Pieter_Arntz
April 30th, 2005, 06:13 AM
A very active variant of Dialer.Asdplug (http://www.sarc.com/avcenter/venc/data/dialer.asdplug.html)
Can be recognized in a HijackThis log as:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N
Fix those entries and delete the file.
In the registry the following changes may have to be made.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"EnableAutodial" = "0"
[-HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN]
Beware that the EnableAutodial might have had the value 1 before the infection and the user may even need it.
Can be recognized in a HijackThis log as:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N
Fix those entries and delete the file.
In the registry the following changes may have to be made.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"EnableAutodial" = "0"
[-HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN]
Beware that the EnableAutodial might have had the value 1 before the infection and the user may even need it.