Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Dialer.Coder

Dialer.Coder

Updated:
13 February 2007
Publisher:
Global Netcom GmbH
Risk Impact:
High
File Names:
ieloader.dll
Systems Affected:
Windows

Behavior


Dialer.Coder is an ActiveX component that Web pages can use to download dialer programs to your computer. The dialer program may be used to access premium-rate services.

Symptoms


Your Symantec program detects this threat as Dialer.Coder.

Behavior


The most common installation method for this ActiveX control is through various Web sites.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 07 May 2019 revision 006
  • Initial Daily Certified version 06 July 2004
  • Latest Daily Certified version 07 May 2019 revision 008
  • Initial Weekly Certified release date 07 July 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Dialer.Coder is installed, it creates the registry key:

HKEY_CLASSES_ROOT\CLSID\{00000000-CDDC-0704-0B53-2C8830E9FAEC}

Dialer.Coder may attempt to download dialer programs from predetermined Web sites.



The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Close modem connections.
  3. Record the path to the ieloader.dll file.
  4. Unregister the ieloader.dll file.
  5. Run a full system scan and delete all the files detected as Dialer.Coder.
  6. Delete the subkey that was added to the registry.
For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To close modem connections
This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

3. To record the path to the ieloader.dll file
  1. Start your Symantec antivirus program and run a full system scan.
  2. If any files are detected as Dialer.Coder, record the path to the file. Do not try to delete it at this time.
4. To unregister the ieloader.dll file
  1. Click Start > Run.
  2. Type, or copy and paste, the following text:

    regsvr32 /u <path\ieloader.dll>

    then click OK.

    For example, if the ieloader.dll was detected in the C:\Windows folder, you would type:

    regsvr32 /u C:\Windows\ieloader.dll
  3. If a dialog box confirming that this action appears, click OK.

5. To scan for and delete the files
  1. Start your Symantec antivirus program, and then run a full system scan.
  2. If any files are detected as Dialer.Coder, click Delete.

    Note:
    If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
6. To delete the subkey from the registry

WARNING:
Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.

Note:
This is done to make sure that all the keys are removed. They may not be there if regsvr32 removed them.
  1. Click Start > Run.
  2. Type regedit

    Then click OK.

  3. In the left pane, navigate to the key:

    HKEY_CLASSES_ROOT\CLSID

  4. Delete the subkey:

    {00000000-CDDC-0704-0B53-2C8830E9FAEC}

  5. Exit the Registry Editor.