derbiz.com hijacker

Discussion in 'news, general information and FAQs' started by Pieter_Arntz, Apr 30, 2005.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    A very active variant of Dialer.Asdplug

    Can be recognized in a HijackThis log as:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/

    O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N

    Fix those entries and delete the file.

    In the registry the following changes may have to be made.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "EnableAutodial" = "0"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN]


    Beware that the EnableAutodial might have had the value 1 before the infection and the user may even need it.
     
    Last edited: Apr 30, 2005
Thread Status:
Not open for further replies.