Trojan.Dialer.MQ

( Dial/Carped-I, Tool:PornDialer, W32/Dialer.OGL, Porn-Dialer.Win32.CapreDeam.k, Dial/Chivio.AD, Dialer.GUY )

SYMPTOMS:

• Presence of a folder named Montorgueil in your %ProgramFiles% dir.
  
• Presence of some new shortcuts: Start Menu\[OriginalExeName].lnk, Start Menu\Hot Dialer\[OriginalExeName].lnk and also a shortcut on desktop, where [OriginalExeName] is the file name of the trojan.
  
• Presence of some registry entries under HKCU\Software\Montorgueil\

TECHNICAL DESCRIPTION:

This trojan is a is a premium rate dialer, used to access pornographic material by dialing a high-cost number.

When it is run for the first time it will create a folder named Montorgueil in %ProgramFiles%. Here it will drop a copy of itself and then it will make shortcuts to this file. The shortcuts can be found on Desktop and in the Start Menu.

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Marius Vanta, virus researcher