[INFO] AnalystName=Andrei Brasoveanu AnalystEMailID=brasoveanua@comodo.com Team=Romania Date=11-Jan-2010 Type=ApplicUnsaf Platform=Win32 SubType= Family=Capredeam Variant= [OVERVIEW] It belongs to the Porn-Dialers malware family. It is considered an unsafe application, as it uses a modem to establish connections to different online pornographic services, without the user's consent and then it dials a number that adds long-distance charges to the telephone bill. [TECHNICAL_DESCRIPTION] Files added: C:\Documents and Settings\UserName\Start Menu\Programs\HOT Dialer\sample_name.lnk C:\Documents and Settings\UserName\Start Menu\Programs\HOT Dialer\Uninstall sample_name.lnk C:\Documents and Settings\UserName\Start Menu\sample_name.lnk C:\Program Files\Montorgueil\14.05068 C:\Program Files\Montorgueil\sample_name\sample_name.exe C:\Program Files\Montorgueil\sample_name\sample_name.ico Registry Keys & Values added: HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\10442\1\Fournisseur: "0" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\10442\1\Ver: "1405068" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\10442\1\Produit: "0" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\10442\1\Tracking: "0" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\UserId\ID: "0021051" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\UserId\Pays: "1" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\UserId\Langue: "9" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Modem: "" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\CanLaunch: "O" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Device: "" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Num: "0" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Prefixe: "0" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Silent: "N" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Kit0\Standard: "N" HKU\S-1-5-21-329068152-746137067-1202660629-1003\Software\Montorgueil\Access: "H" Network connections: It establishes a connection with public.carpediem.fr. [SYMPTOMS] When executed, it creates a welcome window from which the user is prompted to read Terms & Condition, select the country/location and then Accept or Quit. [DISINFECTION] Install Comodo AntiVirus to remove this threat.