Antivir Found Same Dialer Twice

Discussion in 'other anti-virus software' started by Prince_Serendip, Mar 3, 2004.

Thread Status:
Not open for further replies.
  1. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    A couple of weeks ago Antivir PE found DIAL/Watch.147648 on my machine. It was in a file I had downloaded sometime ago but had not gotten around to installing yet. I let Antivir delete it.

    It found the exact same dialer again in a scan I did last night. It was deleted per instructions I had set previously. I have yet to try running a full scan again but it puzzles me how it could have gotten on my machine at all. :eek:

    Did it re-install itself or did I pick it up surfing? I have downloaded only updates to my security programs since.

    Any of you have any ideas? Thanks in advance.

    Larry
     
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    You will need to give more information as to the full path where tis dialer was found on your PC.

    Is that DIAL/Watch.147648 the name Antivir gave it ? If so what is the actual name of the file on your PC that it stated was infected with the signature they cam up with for this dialer ? and of course the location.
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    FYI...DIAL/Watch.147648 was just recently put into the data base for

    Vexira Antivirus is updated on a weekly basis and/or daily as need for fast spreading viruses. The last update was on: February 5, 2004 for the following viruses, trojans and other malicious applications:




    DIAL/Watch.147648,
    February 4, 2004 -- Daily Update


    http://centralcommand.com/updates.html

    along with many other dialers on that day...Vexira is like the paid version of Antivir.

    I suspect that what ever it is you have on your machine called Watch.147648 is not that malicious or it is a bad call out and a false positive.


    Have you submitted the file to Antivir o_O
     
  4. FanJ

    FanJ Guest

    Hi Larry ;)

    If you still have that file, would you please send a (zipped) copy to Gavin:
    submit@diamondcs.com.au

    Cheers, Jan.
     
  5. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    I will try to find where I downloaded that file. You see, Antivir deleted it. It's gone. It was originally downloaded to C:\My Documents\My Received Files. I remember that it was a process viewer. I shall try to backtrack and find it again. I will check my Opera logs too.

    Dialers are not the same as viruses. That's why I was asking the above questions. Maybe it was a false positive, then how come it's been found again? That one was also deleted (I wasn't available at the time). I am searching my Antivir logs. The only "dialer.exe" I have found so far is listed as having a bad header in my CAB files! That's probably not it.

    Thanks so far,

    Larry
     
  6. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    There was a viewer of sorts that is at a russian download site that has a reputation for having something like that inside of the application..but that certainly would not explain for you to finding it twice..and if I read you right..you did not even install whatever this was at this time from your my documents..so i assume whatever you did have there..would be the Installer for a proggie..it that correct ?
     
  7. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Yes, it was a zipped package. I never go to Russian sites, but who is to say where they got it before I got it?? When I first downloaded that file I was using AVG, not Antivir.

    My Opera logs are nonexistent. Comes from using stuff that deletes History and Cache! :rolleyes: ;)

    Personal comment/aside:
    The problem with being able to remember everything is sometimes you get lost in your own memories. I will keep searching. It's gotta be around here somewhere! ??

    I would like to know, can a dialer run in the background while I am online? So far, I see no large phone bills.

    You understand it did not find it in the same place twice. In different folders which is why I am now worried. I hope that this is a false alarm. I have scanned also with Adaware, SpybotS&D, and The Cleaner. Nada.
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    I would like to know, can a dialer run in the background while I am online? So far, I see no large phone bills.

    Not if you have a fire wall...and all personal aside..it is impossible to do the detective work with you on it since you do not have any of the evidence :D so all would be speculation..so i will leave you to it then so this thread does not just turn into further speculations or extraneous info.

    Has nothing to do with a russian site where you could find the viewer I know of..it is offered on many .com site but they have "valued added" it.

    the author of the orginal was Copyright 1995-2003 Igor Nys

    but there are some sites which have their own version of it with nasties in it..

    You never did state the other place on you PC it was found the second time..but if you find it again..you know now what to do with it...what ever it was.


    This thread and the viewer might help..

    https://www.wilderssecurity.com/showthread.php?t=11991;start=msg79560#msg79560

    and not sure what OS you have now but here are more

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml


    http://www.xmlsp.com/pview/prcview.htm
     
Thread Status:
Not open for further replies.