Dial/Switch-E

Please follow the instructions for removing dialers.

Dial/Switch-E is a premium rate porn dialler. When the dialler is installed it may attempt to dial premium rate services without the knowledge of the user.

Dial/Switch-E will attempt to reduce security levels and lock down control of Internet Explorer and Netscape by setting the following registry entries:

HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\
FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
0

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\
FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
0

HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow\
*.ffx23wl.nl

HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications
<Path to Dialler>
"Yes"

HKCU\Software\Netscape\Netscape Navigator\Viewers\
TYPE42
"application/x-callswitch"

HKCU\Software\Netscape\Netscape Navigator\Viewers\
application/x-callswitch
<Path to Dialler>

The dialler will also attempt to register a new MIME class of "application/x-callswitch" with ".cxq" and ".mxq" extentsion by setting entries in:

HKCR\Classes\
HKCR\MIME\Database\Content Type\application/x-callswitch\

Dial/Switch-E creates a copy of itself in the Windows system folder and creates the following registry entry in order to run automatically on computer login:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
OpenMstart =
<path to Dialler>

Registry entries will also be created under:

HKLM\SOFTWARE\MStart2Page

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch

and referencing this CLSID:

5CBF8C22-E9A6-11D7-90FE-000AE4012DB4