||||
Symantec.com > Security Response > Threats and Risks > Dialer.Asdplug
PRINT THIS PAGE

Dialer.Asdplug

Printer Friendly Page

Updated: February 13, 2007 11:43:05 AM
Type: Dialer
Risk Impact: High
File Names: [ORIGINAL FILE NAME].exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Dialer.Asdplug is executed, it performs the following actions:
  1. Displays the following message:

    Title:  Confirm
    Message:  This call is not free, this call involves dialling a premium rate number, the cost is International Rates.

  2. Dials a high-cost-per-minute phone number and gives access to pornographic material, if connect is chosen.

  3. Copies itself as %System%\[ORIGINAL FILE NAME].exe.

    Notes:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • [ORIGINAL FILE NAME] refers to the name of the file that was executed to run the security risk. It has been reported that one name of the file executed is france.exe.

  4. Adds the value:

    "ASDPLUGIN" = "%System%\[ORIGINAL FILE NAME].exe -N"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  5. May create the following files, which are links to the risk:

    • %UserProfile%\Desktop\Click Me.lnk
    • %UserProfile%\Start Menu\Click Me.lnk
    • %UserProfile%\Start Menu\Uninstall Click Me.lnk
    • %UserProfile%\Desktop\Launch DerBiz.com.lnk
    • %UserProfile%\Start Menu\Launch DerBiz.com.lnk
    • %UserProfile%\Start Menu\Uninstall Launch DerBiz.com.lnk

      Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

  6. May add the value:

    "EnableAutodial" = "1"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    so that the modem is used automatically to make a connection when no Internet connection is present.

  7. Adds the value:

    "InternetProfile" = "Launch DerBiz.com"

    to the subkey:

    HKEY_CURRENT_USER\RemoteAccess

  8. May create the following registry subkey:

    HKEY_LOCAL_MACHINE\ASDPLUGIN


Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS