XDiver
downloads can connect to many different
phone numbers with differing prices.
Costs up to €300 per call have
been seen from XDiver.
Once installed, web sites can direct
XDiver to dial other numbers using
DPF files.
Spyware Characteristics
Description:
A
German premium-rate phone dialer.
Changes the users dialup settings to
use a premium number to look at porn
sites.
It shows a "Microsoft"-ish
screen claiming to be an "update
of your dialup software".
Object is called internally "XDIVER.XDIVER.201"
and seems to be related to a plugin
called "npxd32.dll".
Properties:
Stays resident in background.
Stealth: hides itself from user.
Makes changes to browser settings.
What it does?
Advertising:
No.
Privacy
violation:
No.
Security
issues:
No.
Stability
problems:
No.
Method of infection
Installed
by ActiveX drive-by-download in a pop-up
window that imitates a Windows software
installation dialogue. It describes
XDiver as a "Kostenloses Update
der Verbindungssoftware" (free
connection software update). If you
refuse the download, a JavaScript error
appears and it attempts the process
again.
Pages with these pop-ups have also
been promoted through misleading junk
e-mail (spam) campaigns.
Removal Instructions
bulletproofsoft.com
"Spyware Remover" is the best
tool for the removal of this spyware.
Spyware Information
