I have a persistant trojan Win32:Dialer-520[Trj]
Avast detects it’s attempts to connect and I can abort the connection.
I have just installed Ewido and run it and it found several infections which it duly quarantined.
Among those ‘infections’ were several files in the Avast4/Data/moved/ folder, including…
GetAcces.class.vir
GetAcces.class.2.vir
InsecureClassLoader.class.2.vir
InsecureClassLoader.class.vir
Installer.class.2.vir
Installer.class.vir
PopCapLoader.dll
VerifierBug.class.vir
Dummy.class.vir
these are now quarantined…
Are they false positives or did I do right to quarantine them?
Will Avast work without these files?
Should I restore them?

Any advice would be appreciated.

No sooner had I posted this than I got an alert…!

File name: http://www.impotato.com/a412/a571.php?m=1&b=779&c=3\[UPX]
Malware: Win32:Dialer-520[Trj]

How the hell do I get rid of it…

If they were in Avast4/Data/moved, it simply means that avast previously found them and you told it to move them there…

So, they’re indeed real, that is, avast detects them as well.

Hi jhiker,

This problem has been dealt with before:

http://forum.avast.com/index.php?topic=20503.0

One of the anti-spyware/anti-Trojan programs I recommended there must have removed it.

The malware you mention in your post looks like Java exploits: clean out you Java cache and make sure you have the latest version of Java:

http://www.java.com/en/download/help/cache_virus.xml

http://www.java.com/en/download/index.jsp

avast! Webshield should prevent this malware getting onto your computer in the future.

Cheers!

When I open the Java application I dont see a ‘cache’ button but I do see a ‘Temporary Internet Files’ button and an option to delete them.
Is that what you’re referring to?

That’s correct. In newer versions of Sun Java, ‘Cache’ is replaced by ‘Temporary Internet Files’.

It’s also critical to remove older versions of Java from Add/Remove programs (if present) because malware can exploit older, vulnerable versions if present.

As an addition the default cache setting is 1000Mb I’d suggest bringing that down to about 20

Yes… installing the new one versions does not remove the old ones :-\

Hi JHiker :

 We could advise you better about your Java "situation" IF
 you would go to Internet Options, click the "Advanced" tab
 and look through the listing until you see a "Java" and
 post here what it says !?

It says…
Use JRE 1.5.0_05 for requires restart

JIT compiler for virtual machine enabled (requires restart)

Threw me for a moment there - I use Firefox by default and couldn’t find the tab!

Hi JHiker :

 The "JIT compiler for virtual machine" is for the now
 abandoned Microsoft "Virtual Machine" and that setting
 should be turned "OFF" ; the "JRE 1.5.0_05" is for Sun's ;
 however, it indicates you are 1 update behind, which 
 happens to be a serious security risk. Therefore, I 
 recommend you uninstalled ALL your Sun Java version(s),
 then go to www.java.com/en & get their latest ( Update 6 ).
You currently have "Update 5 " . Since you MAY have
Microsoft's "Virtual Machine" on your computer, it would be
advisable to read the info at :
http://www.bleepingcomputer.com/tutorials/tutorial97.html

i just read this post and uninstall the old java and put on version 06 and went back to java.com to verify installation(ok)and went to internet options advanced and its there…how can i tell if i have microsoft virtual machine on here and if yes…should it be removed???

Hi DrHayden :

  There are several ways to discover if one has Microsoft's
  Virtual Machine ( "VM" ) on their computer : 1 ) To see if
  "JIT compiler for virtual machine.." is listed under "Java"
  in the Internet Options > Advanced menu, like it is in
  jhiker ; 2 ) Check your Add/Remove Programs for a listing
  similar to "Microsoft VM, Micro virtual machine ", etc ;
  3 ) Use your computer's "Search > All files and folders"
  using search "terms" like the ones stated above .

   DEFINITELY, Microsoft's Virtual Machine AND Sun's Java
   should NOT be on the same computer; the
   bleepingcomputer site I listed has the removal guide .

thanks spiritsongs…i remember when i had java 05…VM was in my internet options advanced but when i took 05 off and java 06 on…VM is nowhere in sight…have a good bleeping one ;D :o