Dialer.LiquidInc

Dialer.LiquidInc

Updated:
13 February 2007
Publisher:
Central 24 Communications
Risk Impact:
High
File Names:
TeenSex.exe
Systems Affected:
Windows

Behavior


Dialer.LiquidInc is a dialer program that can be used to access various Web sites by dialing a high-cost phone number using the modem. The sites that can be accessed are mostly pornographic.


Symptoms


  • The files are detected as Dialer.LiquidInc.
  • Shortcuts to "TeenXXX" on your Desktop and in your Start Menu.


Behavior


The most common installation method for this dialer program is through various Web sites, mainly pornographic in nature.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 01 February 2015 revision 020
  • Initial Daily Certified version 15 September 2003
  • Latest Daily Certified version 17 January 2008 revision 033
  • Initial Weekly Certified release date 17 September 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Dialer.LiquidInc is executed, the following statement is displayed:

Your standard internet connection will be discontinued and a new connection will be established via the Liquid Inc. software.
- Your computer will connect via a domestic premium rate number or an international number to the offered services. The telephone costs will appear on
your telephone bill.

This dialer application does not modify any files or registry keys. It may create various icons on the desktop. However, to remove this dialer application, the icons and the main executable can be deleted.



  1. Update the virus definitions.
  2. Close modem connections.
  3. Run a full system scan and delete all the files detected as Dialer.LiquidInc.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. To close modem connections
This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

3. Scanning for and deleting the infected files
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
  2. Run a full system scan.
  3. If any files are detected as infected with Dialer.LiquidInc, click Delete.