Dialer.Hotstuff

Printer Friendly Page

Updated: February 13, 2007 11:51:26 AM
Type: Dialer
Risk Impact: Low
File Names: hotstuff.exe hotsex.exe xxxvideo.exe ngd.dll scr1.bmp fingerprint.txt
Systems Affected: Windows

Behavior


Dialer.Hotstuff is a dialer program that can be used to access pornographic web sites by dialing a high-cost number using a modem.

Symptoms



Your Symantec program detects Dialer.Hotstuff
A 'GO' Icon is displayed in the system tray
Hot Sex Icon is placed on the desktop
Hot Sex Icon is placed in the start menu
Hot Sex Icon is placed in the favorites folder

Transmission


The most common installation method for this dialer program is through visiting various web sites.

Updated: February 13, 2007 11:51:26 AM
Type: Dialer
Risk Impact: Low
File Names: hotstuff.exe hotsex.exe xxxvideo.exe ngd.dll scr1.bmp fingerprint.txt
Systems Affected: Windows


When Dialer.Hotstuff is executed it performs the following actions:

  1. Downloads hotsex.exe, xxxvideo.exe and ngd.dll from www.europlugin.com

  2. Creates the files:

    c:\hotsex.exe
    c:\xxxvideo.exe

  3. Stores the file, ngd.dll at C:\WINDOWS\System32


  4. Creates the registry key:

    HKEY_CLASSES_ROOT\Ngd2.ngd.1

  5. Creates the registry key:

    HKEY_CLASSES_ROOT\Ngd2.ngd

  6. Creates the registry key:

    HKEY_CLASSES_ROOT\{D8EFADF1-9009-11D6-8C73-608C5DC19089}

  7. Adds the value:

    "xxxvideo"="c:\xxxvideo.exe d"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the program starts when Windows starts.

  8. Creates the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\WebDialler

  9. Creates the registry key:

    HKEY_CURRENT_USER\Software\Microsft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2f20c2-36f5-11d9-bc36-806d6172696f}

  10. Creates the folder, C:\Program Files\WebDialler

  11. Displays a dialogue box which will provide access to pornographic web sites by dialing a high-cost number.

Updated: February 13, 2007 11:51:26 AM
Type: Dialer
Risk Impact: Low
File Names: hotstuff.exe hotsex.exe xxxvideo.exe ngd.dll scr1.bmp fingerprint.txt
Systems Affected: Windows


      without uninstall procedures