Full
Name: |
IpBill.Dialer |
| Type: |
Dialer |
| Also Known As: |
Coulomb Dialer
comload
Saristar
Pornpaq
Downloader-BR(McAfee) |
| Created By: |
Comload |
| Danger Level: |
7 |
| Category Description: |
A program that can secretly change your dialup connection setting so that instead of calling your local internet provider, your PC calls are routed to an expensive 0900 or international phone number. |
| Official Description: |
Comload is an ActiveX control placed on web sites to load and run executable files, notably premium-rate diallers. One of the types of dialler installation used by Coulomb, through ActiveX drive-by-download on porn-related pages. |
| Comment: |
After the control is installed, any web page has the ability to run any executable file on the local machine.
|
| |
|
| Information URL: |
http://www.coulomb.co.uk/ |
| Properties: |
|
| Manual Removal: |
Open the registry (Start->Run->regedit) and remove the following keys:
HKEY_CLASSES_ROOT\Comload.loader
HKEY_CLASSES_ROOT\Comload.loader.1
HKEY_CLASSES_ROOT\Comload.loader2
HKEY_CLASSES_ROOT\Comload.loader2.1
HKEY_CLASSES_ROOT\dctl
HKEY_CLASSES_ROOT\CLSID\{9E1089BC-1AE8-4685-8D77-6721E5C318A8}
HKEY_CLASSES_ROOT\CLSID\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}
HKEY_CLASSES_ROOT\Interface\{19E91D82-7AD7-419F-866A-58C122DB1459}
HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}
HKEY_CLASSES_ROOT\TypeLib\{266F948A-3DEE-4270-8F55-E79ACCD569FA}
Then open the System folder (inside the Windows folder, named 'System32' under Windows XP/2000/NT or just 'System' under Windows Me/98/95), and delete the file 'comload.dll'.
|
