||||
Symantec.com > Security Response > Threats and Risks > Dialer.ICcontrol
PRINT THIS PAGE

Dialer.ICcontrol

Printer Friendly Page

Updated: February 13, 2007 11:46:36 AM
Type: Dialer
Risk Impact: High
File Names: icc.dll iccontrol.exe natydave1.exe sp2ydave1.exe ydave1.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Dialer.ICcontrol is executed, it performs the following actions:
  1. Creates the following files:

    • %Windir%\icc.dll
    • %Windir%\iccontrol.exe
    • %Windir%\madchook.dll (non-malicious component)

      Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Adds the value:

    "ICcontrol" = "%Windir%\iccontrol.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

  3. Registers the following service:

    Service Name: mchInjDrv
    Path to executable: "\??\%UserTemp%\mc2A.tmp"

    Note: %UserTemp% is a variable that refers to the current user's temporary folder. By default, this is C:\Documents and Settings\[CURRENT USER]\Local Settings\Temp (Windows NT/2000/XP).

  4. Adds the values:

    "DisplayName" = "Internet Connection Control"
    "UninstallString" = "%Windir%\iccontrol.exe /Remove"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICcontrol
  5. Adds the value:

    "iccontrol" = "08714715287"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5158BCD9-12AB-4301-8F5B-D4911E2AF3FA}
  6. Modifies the value:

    "UserInit" = "S7=240"

    in the registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000
  7. Modifies internet proxy settings for used dial-up connections.

  8. Modifies the values:

    "ProxyServer" = "[proxy uri]"
    "ProxyOverride" = "local"

    in the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  9. Enables the proxy by modifying the value:

    "ProxyEnable" = 1

    in the following registry subkeys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles
    \Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS