Spyware.Jgidol

Spyware.Jgidol

Updated:
26 September 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Spyware.Jgidol is a security risk that sends email addresses and user names to a remote host.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 01 February 2015 revision 020
  • Initial Daily Certified version 26 September 2006
  • Latest Daily Certified version 26 January 2015 revision 023
  • Initial Weekly Certified release date 27 September 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.Jgidol is a security risk that sends email addresses and user names to a remote host.

Once executed, the security risk creates the following file:
%UserProfile%\Desktop\[JAPANESE TEXT].txt

It then sends email to Support@jgidol.com with the user's email address.

The risk modifies the following registry entry to change the start page of Internet Explorer:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" = "http://jgidol.com/start.php?m=[EMAIL ADDRESS]n=[USERNAME]"

It connects to the jgidol.com domain and plays a movie file.
Writeup By: Symantec