Description

An ActiveX installer control for premium-rate phone diallers, distributed by Spanish company Matrix Technology Network SA.

Also known as

Msa32chk, or LanzarDLL, after filenames used by the software.

Distribution

Installed by ActiveX drive-by-download on porn pages.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes, critical. Any HTML page can direct the ActiveX control to download and run arbitrary, unsigned executable code from any server.

Stability problems

Unknown.

Removal

Open the Downloaded Program Files folder inside the Windows folder, and delete the control called 'Marcador Class'.

This does not, unfortunately, uninstall the software itself.

Manual removal

Next, open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u MSA32CHK.DLL

Open the registry (click 'Start', choose 'Run', enter 'regedit'), and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Delete the entry called 'Dialer', which uses rundll32.exe to run msa32chk.dll. Find the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions, and delete the subkey {03FBB191-FB50-4154-91D7-587D5E3C0000}.

Open the Application Data folder. You can find this inside your user folder in 'Documents and Settings' on Windows 2000 or XP, or in your user folder in 'Profiles' in the Windows folder on Windows NT, or directly inside the Windows folder on Windows 95, 98 and Me. Delete the 'MATRIX' folder inside Application Data.

You can also delete MSA32CHK.DLL from the System folder (which is inside the Windows folder, and is called 'System32' on Windows NT, 2000 and XP), and any dialler icons added to your desktop and Start menu.