Absolu-trans Dialer Profile
Title: Absolu-trans
Also Known as: Dialer.Carpe_Diem, Adh1_sexarea
Severity scale:
Absolu-trans was first discovered on August 17 of 2006. It is distributed by Carpe Diem, a well-known developer of Porn Dialers, and is transmitted from websites promoting transsexual pornography. It is of French origin.
Absolu-trans, as most programs of its type, is installed on your computer by an ActiveX drive-by download. It has also been seen to be manually installed in some cases. Some of its hosting sites are absolutrans.com, exotiquetrans.com, and eclateanus.com.
Absolu-trans attacks your computer by hijacking your computer’s dial-up modem. It starts with a pop-up window showing the Terms and Conditions for using their product. It then exploits it to call “900” phone numbers instead of your usual Internet service provider to the tune of $3.99 per minute. This can result in enormous phone bills. Carpe Diem shares in the spoils with the phone number’s server, if it’s not they who own it.
Absolu-trans also serves as a component for other malware programs. Trojans, such as Backdoors and Downloaders are typical, as are Worms. In this capacity, it provides the connection to the server, typically by IRC technology. It also comes bundled with other Dialer programs under the collective “Carpe Diem” aliases.
If you discover that you are infected with Absolu-trans, you should remove it immediately with SpyZooka.
Also Known As:
Dialer.Carpe_Diem
Adh1_sexarea,
Asiatsex, BlondeSalope,
CazzoCulo, F, Dialer.CapreDeam
Dialer-Generic, orgieanal,
TROJ_MALPIH.A, Dialer.Agent.Gen,
Dial/Carped-K, Dialer.Win32.Adialer
Spyware Type:
Dialer
Associated Files:
Desktop\orgieanal.lnk
Start Menu\orgieanal.lnk
Start Menu\Programs\HOT Dialer\orgieanal.lnk
Owner\Start Menu\Programs\HOT Dialer\Uninstall orgieanal.lnk
Program Files\Montorgueil\14.06368
Program Files\Montorgueil\orgieanal\orgieanal.exe
Program Files\Montorgueil\orgieanal\orgieanal.ico
Temporary Files\absolu-trans.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2DCB4C0C78BBE64B52C0312BAB2E95EA2971C353
Blob=hex:03,00,00,00,01,00,00,00,14,00,00,00,2d,cb,4c,0c,78,bb,e6,4b,52,c0,31,2b,ab,2e,95,ea,29,71,c3,53,20,00,00,00,01,00,00,00,e8,03,00,00,30,82,03,e4,30,82,03,4d,a0,03,02,01,02,02,03,21,33,5b,30,0d,06,09,2a,86,48,86,f7,0d,01,01,04,05,00,30,55,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,25,30,23,06,03,55,04,0a,13,1c,54,68,61,77,74,65,20,43,6f,6e,73,75,6c,74,69,6e,67,20,28,50,74,79,29,20,4c,74,64,2e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,61,77,74,65,20,43,6f,64,65,20,53,69,67,6e,69,6e,67,20,43,41,30,1e,17,0d,3…
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKEY_CURRENT_USER\Software\Montorgueil Access=”H”
HKEY_CURRENT_USER\Software\Montorgueil\Kit0
ADD CanLaunch=”O”
ADD Device=”"
ADD Modem=”"
ADD Num=”0″
ADD Prefixe=”0″
ADD Silent=”N”
ADD Standard=”N”
HKEY_CURRENT_USER\Software\Montorgueil\Kit0/16643]
HKEY_CURRENT_USER\Software\Montorgueil\Kit0/16643\1]
ADD Fournisseur=”0″
ADD Produit=”0″
ADD Tracking=”0″
ADD Ver=”1406368″
HKEY_CURRENT_USER\Software\Montorgueil\Kit0\16643]
HKEY_CURRENT_USER\Software\Montorgueil\Kit0\UserId]
ADD ID=”0018765″
ADD Langue=”9″
ADD Pays=”1″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control]
ADD ActiveService=”RasMan”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control]
ADD ActiveService=”TapiSrv”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control]
ADD ActiveService=”RasMan”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control]
ADD ActiveService=”TapiSrv”
I don’t know how I was so stupid to download that thing. I am using SpyZooka’s services for some time and it even warned me about what I’m doing. I ignored the warnings and Here was this Dialer.Carpe_Diem… Thank god that SpyZooka removed it right away. You should never do what I’ve done