Dinoxi
Dinoxi, also known as Dioxin, is a dangerous worm that spreads through instant messages using the AOL Instant Messenger application. It sends messages containing a certain text and malicious links pointing to infected files to all the users on the AIM contact list. Once a victim clicks on such link, the worm installs itself to the computer and shows a message containing swear-words. Then Dinoxi initiates a spreading routine and runs a payload. The worm opens a back door providing the attacker with unauthorized remote access to a compromised PC. The intruder can control the entire computer and steal user sensitive information. Dinoxi also disables essential computer tools including the Task Manager, the Registry Editor and the Device Manager, cripples the DOS subcomputer, modifies Windows Explorer settings, changes the mouse, show and time format settings. Moreover, the spyware hides everything on the desktop and changes the Internet Explorer default home page. It may also install a recent variant of itself. Dinoxi automatically runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 dioxin.exe 2 o.exe 3 windio778.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsMenu=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRestrictRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskmgr=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemNoDevMgrPage=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode=1HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternetExplorerRestrictionsNoBrowserClose=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunScanRegistryHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesSchedulingAgentHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDesktop=1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.