From; Sophos Alert System: Name: Dial/DialCar-I Aliases: Dialer-221, Trojan.Win32.Dialer.q Type: Dialer Date: 17 June 2005 Sophos has issued protection for Dial/DialCar-I. At the time of writing, Sophos has received a small number of reports of this virus from the wild. Customers using EM Library, Enterprise Console, PureMessage or any of our Sophos small business solutions will be automatically protected at their next scheduled update. Information about Dial/DialCar-I can be found at: http://www.sophos.com/virusinfo/analyses/dialdialcari.html Dial/DialCar-I is a dialer application. When first run, the application displays a message box containing the following text: Scegliere "Si" per ricaricare i propri crediti, scegliere "No" per accedere direttamente. If the user clicks YES to the message box and agrees to install the content from the following security warning then the dialer will be run, switching the internet connection to a predetermined number. If the user clicks NO, the application automatically connects to a predetermined website. If the user agrees to install the program, the dialer copies itself to the Windows folder as MAPPE.EXE, and creates a link to this file on the Desktop. The application may change internet security settings. The Dial/DialCar-I virus identity file (IDE) includes detection for: Troj/PageDrag-A http://www.sophos.com/virusinfo/analyses/trojpagedraga.html Troj/QQDragon-F http://www.sophos.com/virusinfo/analyses/trojqqdragonf.html Troj/Lineage-R http://www.sophos.com/virusinfo/analyses/trojlineager.html Troj/Dulldoor-A http://www.sophos.com/virusinfo/analyses/trojdulldoora.html Customers with 3.xx or lower versions of Sophos Anti-Virus, who are not running EM Library, can manually download the IDE for Dial/DialCar-I from: http://www.sophos.com/downloads/ide/dialca-i.ide Read about how to use IDE files at http://www.sophos.com/support/knowledgebase/article/363.html *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member