Description of the Win32.DlDer Trojan Program (317013)

SUMMARY

Trojan programs are programs that pretend to do one thing while secretly doing something else. DlDer.exe (also known as Win32.DlDer) is supposed to be an online lottery game with advertisements. It also includes a component that spies on your Internet activities and reports them to a Web site. This article describes the trojan program DlDer.

MORE INFORMATION

D1Der.exe was installed in November and December 2001 as an added component called "ClickTillUWin" with LimeWire, KaZaa, Grokster, Net2Phone, BonziBUDDY, and some other person-to-person file-sharing software programs. The trojan program was installed even if you selected not to install any additional components from those packages during setup. Most software packages no longer contain DlDer.

NOTE: DlDer is NOT a virus, because it does not spread.

The trojan program downloads the Explorer.exe file, which connects to a Web site and reports the user's ID (unique for each computer), IP address, which Web browser a user is using, and each URL that a Web browser opens. Explorer.exe is installed in C:\Windows\Explorer\ folder.

NOTE: The Windows Explorer executable file is also called Explorer.exe. By default, it is located in the Windows folder and is not changed or replaced by this trojan program. Do not confuse the Windows Explorer Explorer.exe file with the Windows\Explorer\Explorer.exe file (the trojan program).

For more information about DlDer.exe, see the following Web site:

http://www.europe.f-secure.com/v-descs/dlder.shtml

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.