Description

An ActiveX control that drops diallers onto the host system.

Also known as

Ngd after the filename, internal object name and company name of the control.

Distribution

Installed by ActiveX drive-by-download from pop-up porn adverts; a particularly aggressive script is often used to repeatedly generate errors until the user agrees to allow it to install.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Any web site can direct the control to install a dialler.

Stability problems

None known.

Removal

Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u ngd.dll

Next, open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. There is likely to be an entry pointing to a porn dialler in the root folder of the C: drive, for example C:\xxxvideo.exe. If so, delete this value.

Restart the computer and you should be able to delete the 'ngd.dll' file in the System folder (in the Windows folder, called 'System' on Windows 95/98/Me or 'System32' on Windows NT/2000/XP). You can also delete dialler files in the C:\ root folder, such as xxxvideo.exe, hotporn.exe and possibly others with similar names, along with 'dp0.dll' if you have it.

You can also delete the 'WebDialler' folder in the Program Files folder and the 'HKEY_LOCAL_MACHINE\SOFTWARE\WebDialler' key in the registry (start->Run->regedit).