Content

Dialer-215

Type
Program
SubType
Dialer
Discovery Date
09/22/2004
Minimum DAT
4394 (09/22/2004)
Updated DAT
4394 (09/22/2004)
Minimum Engine
5.1.00
Description Added
09/22/2004
Description Modified
05/03/2006 8:43 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Porn Dialers are applications which give the user access to a list of long-distance phone numbers for use with a pornographic "service".

These applications may show a window upon being run initially which will prompt the user whether or not to continue and install or use the modem to dial the long-distance phone numbers. If this window does not appear initially, it will generally appear after a system is restarted, if the porn dialer copies itself to a startup location. These windows generally feature pictures of scantily clad women, which may appear unexpectedly once a system is restarted.

Even if the user chooses not to continue, system changes may still be made:

  • Files may be copied locally
    • This is usually to a "Program Files" sub-folder with a name based upon the name of the company whose "service" is being used
  • Files may be referenced in startup locations
    • These references may be in places such as Startup folders or in the registry Run keys
  • Shortcuts may be created on the Start menu or on the desktop
  • Additional registry keys regarding the dialer application may also be added

Installation

Upon installation, the dialer application registers itself in the system registry. 

The following registry keys were added:

  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    "Check_Associations" = "no"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial "Country" = "de"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
    "DeviceName" = "ELSA ISDN TLV.34  PPP #2"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
    "InstallFlags" = " 03, 00, 00, 00"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
    "Language" = "Deutsch"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
    "Machine" = "01, 00, 00, 00"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial
    "PassFlags" = "02, 00, 00, 00"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial "Password"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial "Pre" = "00, 00, 00, 00"
  • HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial "PreNumber" = "0"

The following item was added to the Start Menu:

  • "- iqking -"

The following files were dropped:

  • iqtests.exe (81,692 bytes)
  • log.txt (dialer debug text)
  • iqking ikg-10089.lnk (shortcut on the desktop)
  • iqking ikg-10089.lnk (shortcut on the Start Menu)

Aliases

Aliases

    N/A