BaciamiStupido Dialer Profile

BaciamiStupido was first discovered on December 25 of 2005.  It of unknown origin.

BaciamiStupido, just like most any other Dialer, is stealthily installed on your computer by an ActiveX drive-by download.  It has also been manually installed in some cases.

BaciamiStupido attacks in several ways.  First, it attacks by hijacking your computer’s dial-up modem.  It exploits your modem to call a “900” phone number instead of your usual Internet service.  This will result in gigantic phone bills.

BaciamiStupido is also a Rogue ActiveX Controller, similar to a Trojan Downloader, and it’s also a Browser Hijacker.  It downloads updates of itself and other malicious programs.  It also resets your home page to www.popup-freesex-adv.biz.

If you discover that you are infected with BaciamiStupido, you should remove it immediately with ZookaWare PC Cleaner.

Also Known As:
[Kaspersky] Trojan-Clicker.Win32.Small.hj
[McAfee] Generic AdClicker.o
[Symantec] Dialer.BaciamiStupido

Spyware Type:

Dialer,
Browser Hijacker,
Rogue ActiveX Controller

Associated Files:

%UserProfile%\Start Menu\[RANDOM FILE NAME]
%UserProfile%\[RANDOM FILE NAME]
%System%\_PHB1
%System%\ciakaisen.exe
%System%\smallActive.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-videochat-community.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nanobyte.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\umts-gprs-mondo-telefonino-cellulare.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baciamistupido.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popup-freesex-adv.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ricercadoppia.com\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\roserosse.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terzodesiderio.biz\www “*” = “2”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1001” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1004” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1200” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1201” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1400” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1402” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1405” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1406” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1407” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1609” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1800” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “1803” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “CurrentLevel” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “MinLevel” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 “RecommendedLevel” = “0”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ciakaisen.exe” = “%System%\ciakaisen.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs “%System%\ciakaisen.exe” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs “%System%\smallActive.dll” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{9F5BB9E1-31AE-4A13-8734-15CED0F60A3D}
HKEY_CLASSES_ROOT\CLSID\{9F5BB9E1-31AE-4A13-8734-15CED0F60A3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\
{8DAB5C8C-C784-4651-84F7-B6C9F4EEC53D}
HKEY_CLASSES_ROOT\TypeLib\{8DAB5C8C-C784-4651-84F7-B6C9F4EEC53D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveXCOM.myActiveXCOM
HKEY_CLASSES_ROOT\ActiveXCOM.myActiveXCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\
Distribution Units\{9F5BB9E1-31AE-4A13-8734-15CED0F60A3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\%System%/ciakaisen.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\%System%/smallActive.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{9F5BB9E1-31AE-4A13-8734-15CED0F60A3D}
HKEY_CURRENT_USER\Software\ADWhere Component

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

2 Responses

  1. Danna Giff says:

    I am here to say thanks. Yesterday I thought my computer is finished, but thanks to SpyZooka BaciamiStupido is history. I’m glad that you exist!

  2. Sam Conway says:

    I was surprised that SpyZooka installed so easy and it works great. I am using Windows XP. It sure cleaned up BaciamiStupido
    from my computer!

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php