Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



13 February 2007
Risk Impact:
File Names:
Systems Affected:


Dialer.DialXS is a generic dialer program that DialXS produced. It is registered to another company.

Dialer.DialXS dials a high-cost phone number that gives you access to any content that the company provides. Dialer.DialXS is most often associated with adult-related Web sites in the Netherlands.


The files are detected as Dialer.DialXS.
  • There are charges for phone calls to the Netherlands on your phone bill.


Dialer.DialXS is usually installed when you visit certain Web sites. These Web sites usually host adult content.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 02 October 2014 revision 022
  • Initial Daily Certified version 08 December 2003
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date 10 December 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Dialer.DialXS is executed, it does the following:
  1. If it has not already done so, the dialer copies itself to:
    • The Windows desktop
    • The Start menu folder

  2. Checks for the presence of a modem.
    • If a modem is detected, it displays a dialog box that allows you to dial a high-cost number.
    • If a modem is not detected, it displays a Web page that instructs you to call a high-cost phone number to obtain access codes.

    The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
    1. Update the definitions.
    2. Close modem connections.
    3. Run a full system scan and delete all the files detected as Dialer.DialXS.
    For specific details on each of these steps, read the following instructions.

    1. Updating the definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

    2. To close modem connections
    This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

    3. Scanning for and deleting the files
    1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
    2. Run a full system scan.
    3. If any files are detected as Dialer.DialXS, click Delete.

      Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file names. Then use Windows Explorer to locate and delete the file.