AccessPlugin

Description: Dialer
Risk Level: High
Date of First Occurence: Tuesday, August 12, 2008
Software Developer: (unknown)
Brief Info: AccessPlugin is an Active X drive-by that downloads porn dialers from any website that request it to.
Removal: This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "AccessPlugin"

Threat Info

View All

Detected Items

  1. Detected Files: %SYSDIR%\ngd.dll MD5: F6F186A9C3D700808482FB87FBCDEE87 Size:62976
  2. Detected Files with variable Filenames:

Detecting items list:

  1. Files by Name %sysdir%\ngd.dll
  2. Files by CLSID or Name CLSID=d8efadf1-9009-11d6-8c73-608c5dc19089
  3. Registry Keys HKLM\software\webdialer
  4. Registry Values HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=HTTP Tunneling Server Value=mstunnel.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=HTTP Tunneling Server Value=mstunnel.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run ValueName=HTTP Tunneling Server Value=mstunnel.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=HTTP Tunneling Server Value=mstunnel.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run ValueName=WINDOWS SYSTEM Value=botzor.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=WINDOWS SYSTEM Value=botzor.exe

« Go to Software Database