Updated: February 13, 2007 11:42:14 AM
Type: Dialer
Risk Impact: High
File Names:
EGCOMSERVICE2.dll
EGCOMSERVICE_1051.dll
Systems Affected: Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Dialer.Inproc.B is executed, it performs the following actions:
- Creates the following files:
- %SYSTEM%\EGCOMSERVICE2.dll
- %SYSTEM%\EGCOMSERVICE_1051.dll
- Adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
so that Dialer.Inproc.B runs everytime Internet Explorer is started.
- Creates the following registry keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EGCOMSERVICE.EGComSvc
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EGCOMSERVICE.EGComSvc.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2.1
- May dial a high-cost number or download a dialer from the Internet.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
