1. /
  2. Security Response/
  3. Adware.Idocha

Adware.Idocha

Updated:
February 13, 2007 11:46:12 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Idocha is executed, it performs the following actions:
  1. Adds the value:

    "Start Page" = "[http://]idolch.net/[REMOVED]?n=[USER NAME]-l"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    to redirect the Internet Explorer home page to the idolch.net domain.

    Note: The Web site asks the user to pay fee for a porn service.

  2. Collects the following information from the compromised computer:

    • Email Address
    • Email Name

  3. Sends collected information to the following email address:

    idolch@iotechno.net

  4. Attempts to open a WMV file from [http://]idolch.net/[REMOVED]/movie/

  5. Creates the file [JAPANESE CHARACTERS].txt, which asks the user to pay fee for a porn service.

  6. Displays the following image:

    Title: 9e65_144as9f7
    Body: Interface ????????????.




Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver