Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Porn-Dialer, a virus or False/Positive?

  1. #1
    lauried Guest

    Default Porn-Dialer, a virus or False/Positive?

    In today's scan with ZoneAlarm Security Suite, I got three alerts for "not-a-virus: Porn-Dialer.Win32.Agent.aw" I was found in Adobe8 files (twice) and once in System Restore. Currently, I have quarantined the files. Is this a False/Positive or a virus?

    Thanks in advance.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    evensteven Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    To make sure if it is a False Positive

    Please report the false positive to Zone Labs>

    http://www.zonelabs.com/store/conten...are_report.jsp

  3. #3
    philly_cheez Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    Dear Laurie,
    I got the same message today also.
    I think I can add some info for the collective, but I welcome and appreciate any comments if
    anyone disagrees.
    First I
    know the file that it is referring to, at least on my computer.
    The file is a "use at your own risk" microsoft product that I recently downloaded to try to remove the adstream content that was integrated into all .jpg photos whenever I viewed them as "thumbnails".
    I downloaded from Microsoft

    "streams.exe"
    http://www.microsoft.com/technet/sys...s/streams.mspx which was supposed to fix the problem but did not.
    Here is the infamous
    adstream content that I was trying to remove: Q30lsldxJoudresxAaaqpcawXc
    Note: This only affects NTSC file systems, NOT fat32.
    Note II: I thought that I'd
    already fixed this problem by removing "filter content" in Regedit (go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\ContentIndex



    and remove filter content-this prevents the system from adding adstream content to your pictures during indexing.
    I recommend tuning off indexing as well.

    Anyway, streams.exe
    is now
    interpreted by Zone Alarm as "not-a-virus.Porn-Dialer.Win32.Agent.aw".
    Since a) the file has been there for a while and not changed, and b) I knew what it was, I changed the name to streams.txt and looked at the code.

    From what I see, the certificate (Root Authority Certificate) for this program has expired or was revoked.

    The false positive is
    likely caused by the certificate-perhaps it is associated with this "not-a-virus.Porn-Dialer.Win32.Agent.aw" but I think it's a false positive. In any case the code DEFINITELY references expired/Revoked certificates.
    Interestingly it references http://www.microsoft.com/technet/sys...s/default.mspx

    I typed in "Win32.Agent" and "not-a-virus" and got too many hits to read.
    It APPEARED that ADS are connected in some way to this problem.
    OK since I don't need nor want Streams.exe I can delete it.
    I am curious as to what files other people are getting hit as "not-a-virus.Porn-Dialer.Win32.Agent.aw"
    ????
    It would be interesting if they were image files with ad streams.
    If I find out more I'll post it here, in the meanwhile I hope some other people can shed some more light on this problem.
    Philly Cheez Out.







  4. #4
    wisedriver Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    I just got notice of the "not-a-virus.Porn-Dialer.Win32.Agent.aw" from ZA Security Suite. The 'porn dialer' was linked with WinPatrol. Figuring WinP had become infected I chose the 'delete at reboot' Then I emailed WinPatrol and got back an answer within moments. A false positive. ZA did NOT manage to delete WinPatrol but now it looks like the 'scan' thing will be popping this up until who knows when?

    Zone has also done this with LogMeIn, remote control software. Even after I allowed the program all rights etc.

    How does one get ZASS to stop with the false positives? Withe LogMeIn example the Zone window would pop up seconds after I had had chosen "ignore always."

    Any ideas on it would be appreciated.

  5. #5
    lauried Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    I did report it to ZA, as suggested by EvenSteven earlier today. Thanks for all the extra info, folks. I have not gotten a reply from them yet. I will report back when I hear.

  6. #6
    nineoct Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    I got it also tonight in my virus scan and I'm freaking out.
    The first scan found it in Quicken\Restartexe.exe and bagent.exe






































  7. #7
    rhythmx Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    I just updated Adobe to version 8.0 and got the same thing. It listed the C:\Program Files\Common Files\Adobe\Updater5\Adobeupdaterinstallmgr.exe as the virus "not-a-virus: Porn-Dialer.Win32.Agent.aw". I checked the file out, and on a second scan it did not pick it up. I just ignored it and figured it was a false positive.

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Porn-Dialer, a virus or False/Positive?

    Hi!when its a detection by KAV Antivirus engine its faster to send false positives to newvirus at kaspersky dot com. Subject: False positive. Attach the file in a password protected zip. Inlcude password in the e-mial.Usually false positives are fixed very quickly... so it may be just fixed now. If not, please send the file to the above mentioned e-mail.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    lauried Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    Thanks for all the info, guys.

    I went to Kapersky first, figuring it may have already been submitted, and found this in their forum.


    Sorry, it's false alarm. It's detection will be deleted in the next update. Thank you for your help.
    -----------------
    Regards, Yury Nesmachny
    Virus Analyst, Kaspersky Lab.



    http://forum.kaspersky.com/index.php?showtopic=41146 is the link the their discussion, if you wish.

    Laurie

  10. #10
    philly_cheez Guest

    Default Re: Porn-Dialer, a virus or False/Positive?

    Update:
    By Removing the file NSA 7 passes and doing another scan the problem was fixed.
    Again I believe this is a security certificate rvocation issue.
    Can anyone confirm or reject this?
    Philly Cheez

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •