Home Malware Programs Dialers Dialer.Xpehbam.biz_dialer

Dialer.Xpehbam.biz_dialer

Posted: August 31, 2011

Dialer.Xpehbam.biz_dialer is a dialer application that connects to an affected computer and dials up a premium rate phone number via the victim's modem. Dialer.Xpehbam.biz_dialer is created to provide access to pornographic web resources. Dialer.Xpehbam.biz_dialer usually propagates through doubtful pornographic websites or bogus video codec files. Dialer.Xpehbam.biz_dialer will display annoying pop-up advertisement while surfing the Internet or you will be redirected to malicious pornographic websites. Dialer.Xpehbam.biz_dialer can also install Trojans and other infections on your computer without your consent and knowledge. Uninstall Dialer.Xpehbam.biz_dialer immediately before it harms your PC.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%All UsersApplication Data[RANDOM CHARACTERS].dll File name: %Documents and Settings%All UsersApplication Data[RANDOM CHARACTERS].dll
File type: Dynamic link library
Mime Type: unknown/dll
%Documents and Settings%All UsersApplication Data[RANDOM CHARACTERS].exe File name: %Documents and Settings%All UsersApplication Data[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}\(Default) = "&DownloadIt Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} = ""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[Fake program name]"
Loading...