derbiz.com hijacker

Discussion in 'spyware news and general information' started by Pieter_Arntz, Apr 30, 2005.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    A very active variant of Dialer.Asdplug

    Can be recognized in a HijackThis log as:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/

    O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N

    Fix those entries and delete the file.

    In the registry the following changes may have to be made.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "EnableAutodial" = "0"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN]

    Beware that the EnableAutodial might have had the value 1 before the infection and the user may even need it.
     
    Last edited: Apr 30, 2005
    Pieter_Arntz, Apr 30, 2005
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...