My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Dialer.FU

MEDIUM
LOW
~110KB (packed)
(Trojan.Win32.Dialer.fu, Dialer.Topay, W32/Dialer.FU-tr)

Symptoms

Presence of a c:\[number]\ folder, where [number] is a string that might look like “103892”. This folder contains actibrow.dll, bulk_exe.html and some other files.

 

The following keys may appear in the registry:

  • HKCU\Software\phoneaccessexe2\[number]\  (where [number] is the same string as above)
  • HKLM\Software\Microsoft\CurrentVersion\Uninstall\[number]
  • HKCR\phoneaccessexe.phoneaccessexe  set to “phoneaccessexe Class”

Presence of a new shortcut on desktop, pointing to the executable file from c:\[number]\ folder.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Marius Vanta, virus researcher

Technical Description:

Trojan.Dialer.FU is a dialer program which tries to dial high-cost numbers using your modem.

When it is run for the first time, it may create a new folder on drive C and drop there some other components, including a DLL file, some Java Script files, a HTML file (which is loaded when the exe file is started) and a copy of itself. It might also create a desktop shortcut.