Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Spyware.Jgidol

Spyware.Jgidol

Updated:
September 26, 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Spyware.Jgidol is a security risk that sends email addresses and user names to a remote host.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version September 26, 2006
  • Latest Daily Certified version January 26, 2015 revision 023
  • Initial Weekly Certified release date September 27, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.Jgidol is a security risk that sends email addresses and user names to a remote host.

Once executed, the security risk creates the following file:
%UserProfile%\Desktop\[JAPANESE TEXT].txt

It then sends email to Support@jgidol.com with the user's email address.

The risk modifies the following registry entry to change the start page of Internet Explorer:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" = "http://jgidol.com/start.php?m=[EMAIL ADDRESS]n=[USERNAME]"

It connects to the jgidol.com domain and plays a movie file.
Writeup By: Symantec