Detection added	May 09 2005 14:38 GMT
Update released	May 13 2005 13:46 GMT
Description added	Jul 21 2005
Behavior	not-a-virus:AdWare

Technical details

This is a potentially undesirable program. It is written in Visual C++. The installer is a file of 284160 bytes, packed using PECompact.

Installation

When launched, the installer extracts the following files from itself. These are installed to the system directory, without the knowledge of the user.

dgtnmres.dll - 101888 bytes
dgtstart.exe - 35840 bytes
dgtuninstall.exe - 19968 bytes
digitalnames.dll - 27648 bytes
\drivers\dgtsys.sys - 8384 bytes

It then registers dgtstart.exe in the system registry. This ensures the file will be executed every time Windows is rebooted

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dgtstart" = "dgtstart.exe"

Payload

This program collects data about which websites are visited using the infected computer, and sends them to the server. This information may be used to determine which advertising popups the program will display.

The program will also download updates from upgrade.digitalnames.net and redirect erroneous http calls to a server which is detailed in the body of the program.