CLICK YES BELOW LP - 8% Detection Rate *
Did you just stumble upon a download or a file on your computer that has been digitally signed by CLICK YES BELOW LP? Some of the security products refers to the detected files as WS.Reputation.1 and Click Yes Below. The detection rate for the CLICK YES BELOW LP files collected here is 8%. Please read on for more details.
You will typically see CLICK YES BELOW LP when double-clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:
You can also view the CLICK YES BELOW LP certificate with the following steps:
- Open up Windows Explorer and locate the CLICK YES BELOW LP file
- Right-click on the file and select Properties
- Click the Digital Signatures tab
- Click the View Certificate button
Here is a screengrab of a file that has been signed by CLICK YES BELOW LP:
As you can see in the screenshot above, Windows reports that "This digital signature is OK". This means that the file has been published by CLICK YES BELOW LP and that no one has tampered with the file.
If you click the View Certificate button shown in the screenshot above, you can examine all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also see the address for CLICK YES BELOW LP, such as the street name, city and country.
COMODO RSA Code Signing CA has issued the CLICK YES BELOW LP certificates. You can also view the details of the issuer by clicking the View Certificate button shown in the screenshot above.
CLICK YES BELOW LP Files
The following are the CLICK YES BELOW LP files I have collected, thanks to the FreeFixer users.
| Detection Ratio | File Name |
|---|---|
| 9/57 | GamesBot.exe |
| 2/57 | Discover.exe |
| 11/57 | GamesBot.exe |
| 5/57 | GamesBotSvc.exe |
| 15/57 | gamesbotsvc.exe |
| 1/56 | NinjaMaintainer.exe |
| 5/56 | Discover.exe |
| 0/57 | Ninja Loader.exe |
Scanner and Detection Names
Here is the detection names for the CLICK YES BELOW LP files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.
| Scanner | Detection Names |
|---|---|
| AVware | Trojan.Win32.Generic!BT, ClickYesBelow (fs) |
| Antiy-AVL | Trojan/Win32.BTSGeneric |
| Comodo | ApplicUnwnt.Win32.GigaClicks.~A |
| Cyren | W32/Application.FERM-0598 |
| DrWeb | Trojan.Click3.12427, Trojan.Click3.12416 |
| ESET-NOD32 | a variant of Win32/GigaClicks.AV potentially unwanted |
| Fortinet | W32/GameBot.FGDE!tr, GameBot.FGDE!tr, Riskware/GigaClicks |
| K7AntiVirus | Adware ( 004c713f1 ) |
| K7GW | Adware ( 004c713f1 ) |
| McAfee | GameBot-FGDE!E7030B9F2FFF, GameBot-FGDE!92A0507BF761, Artemis!03A45804AAFD, Artemis!31F388905813 |
| McAfee-GW-Edition | GameBot-FGDE!E7030B9F2FFF, GameBot-FGDE!92A0507BF761, Artemis |
| Panda | Trj/CI.A |
| Sophos | Click Yes Below, Click Yes Below (PUA), Ninja Surf Web Spider (PUA) |
| Symantec | WS.Reputation.1, PUA.Gen.2 |
| TrendMicro | TROJ_GEN.R047C0OGA15, TROJ_GEN.R0C1C0OGH15 |
| TrendMicro-HouseCall | TROJ_GEN.R047H06EQ15, Suspicious_GEN.F47V0513 |
| VIPRE | Trojan.Win32.Generic!BT, ClickYesBelow (fs) |
* How the Detection Percentage is Calculated
The detection percentage is based on that I have gathered 566 scan results for the CLICK YES BELOW LP files. 48 of these scan results came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.
Analysis Details
The analysis is done on certificates with the following serial numbers:
- 338a735edfaccd649e222fb8833db63c