1. /
  2. Security Response/
  3. Dialer.Hotstuff

Dialer.Hotstuff

Updated:
February 13, 2007 11:51:26 AM
Type:
Dialer
Risk Impact:
Low
File Names:
hotstuff.exe hotsex.exe xxxvideo.exe ngd.dll scr1.bmp fingerprint.txt
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Dialer.Hotstuff is executed it performs the following actions:
  1. Downloads hotsex.exe, xxxvideo.exe and ngd.dll from www.europlugin.com

  2. Creates the files:

    c:\hotsex.exe
    c:\xxxvideo.exe

  3. Stores the file, ngd.dll at C:\WINDOWS\System32


  4. Creates the registry key:

    HKEY_CLASSES_ROOT\Ngd2.ngd.1

  5. Creates the registry key:

    HKEY_CLASSES_ROOT\Ngd2.ngd

  6. Creates the registry key:

    HKEY_CLASSES_ROOT\{D8EFADF1-9009-11D6-8C73-608C5DC19089}

  7. Adds the value:

    "xxxvideo"="c:\xxxvideo.exe d"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the program starts when Windows starts.

  8. Creates the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\WebDialler

  9. Creates the registry key:

    HKEY_CURRENT_USER\Software\Microsft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2f20c2-36f5-11d9-bc36-806d6172696f}

  10. Creates the folder, C:\Program Files\WebDialler

  11. Displays a dialogue box which will provide access to pornographic web sites by dialing a high-cost number.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver