An ActiveX control that drops diallers onto the host system.
Ngd after the filename, internal object name and company name of the control.
Installed by ActiveX drive-by-download from pop-up porn adverts; a particularly aggressive script is often used to repeatedly generate errors until the user agrees to allow it to install.
No.
No.
Any web site can direct the control to install a dialler.
None known.
Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u ngd.dll
Next, open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. There is likely to be an entry pointing to a porn dialler in the root folder of the C: drive, for example C:\xxxvideo.exe. If so, delete this value.
Restart the computer and you should be able to delete the 'ngd.dll' file in the System folder (in the Windows folder, called 'System' on Windows 95/98/Me or 'System32' on Windows NT/2000/XP). You can also delete dialler files in the C:\ root folder, such as xxxvideo.exe, hotporn.exe and possibly others with similar names, along with 'dp0.dll' if you have it.
You can also delete the 'WebDialler' folder in the Program Files folder and the 'HKEY_LOCAL_MACHINE\SOFTWARE\WebDialler' key in the registry (start->Run->regedit).