AccessPlugin
|
Description:
|
Dialer
|
|
Risk Level:
|
High
|
|
Date of First Occurence:
|
Tuesday, August 12, 2008
|
|
Software Developer:
|
(unknown)
|
|
Brief Info:
|
AccessPlugin is an Active X drive-by that downloads porn dialers from any website that request it to.
|
|
Removal:
|
This threat can be removed using "Spyware
Terminator"
|
REMOVER SPYWARE »
Geographical Distribution of Threat "AccessPlugin"
Threat Info
View All
Detected Items
- Detected Files:
%SYSDIR%\ngd.dll
MD5: F6F186A9C3D700808482FB87FBCDEE87 Size:62976
- Detected Files with variable Filenames:
Detecting items list:
- Files by Name
%sysdir%\ngd.dll
- Files by CLSID or Name
CLSID=d8efadf1-9009-11d6-8c73-608c5dc19089
- Registry Keys
HKLM\software\webdialer
- Registry Values
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ValueName=HTTP Tunneling Server Value=mstunnel.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=HTTP Tunneling Server Value=mstunnel.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ValueName=HTTP Tunneling Server Value=mstunnel.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=HTTP Tunneling Server Value=mstunnel.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ValueName=WINDOWS SYSTEM Value=botzor.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices ValueName=WINDOWS SYSTEM Value=botzor.exe
«
Go to Software Database
