McAfee > Theat Center > PUP Detail Page

Characteristics

Porn Dialers are applications which give the user access to a list of long-distance phone numbers for use with a pornographic "service".

These applications may show a window upon being run initially which will prompt the user whether or not to continue and install or use the modem to dial the long-distance phone numbers. If this window does not appear initially, it will generally appear after a system is restarted, if the porn dialer copies itself to a startup location. These windows generally feature pictures of scantily clad women, which may appear unexpectedly once a system is restarted.

Installation

Upon execution, the application installs itself into the %ProgDir% directory as EnergyPlugin.exe .

(Where %ProgDir% is the Program Files directory, for example C:\Program Files)

For example:

C:\Program Files\EnergyPlugIn\EnergyPlugin.exe

The following Registry key(s) is/are added to hook system startup:

• HKEY_CLASSES_ROOT\dial\DefaultIcon "(Default)" = "C:\Program Files\EnergyPlugIn\EnergyPlugin.exe" %1
• HKEY_CLASSES_ROOT\dial\Shell\Open\Command "(Default)" = "C:\Program Files\EnergyPlugIn\EnergyPlugin.exe" %1
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "dial"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "EnergyPlugIn"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "EnergyPlugIn" = "C:\Program Files\EnergyPlugIn\EnergyPlugin.exe"

The following files were dropped on the local system:

• EnergyPlugin.exe (43,160 bytes)

Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7, and higher, has an option that enables users to detect this kind of program automatically (see below).

Removal

Aliases

Aliases

N/A