Dialer.XDialer

Dialer.XDialer

Updated:
10 May 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Dialer.XDialer is a dialer that attempts to make an outgoing modem connection when run on a compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 02 October 2014 revision 022
  • Initial Daily Certified version 27 September 2004
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date 29 September 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Dialer.XDialer is a dialer that attempts to make an outgoing modem connection when run on a compromised computer.

The XDial.ocx file may be installed while surfing the Web as a drive-by download.

The risk creates the following registry subkeys to specify the file library type, to modify the Internet Explorer toolbar, and to register the file XDial.ocx:
HKEY_CLASSES_ROOT\TypeLib\{69A4F9F1-E915-11D5-A9F1-009099104002}\1.0\0\win32
HKEY_CLASSES_ROOT\CLSID\{69A4F9FF-E915-11D5-A9F1-009099104002}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{69A4F9FF-E915-11D5-A9F1-009099104002}\ToolboxBitmap32"

The risk also creates the following registry subkeys:
HKEY_CLASSES_ROOT\XDial.XDialer.1
HKEY_CLASSES_ROOT\XDial.XDialer
HKEY_CLASSES_ROOT\TypeLib\{69A4F9F1-E915-11D5-A9F1-009099104002}
HKEY_CLASSES_ROOT\Interface\{69A4F9FE-E915-11D5-A9F1-009099104002}
HKEY_CLASSES_ROOT\Interface\{69A4FA00-E915-11D5-A9F1-009099104002}
HKEY_CLASSES_ROOT\CLSID\{69A4F9FF-E915-11D5-A9F1-009099104002}

The risk makes use of the Remote Access Server in the Windows Operating System to make a dial-up connection to a remote computer.