Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


94 posts

Master Geek


Topic # 8961 9-Aug-2006 21:40
Send private message

I usually have my Vodafone Connect Card plugged into my laptop at all times and use it occasionally. Today, I double-clicked on its icon and my Avast antivirus popped out instantly advising me that it contains a virus (win32:Agent-ATQ) which I moved to the Chest as recommended. Then, the Vodafone software prompted me for a reinstall and asked to insert the Vodafone installation CD, which I did.

The re-installation did not work at first, but after a few phone calls with Vodafone support (who obviously told me that the virus is not in Vodafone's software), I managed to reinstall the software. However the virus warning appeared again.

The first thing I did then was to run a scan with my Avast antivirus. It found 2 occurrences of

Sign of "Win32:Agent-ATQ [Trj]" has been found in "C:\Program Files\Vodafone\Vodafone Mobile Connect\UpdateX.dll" file.

and also

Sign of "Win32:Agent-ATQ [Trj]" has been found in "E:\Software\VMC\program files\Vodafone\Vodafone Mobile Connect\UpdateX.dll" file.

the latter being on Vodafone's installation CD, which was inserted in my CD drive at that time, and being scanned by Avast.

I then ran the scan at boot time and it found 2 more occurrences of the dll in C:\System volume information\_restore{5432 ...etc}. I put everything in the Chest.

Is Vodafone's CD infected? Anybody else experiencing this?

At this stage, I have removed the card and the CD from my laptop, and I am reluctant to put them back in.


Create new topic
BDFL - Memuneh
61516 posts

Uber Geek
+1 received by user: 12237

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 43641 9-Aug-2006 21:42
Send private message

I recommend you perform an on-line scan with other tools. My Avast Server and Avast desktop both complained about a file that has been safely used for the last year, without any changes. I suspect it's a false positive.

I would expect virus to be reported on a new file, and then spread to other files. It's very unusual for a virus to show up on an old file, out of nothing.







94 posts

Master Geek


  Reply # 43642 9-Aug-2006 21:45
Send private message

Alright, I'll run an online scan tomorrow, although it might be too late now, as the suspicious files have been moved to Avast Chest. I'll keep you informed.

I iz your trusted friend
5809 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 43643 9-Aug-2006 21:46
Send private message

I got that today too, which I think is false positive. After it was moved to the Chest, VMC doesn't work on the next run.

So I moved the file from Chest, back to VMC folder and renamed it back. And all worked again.


Oh yes, I am using Avast! 4 Home.




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 




94 posts

Master Geek


  Reply # 43644 9-Aug-2006 22:00
Send private message

chiefie: Oh yes, I am using Avast! 4 Home.


I am using Avast! 4.7 Home too.

I iz your trusted friend
5809 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 43645 9-Aug-2006 22:18
Send private message

hehe.. i say you'd be safe... it very highly be false-positive.




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


Reply # 43662 10-Aug-2006 09:51
Send private message

markwolk what version of VMC software you using thanks

There is no way its a virus

I iz your trusted friend
5809 posts

Uber Geek
+1 received by user: 140

Mod Emeritus
Trusted
Lifetime subscriber

Reply # 43663 10-Aug-2006 09:55
Send private message

i'm using the latest version from Vodafone NZ site. And i get the Avast alert for the file updateX.dll. Weird huh?




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 


BDFL - Memuneh
61516 posts

Uber Geek
+1 received by user: 12237

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 43665 10-Aug-2006 10:05
Send private message

I see in the Avast forums a few people complaining about virus being found on Google toolbar and others, with the same Trojan found on my old software. I think it's a bunch of false positive.

Again, test with other software. Online scans from Trendmicro are good.







94 posts

Master Geek


  Reply # 43669 10-Aug-2006 10:30
Send private message

johnr: markwolk what version of VMC software you using thanks.(...) There is no way its a virus
I use 7.0.607.374. I was unaware that it is possible to upgrade online. I haven't had the time to do the online scans yet; I will keep you posted.



94 posts

Master Geek


  Reply # 43699 10-Aug-2006 17:21
Send private message

OK, so I ran Panda online scan, the only online scan to my knowledge that allows scanning a CD inserted in the PC. It scanned Vodafone's CD and did not find any virus in it. I also ran Symantec's and Trendmicro's online scans of my hard drives, and nothing at all was detected. Avast's false positive seems like a good assumption.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.