Updated: February 13, 2007 11:42:05 AM
Type: Dialer
Risk Impact: High
File Names: antyvirk.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Dialer.Eroskop is executed, it does the following:
- Creates the following files:
- %Temp%\1.swf
- index.html
- %Windir%\antyvirk.exe
Notes:
- %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Copies itself as "Ulubione strony.exe" on the Desktop.
- Adds the values:
"UninstallString" = "%Windir%\antyvirk.exe usek"
"DisplayName" = "CONNECT"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT
- Adds the value:
"AntyVirK" = "%Windir%\antyvirk.exe ukrt"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Uses a modem to dial a high-cost phone number.
- Displays the following window:
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
