Win32:Diamin-F [Trj]

Viruses and worms
1

Hello everybody, do you know anything about “Win32:Diamin-F [Trj]”?

A message appeared several times to warn me about this infection. What can I do?

Thank you everybody for your help.

Gianluca

2

It may be the same as this write up:

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=107610&sind=0

Have you tried a boot time scan with avast!?

Anti-spyware/Trojan programs may also be worth a try:

Ewido (XP’Win2000 only) http://www.ewido.net/en/

 and/or a-Squared [url]http://www.emsisoft.com/en/[/url]

Ad-Aware: http://www.lavasoft.de/

Spybot Search & Destroy: http://www.safer-networking.org/

3
A message appeared several times to warn me about this infection. What can I do?

First tell us the content of the warning message ? This will give us an idea of which avast shield detected it, the virus if detected by the web shield, p2p shield, etc. then it shouldn’t have got on to your system.
What were you doing when the warning was displayed ?

What action were given in the warning and what action did you take ?

What was the file name, where was it found, example (C:\windows\system32\infected-file-name.xxx) ?

4

Hi isa001,

This is a dialer trojan, written in Borland Delphi and packed with PE. It is found up in Italy, normal scanning ask you about it, and you can delete it. Read about Diamin here:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=107610

Dialer trojans are dangerous for people that are phoning in through a modem or have IDSN-connections.

polonus

5

I was just connected to internet. Microsoft Messenger and Outlook were on.
A long series of repetitive messages started tobe notified:
"28/04/2006 0.09.52 SYSTEM 220 Sign of “Win32:Diamin-F [Trj]” has been found in “http://[PE-PaCK]” file. "

How can I be sure it has been blocked?

Thanks for your help.

Isa

6

Do as was previously suggested run a bot-time scan.
However, this was detected by the web shield and the only option given to you would be to Abort the connection, effectively stopping the infection getting into the browser cache.

As you can see by the warning it has been found on the internet NOT your hard disk, it has been blocked.

1056307.exe packed by PEPACK In file >1056307.exe found virus Dialer.NWD
Please modify the URL link (break it with spaces) so it isn't live e.g. "http :// /1056307.exe" that way no-one will accidently be exposed to an infected file.