Content

Dialer-257

Type
Program
SubType
Dialer
Discovery Date
04/04/2005
Minimum DAT
4461 (04/04/2005)
Updated DAT
4918 (12/13/2006)
Minimum Engine
5.1.00
Description Added
04/04/2005
Description Modified
01/06/2006 6:29 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Characteristics:

Porn Dialers are applications which give the user access to a list of long-distance phone numbers for use with a pornographic "service".

This application searches for a dialup connection through modem. If such a connection is found it could display a web page showing access login and password. This login and password could then be used to connect to pornographic sites at much higher rates than normal phone usage rates.

This application is observed to download the following malwares

Registry Changes

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{2E246FAE-8420-11D9-870D-000C2917DE7F}: "Loader.LoaderObj"
    • TypeLib: "{FA5E664F-F78C-407A-AC4C-F8DC7FF394B9}"
    • Programmable\: ""
    • ProgID\: "Loader.LoaderObj.1"
    • InprocServer32\: "%system%\Loader.dll"
    • InprocServer32\ThreadingModel: "Apartment"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects\{2E246FAE-8420-11D9-870D-000C2917DE7F}\: ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\PTSSA\loader\tid: "34603"

Files Added

  • %system%\Loader.dll

Note: %system% is c:\windows\system for XP (not system32)

Aliases

Aliases

    N/A