Home / Virus Definitions
WinCE/Terdial.A
|
UMU Scan protects against this virus. |
|
High |
Trojan |
263 |
15/04/2010 |
15/05/2010 |
WinCE/Terdial.A
Virus Type: Trojan
Threat Level: High
WinCE/Terdial.A is a Trojan Dialer application for devices running Windows CE with .Net Framework.
It arrives as a Trojanized version of the game HUIKE 3DAntiTerrorist using the following CAB filename
antiterrorist3d.cab
Upon execution of the package, it drops and executes a malicious executable, reg.exe, then copies itself as
\\Windows\\smart32.exe
It creates the following registry entry setting that the malware has been installed in the system.
CurrentUser\Alpha\Status = 1
It then sets to execute the malware again in the next 3 days.
On the third day since installation, the malware will then attempt to dial the following numbers, mostly international numbers, without the user’s consent, every 50 seconds
+8823460777
+17675033611
+88213213214
+25240221601
+2392283261
+881842011123
After dialing, it will set its next execution for the next month following the first execution.
Manual Disinfection
The following disinfection routine applies to affected mobile devices only:
- Scan your mobile device with UMU Scan. Terminate the running process of files detected as WinCE/Terdial.A
- Delete the following: \\Windows\Smart32.exe
- Deleted all other files detected as WinCE/Terdial.A.