklick.com it boosts this website's traffic, which in turn means that Karmaklick.com is displaying more advertisements and is more likely to generate clicks on sponsored links. Websites like Karmaklick.com also serve as an important intermediary function for how malware can spread from one computer to another. For criminals, the ideal situation is to use a malware infection to cause others, creating a cascade effect which may quickly fill up an infected computer system with garbage. By forcing a computer user to visit Karmaklick.com repeatedly, criminals ensure that a computer user is constantly exposed to websites containing dangerous content and other malware threats. By doing this, criminals can often attack on two fronts, using browser hijackers to generate advertisements revenue and at the same time herding their victim's towards websites promoting a rogue security application scam, which can then be used to fleece the victim out of even more money.

File System Details

Karmaklick.com may create the following file(s):
# File Name Detections
1. %AppData%[trojan name]toolbarcouponsmerchants2.xml
2. %AppData%[trojan name]toolbarcouponsmerchants.xml
3. %AppData%[trojan name]toolbarpreferences.dat
4. %AppData%[trojan name]toolbarstat.log
5. %Temp%[trojan name]toolbar-manifest.xml
6. %AppData%[trojan name]toolbarcouponscategories.xml
7. %AppData%[trojan name]toolbarlog.txt
8. %AppData%[trojan name]toolbaruninstallStatIE.dat
9. %AppData%[trojan name]toolbarversion.xml
10. %AppData%[trojan name]toolbardtx.ini
11. %AppData%[trojan name]toolbarguid.dat
12. %AppData%[trojan name]toolbaruninstallIE.dat
13. %AppData%[trojan name]toolbarstats.dat

Registry Details

Karmaklick.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"


Most Viewed