Content

Dialer-258.dll

Type
Program
SubType
Application extension
Discovery Date
04/04/2005
Minimum DAT
4461 (04/04/2005)
Updated DAT
4461 (04/04/2005)
Minimum Engine
5.1.00
Description Added
04/04/2005
Description Modified
01/06/2006 6:58 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Characteristics:

Porn Dialers are applications which give the user access to a list of long-distance phone numbers for use with a pornographic "service".

The application could try to connect to one of the following update URLs

  • www.mogo-mania.com
  • www.mogo-nation.com
  • www.mogo-planet.com

Registry Changes

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{7F6828CA-9E42-462C-BC60-418C8144012C}: "BHOmod.BHOmodObj"
    • TypeLib: "{09CA52B3-703C-4B17-9690-C13F736E3DCD}"
    • Programmable\: ""
    • ProgID\: "BHOmod.BHOmodObj.1"
    • InprocServer32\: "%filepath%\BHOmod.dll"
    • InprocServer32\ThreadingModel: "Apartment"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects\{{7F6828CA-9E42-462C-BC60-418C8144012C}: ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
    {9769272F-6F27-441E-B5A7-D784C10CACE6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
    BHOmod.BHOmodObj
  • HKEY_LOCAL_MACHINE\SOFTWARE\PTSSA\bhomod\id: "8B7CA43C617C4CF7A3926853FD5F81A1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\PTSSA\bhomod\
    lastExec: 0x000FAC26

Note: %filepath% is full path from where the malware is run. Please also note that only high level registry changes are shown for simplicity (the keys and values are not shown).

Aliases

Aliases

    N/A