Copyright 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

Description of the win32.dlder spyware trojan program:
http://support.microsoft.com?scid=kb;EN-US;Q317013


Associated with Clicktilluwin hijackware (advertising trojan) which is known to have been installed by:

 

Bearshare 2.4.0 Beta 7


LimeWire 2.0.2 (no longer included)
 

Kazaa (no longer included) For information about even more Kazaa spyware/problems, look here
 

Grokster 1.33 (uninstaller available - http://www.grokster.com/virusinformation.html)
 

Net2Phone (unspecified versions)

 

BonziBuddy (removal instructions for BonziBuddy here http://www.pchell.com/support/bonzibuddy.shtml)

 

Noted as a trojan by some antivirus programmes (W32.DlDer.Trojan), this little nasty tracks your web surfing *and* uploads this information to a website (now apparently shut down).  It can also download *and activate* exe files (programmes).  You can expect to find a file called explorer.exe in your ..\windows\system or ..\windows\explorer file (note that a legitimate Windows file is also called explorer.exe, but that is in ..\windows

 

Clicktilluwin's statement and removal advice can be found here:

http://www.clicktilluwin.com/clickprivacyterms.htm