Sorry but I’m in a bit of a panic at the moment. Standard shield says "last infected C:\ System Volume Information_restore{lots alphanumerics…\A0069968.dll}
Haven’t gotta clue how I got infected either - anyone know what this trojan does please?
19.06 Sign of “Win32:Dialer-gen. [Trj]” has been found in “C:\WINDOWS\system32\dial.dll” file.
19.13 Sign of “Win32:Dialer-gen. [Trj]” has been found in “C:\System Volume Information_restore{791C461D-AD30-48C5-AF08-8499E0A1490A}\RP193\A0069968.dll” file.
You seem to have a dialer: a program which connects you to a premium rate number for your dial up connection, instead of your ISP number. They are usually installed when a web site prompts you to install a small piece of software in order to access some (usually ‘adult’) content. They lead to huge phone bills, but do not affect anybody with broadband.
Send the file to the virus vault. To get rid of the system volume warning, you will have to delete all system restore files, bearing in mind that if you do later have a problem, you won’t be able to use system restore.
Disable system restore and reboot, that will get rid of the system volume information_restore warning.
you don’t say what you did on receipt of the warning/s? (first don’t panic, it doesn’t help), second do no harm (don’t automatically delete items), send them to the chest and investigate as you are doing.
Once you have rebooted, schedule a boot-time scan after that is complete and you are clean you can enable system restore again.
When you say you can’t find something on google, it would help if you said what it was you were looking for.
A search for dial.dll returns 504 hits.
A search for win32:dialer-gen is likely to return less as this is the avast virus name (and some other AVs virus name, only 5 hits less than helpful).
You would be wasting your time looking for the name in the _restore point as this is a name generated by windows at the time it creates the restore point (0 hits as expected), so as you can see there is a trick to searching using google.
19.06 Sign of “Win32:Dialer-gen. [Trj]” has been found in “C:\WINDOWS\system32\dial.dll” file.
It appears that I selected “delete” - if dial.dll is a legitimate dll should I download a copy from somewhere?
When the event below occurred I sent it to the chest - I guess I still have to lose my previuos restore points though!
19.13 Sign of “Win32:Dialer-gen. [Trj]” has been found in “C:\System Volume Information_restore{791C461D-AD30-48C5-AF08-8499E0A1490A}\RP193\A0069968.dll” file.
I have the latest SpywareBlaster definitions enabled & Spybot found nothing (although I’ve only just run it). An Ad-Aware scan is in progress as I type.
I recently opened a new tiscali email account which is now downloading 2 to 6 emails containing Win32:Swen [Wrm] warnings per day. The last week or so I’ve been frantically searching all over the net for a solution to svchost constantly accessing my hard drive. I’ve downloaded programs to help me with this but I haven’t knowingly been to any adult websites (no interest!).
I first used win32:dialer-gen on google but then just ‘win32 dialer’ - was out of my depth with the returns so I came here
Adaware has found nothing although there are 25 objects in an/the MRU list.
Frank,
Although at first glance there may appear to be a connection with “inheritance of acquired characteristics”, the link below explains why there isn’t (its only a few paragraphs long):
When using google for virus related stuff it is often better to search on the infected file name since there is no standard convention with virus naming hence win32.dialer-gen is not very helpful it is a dialer and the -gen is less than helpful.
Virus writers/distributors are speculative and it doesn’t matter that you are not on dial-up the virus arrives but you would be immune to its costly premium rate effect by not being on dial-up.
MRU (Most Recently Used) lists are negligible, just lists of last used files.
I would suggest that you use an anti-spam tool that can delete emails from the server. I use MailWasher Pro (paid) you can use the free version but that only copes with one email account (which should be ok for this case) it obviously won’t cover your gmail account.
Not only does mailwasher filter spam, I can also see suspicious emails as well and flag them for deletion. Once I have done any manual intervention if required I click Process Mail, it then deletes the flagged emails from the email servers and calls my default email program. I then only download the emails I left un-flagged in MailWasher, so it also cuts down on the number of emails downloaded and time.