The emulator had been distributed from a free Web site account hosted by Angelfire, a company owned by Lycos. Angelfire has removed the site from the Web because it violated the company's terms of service, according to a notice posted on the site.
Hidden in the fake emulator, which had a file name of EMU_xbox.exe, was a program called NetBUIE.exe, which appears to have sent "a massive burst of data to Web sites" designed to increase the hit totals of online ads, said Roger Thompson, director of malware research at TruSecurea.
Online ads make money by the number of people who view them and the number of people who click on them.
The Trojan was "probably generating click-throughs for someone", Thompson said, adding that it was unclear whether the program did anything else to victims' PCs or programs stored on them.
Because nothing obvious happened when users launched the "emulator" program, they may have assumed that it had malfunctioned and forgotten about it, so the program could still be on many people's PCs and "may still be generating click-throughs, Thompson said.