Win32:Dialer-695 and BT - a false positive?

Hi

I’ve been trying to use a British Telecom cd to install a broadband connection but Avast anti-virus is telling me that it has malware called Win32:Dialer-695[tool] on it.

I’ve done searches for this but found no mention of this problem. I was wondering if this is a false positive and is a legitimate part of the programme to connect to the internet?

Any advice? I don’t know whether to use it or not and BT help don’t know the answer/ can’t go off script.

thanks!

To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com

Please, mention in the body of the message why you think it is a false positive and the password used. :wink:

What was the infected file name ?

The key in this is the suffix [Tool] something that the tool can do could be used for good or for evil. Since in your case it is an Official BT CD I would think that it is just that a tool to achieve something in the change over to broadband.

The tool, which in the hands of someone wishing to do evil could change your dialup connection to connect to a premium rate tel no.

I think it would be OK to continue but, I would still check it out (see below) first, you may then need to pause the standard shield otherwise it will be detected again.

You could also check the offending/suspect file (which may also be detected by others) at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

Hi Puzzled,

DavidR is right here, whatever is on the CD can be considered so-called riskware.
If you install riskware on your own accord or for a legitimate purpose, there is nothing wrong with this, either when it is part of malware or installed by a third party with harmful intent, it is called riskware. Well the AV solution cannot know for what purpose the tool or the executable etc. was intended, so it qualifies it as “riskware”. If this is not the case, we could also have a case of FP (false positive). through some characteristics the AV-solution may think this a certain type of malware.

polonus

HI all

the message I got from jotti was:

POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

only avast picked it up as a problem, does this makes it an FP?

many thanks for your quick replies

Many AV make allowances for tools which could be used for evil, however, I would say VirusTotal is the better multi-engine scanner for the following reasons, it uses the windows engine (version of the AVs) and there are 27 different AVs, more than Jotti.

If VirusTotal returned the same result then I would send it to avast as a possible FP. Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

In your case I would say pause standard shield and run the installation, rather than try to add a file on a CD to the exclusions.

Welcome to the forums.

Thanks David

I have tested it with VirusTotal with the same result (ie only Avast picking it up) so I’ve sent an email to virus@avast.com.

Unless I otherwise from them I’ll go ahead with the installation tommorrow,

thanks to everyone for their replies! :smiley:

Your welcome, glad we could help.
Stick around and browse the forums, especially the sticky topics at the top of each of the forums. They provide a wealth of information to help you get the best from avast.