Home / malware Adware:MSIL/Dotdoads
First posted on 31 October 2014.
Source: MicrosoftAliases :
There are no other names known for Adware:MSIL/Dotdoads.
Explanation :
Threat behavior
Installation
We have seen Adware:MSIL/Dotdoads downloaded with the file name hd_video.exe and using the product name "UPlayer Media Player".
It can create the following files on your PC:
- C:\a\55791110.bat
- C:\a\80257796.zip
- C:\a\FiddlerCore.dll
- C:\a\internetport3.exe
- C:\a\loading.gif
- C:\a\ping.txt
- C:\a\ver.ini
It changes the following registry entry so that it runs each time you start your PC:
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "autoauto"
With data: "\ .bat"
Payload
Displays ads in webpages
Adware:MSIL/Dotdoads can replace iFrames on webpages with different advertising. These ads are different to what you would see if your PC wasn't infected with this threat.
Changes your browser settings
It locks or disables your web browser proxy settings by adding the following registry entry:
In subkey: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
Sets value: "Proxy"
With data: "dword:00000001"
When you view your browser LAN settings you won't be able to click or change the proxy server options:
Symptoms
The following can indicate that you have this threat on your PC:
- You have these files:
C:\a\55791110.bat
C:\a\80257796.zip
C:\a\FiddlerCore.dll
C:\a\internetport3.exe
C:\a\loading.gif
C:\a\ping.txt
C:\a\ver.ini
Last update 31 October 2014
