Dialer.Sfonditalia

Printer Friendly Page

Updated: February 13, 2007 11:44:06 AM

Type: Dialer

Risk Impact: Medium

File Names: italydldl1.exe adulto.exe sgrunt.biz_dai.exe

Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Dialer.Sfonditalia is installed, it does the following:

Creates the following .lnk files, which link to a copy of the dialer executable:
- %UserProfile%\Desktop\WinMoviePlugIn.lnk
- %UserProfile%\Desktop\explorer.lnk
- %UserProfile%\Start Menu\Programs\WinMoviePlugIn.lnk
- %UserProfile%\Start Menu\Programs\explorer.lnk
- %UserProfile%\Start Menu\WinMoviePlugIn.lnk
- %UserProfile%\Start Menu\explorer.lnk
- %UserProfile%\My Documents\WinMoviePlugIn.lnk
- %UserProfile%\My Documents\explorer.lnk
- %UserProfile%\Favorites\WinMoviePlugIn.lnk
- %UserProfile%\Favorites\explorer.lnk
  
  Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
- These filenames can have modified to include an extra letter. For example WlinMoviePlugIn.lnk,elxplorer.lnk and exsplorer.lnk
Creates a dial-up connection named Connessione Predefinita. This connection is configured to connect to a high-cost number starting with prefix 702.
Changes the Internet Explorer home page to a Web site on the www.sfonditalia.biz domain.
Adds the www.sfonditalia.biz domain to the Internet Explorer trusted sites.
Asks the user if it can continue with the installation, when the dialer is executed. If the user clicks "Si", the dialer makes a connection to a remote server by dialing a high-cost number using a modem.
Adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units \{FFFF0003-0001-101A-A3C9-08002B2F49FB} HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap \Domains\archiviosex.net HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap \Domains\linkautomatici.com HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap \Domains\sfonditalia.biz HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap \Domains\sgrunt.biz HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap \Domains\skymasters.biz HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform \Sgrunt HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform \snprtz

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}