Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




94 posts

Master Geek


Topic # 8961 9-Aug-2006 21:40
Send private message

I usually have my Vodafone Connect Card plugged into my laptop at all times and use it occasionally. Today, I double-clicked on its icon and my Avast antivirus popped out instantly advising me that it contains a virus (win32:Agent-ATQ) which I moved to the Chest as recommended. Then, the Vodafone software prompted me for a reinstall and asked to insert the Vodafone installation CD, which I did.

The re-installation did not work at first, but after a few phone calls with Vodafone support (who obviously told me that the virus is not in Vodafone's software), I managed to reinstall the software. However the virus warning appeared again.

The first thing I did then was to run a scan with my Avast antivirus. It found 2 occurrences of

Sign of "Win32:Agent-ATQ [Trj]" has been found in "C:\Program Files\Vodafone\Vodafone Mobile Connect\UpdateX.dll" file.

and also

Sign of "Win32:Agent-ATQ [Trj]" has been found in "E:\Software\VMC\program files\Vodafone\Vodafone Mobile Connect\UpdateX.dll" file.

the latter being on Vodafone's installation CD, which was inserted in my CD drive at that time, and being scanned by Avast.

I then ran the scan at boot time and it found 2 more occurrences of the dll in C:\System volume information\_restore{5432 ...etc}. I put everything in the Chest.

Is Vodafone's CD infected? Anybody else experiencing this?

At this stage, I have removed the card and the CD from my laptop, and I am reluctant to put them back in.


Create new topic
BDFL - Memuneh
59593 posts

Uber Geek
+1 received by user: 10768

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 43641 9-Aug-2006 21:42
Send private message

I recommend you perform an on-line scan with other tools. My Avast Server and Avast desktop both complained about a file that has been safely used for the last year, without any changes. I suspect it's a false positive.

I would expect virus to be reported on a new file, and then spread to other files. It's very unusual for a virus to show up on an old file, out of nothing.







94 posts

Master Geek


  Reply # 43642 9-Aug-2006 21:45
Send private message

Alright, I'll run an online scan tomorrow, although it might be too late now, as the suspicious files have been moved to Avast Chest. I'll keep you informed.

 
 
 
 


I iz your trusted friend
5763 posts

Uber Geek
+1 received by user: 134

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 43643 9-Aug-2006 21:46
Send private message

I got that today too, which I think is false positive. After it was moved to the Chest, VMC doesn't work on the next run.

So I moved the file from Chest, back to VMC folder and renamed it back. And all worked again.


Oh yes, I am using Avast! 4 Home.




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 




94 posts

Master Geek


  Reply # 43644 9-Aug-2006 22:00
Send private message

chiefie: Oh yes, I am using Avast! 4 Home.


I am using Avast! 4.7 Home too.

I iz your trusted friend
5763 posts

Uber Geek
+1 received by user: 134

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 43645 9-Aug-2006 22:18
Send private message

hehe.. i say you'd be safe... it very highly be false-positive.




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


Reply # 43662 10-Aug-2006 09:51
Send private message

markwolk what version of VMC software you using thanks

There is no way its a virus

I iz your trusted friend
5763 posts

Uber Geek
+1 received by user: 134

Mod Emeritus
Trusted
Lifetime subscriber

Reply # 43663 10-Aug-2006 09:55
Send private message

i'm using the latest version from Vodafone NZ site. And i get the Avast alert for the file updateX.dll. Weird huh?




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


BDFL - Memuneh
59593 posts

Uber Geek
+1 received by user: 10768

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 43665 10-Aug-2006 10:05
Send private message

I see in the Avast forums a few people complaining about virus being found on Google toolbar and others, with the same Trojan found on my old software. I think it's a bunch of false positive.

Again, test with other software. Online scans from Trendmicro are good.





BDFL - Memuneh
59593 posts

Uber Geek
+1 received by user: 10768

Administrator
Trusted
Geekzone
Lifetime subscriber



94 posts

Master Geek


  Reply # 43669 10-Aug-2006 10:30
Send private message

johnr: markwolk what version of VMC software you using thanks.(...) There is no way its a virus
I use 7.0.607.374. I was unaware that it is possible to upgrade online. I haven't had the time to do the online scans yet; I will keep you posted.



94 posts

Master Geek


  Reply # 43699 10-Aug-2006 17:21
Send private message

OK, so I ran Panda online scan, the only online scan to my knowledge that allows scanning a CD inserted in the PC. It scanned Vodafone's CD and did not find any virus in it. I also ran Symantec's and Trendmicro's online scans of my hard drives, and nothing at all was detected. Avast's false positive seems like a good assumption.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44


New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.