1. Symantec/
  2. Security Response/
  3. Adware.Idocha


February 13, 2007 11:46:12 AM
Risk Impact:
Systems Affected:

When Adware.Idocha is executed, it performs the following actions:
  1. Adds the value:

    "Start Page" = "[http://]idolch.net/[REMOVED]?n=[USER NAME]-l"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    to redirect the Internet Explorer home page to the idolch.net domain.

    Note: The Web site asks the user to pay fee for a porn service.

  2. Collects the following information from the compromised computer:

    • Email Address
    • Email Name

  3. Sends collected information to the following email address:


  4. Attempts to open a WMV file from [http://]idolch.net/[REMOVED]/movie/

  5. Creates the file [JAPANESE CHARACTERS].txt, which asks the user to pay fee for a porn service.

  6. Displays the following image:

    Title: 9e65_144as9f7
    Body: Interface ????????????.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube