(Trojan.Win32.Dialer.fu, Dialer.Topay, W32/Dialer.FU-tr)
Presence of a c:\[number]\ folder, where [number] is a string that might look like “103892”. This folder contains actibrow.dll, bulk_exe.html and some other files.
The following keys may appear in the registry:
- HKCU\Software\phoneaccessexe2\[number]\ (where [number] is the same string as above)
- HKCR\phoneaccessexe.phoneaccessexe set to “phoneaccessexe Class”
Presence of a new shortcut on desktop, pointing to the executable file from c:\[number]\ folder.
Please let BitDefender disinfect your files.
Marius Vanta, virus researcher
Trojan.Dialer.FU is a dialer program which tries to dial high-cost numbers using your modem.
When it is run for the first time, it may create a new folder on drive C and drop there some other components, including a DLL file, some Java Script files, a HTML file (which is loaded when the exe file is started) and a copy of itself. It might also create a desktop shortcut.