TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
DIAL_SGRUNT.A
Overview
Solution

QUICK LINKS  

Download the latest scan engine

In the wild: No

Reported detections:

 Low
 

Description:

Threat Type: Dialer

Systems Affected: Windows 95, 98, NT, 2000 XP

Download URL: www.sgrunt.biz

Dialers attempt to connect to a predefined phone number to access certain sites (usually adult sites). This usually results to unwanted phone charges against affected users.

Solution:

TREND MICRO SOLUTION

  • Minimum scan engine version needed: 7.100
      TMAPTN version needed: 206.09

MANUAL REMOVAL INSTRUCTIONS

Identifying the Dialer Program

Download the latest spyware pattern file and scan your system. Note all files detected as DIAL_SGRUNT.A.

Terminating the Dialer Program

This procedure terminates the running dialer process. You will need the name(s) of the file(s) detected earlier.

  1. Open Windows Task Manager.
    » On Windows 95 and 98, press
    CTRL+ALT+DELETE
    » On Windows NT, 2000, and XP, press
    CTRL+SHIFT+ESC, then click the Processes tab.
  2. In the list of running programs*, locate the dialer file(s) detected earlier.
  3. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
  4. Do the same for all detected dialer files in the list of running processes.
  5. To check if the dialer process has been terminated, close Task Manager, and then open it again.
  6. Close Task Manager.
*NOTE: On systems running Windows 95 and 98, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the dialer process. Otherwise, continue with the next procedure, noting additional instructions.

Restoring Modified Internet Security Settings

  1. Open Internet Explorer browser.
  2. In the Menu bar, Click Tools>Internet Options.
  3. Click on the Security Tab and select the Internet (globe) icon
  4. Move the slider according to your preference.
  5. Close Internet Options window.

Additional Windows XP Cleaning Instructions

Users running Windows XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download the latest spyware pattern file and scan your system. Then, delete all files detected as DIAL_SGRUNT.A.

Details:

Upon execution, this dialer program attempts to connect to a modem and dial the number 857793374.

It also adds the following Web site to the Internet Explorer’s trusted sites:

    www.sgrunt.biz
Analysis by: Marianne Mallen

For additional information about this threat, see:
Solution

Description created: Jan 22, 2005




Tell us how we did. Take our quick survey.