This is the avast log:

2/10/2004 7.59.07 Administrator 1332 Sign of “Win32:Dialer-Y [Trj]” has been found in “C:\WINDOWS\Downloaded Program Files\gdnIT10.exe” file.
12/10/2004 7.59.07 Administrator 1332 Sign of “Win32:Dialer-Y [Trj]” has been found in “C:\DOCUME~1\robertom\IMPOST~1\TEMPOR~1\Content.IE5\RZT3J94W\gdnIT10[1].exe” file.
12/10/2004 7.59.06 Administrator 1332 Sign of “Win32:Dialer-Y [Trj]” has been found in “C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe” file.
12/10/2004 7.59.06 Administrator 1332 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe (C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe) returning error, 00000020.

what is “returning error, 00000020”?
Avast checked the virus but didn’t block it!!

What do you think?

Thanks
claudio

1. Why do you think it didn’t block it? I’d say it certainly blocked it from execution. Check the “On-access scanners” folder in the console.

2. Error code 00000020 means “sharing violation”. But as I said, the virus could not been activated…

Thanks
Vlk

On-access scanner in Console is empty.

So this was detected during an on-demand scan? (either local or scheduled from ADNM)

What about the computer icon in the Catalog, is it red or green?

Vlk

The computer icon in ADNM console is red, and I think it was detect by the shield.

I posted the avast log, and I think the virus was already active… infact there was a sharing violation when the antivirus attempted to remove it.

Repeat… I think…

But I don’t know why the avast didn’t block it before…

Sorry, but I want to know how avast client works.

Now the client is cleaned.

Thanks,
claudio