BTWEBCONTROL

[axthree]

Please excuse my ignorance but I've been trying to find out exactly what this piece of software is.

 

It appeared after a scan. I'd recently visited a couple of new sites and promptly zapped it because I hadn't asked for it and had never heard of it.

 

Im on dial up with bt yahoo.

 

I must confess I not up on all the nomenclature regarding programmes etc. so I'm normally very careful about making any changes.

 

One syllable answers most welcome

[Mike Rochip]

Hello axthree and welcome to the forum !

 

If you post a HijackThis log [instructions] one of the experts will get back to you and let you know what's going on.

 

Sorry, I tried to get this down to one syllable but couldn't .

[AndyManchesta]

Hi <--This is the one syllable part, Welcome

 

There seems to be false Dialer alerts for this file, can you say what scanner detects it,

 

Ive just downloaded two different btwebcontrol.cab files from the BT (British Telecommunications plc) site which are both being detected as a Dialer,

 

Here's the results for the file

 

File: btwebcontrol.dll

Date: 04/18/2006 04:29:41 (CET)

----

AntiVir 6.34.0.24/20060417 found [DIAL/94208.A.6]

AVG 386/20060418 found [Potentially harmful program Dialer.AEH]

Avira 6.34.0.56/20060417 found [DIAL/94208.A.6]

Ewido 3.5/20060417 found [Dialer.BT.b]

Ikarus 0.2.59.0/20060417 found [Dialer]

Kaspersky 4.0.2.24/20060418 found [not-a-virus:Dialer.Win32.BT.b]

Panda 9.0.0.4/20060417 found [suspicious file]

TheHacker 5.9.7.130/20060416 found [Trojan/Dialer.BT.b]

UNA 1.83/20060417 found [Dialer.BTWeb]

VBA32 3.10.5/20060417 found [RiskWare.Dialer.BT.b]

 

 

the .cab file contains the above dll file and a .inf file which has this written inside it:

 

[version]

signature="$CHICAGO$"

AdvancedINF=2.0

 

[Add.Code]

btwebcontrol.dll=btwebcontrol.dll

 

[btwebcontrol.dll]

file-win32-x86=thiscab

clsid={EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}

FileVersion=2,0,0,4

RegisterServer=yes

 

The CLSID is genuine (listed Here). Its strange why so many different vendors detect this as a dialer but if there is any traces of a dialer it will be for the BT Yahoo Internet service and not for contacting premium rate numbers so in my opinion its a False Positive from any scanner that show's it as a Dialer infection.

 

Hope that helps

 

Andy

[axthree]

Thanks for your replies.

 

It was detected by Microsoft anti spyware.

 

Now, should I un quarentine it or kill it. i.e does it actually do anything for me?

[AndyManchesta]

With it being a genuine file related to your Internet Service Provider Id suggest removing it from quarantine to return it to the system and choose Always Ignore if it appears in another scan. I dont think removing the file will cause you any long term problems as it will likely just show you need to reinstall it again if its required anytime but with the alerts being false positives its probably best to ignore the warnings.

 

I cannot see any site that gives details why that file is regarded as a threat, Counterspy has it listed as a porn dialer but it doesnt give any details on files or system changes, Kaspersky has it listed as Dialer.Win32.BT.b but it doesnt give any information which gives the impression that some of the AV vendors are following what other companies detect and are not getting samples of the file and researching what they list as malware.

 

If you wanted to know more about what the btwebcontrol file does and why its needed its worth contacting BT here as they will hopefully be able to give you some details.

[Andavari]

If you wanted to know more about what the btwebcontrol file does and why its needed its worth contacting BT here as they will hopefully be able to give you some details.

 

Yeah and allow BT to contact the meriad of anti-malware vendors who are tagging it as malware.

[axthree]

Thank you all very much. i will check with BT but it sounds benign.

 

I just wonder why it was never picked up before.

 

How stupid can I get? It obviously appeared after an update.

 

I'll go back to sleep now. :-)

[axthree]

Quick update.

 

Couldn't find any reference on the bt website so sent them an e-mail.

 

So far 24 hours have elapsed and all I've recieved is an automated e-mail admonishing me that in future I should use their online help system.

 

Is it worth pointing out to them that no results were found for my search or I wouldn't have bothered them?

[AndyManchesta]

Hopefully they will respond as it seems pointless having a contact form if they dont reply to them, Give it a couple of days then write again, with you being a BT customer you have the right to ask about a file thats being detected as a Dialer so its not very polite if they cant even write you a quick email to explain what the file is used for,

[axthree]

Looks as if the problem is non-existant btwebcontrol is part of their connection manager. Got a reply this AM.

 

I agree with you Andy that a lot of the AV vendors are adopting a "me too" approach.

 

Mike, it appears that I've escaped having to learn how to do a "hijack this log for now but I can assure you this lesson will be tackled shortly.

 

I've just asked them whether it's best to un-quarantine btwc or download a later version.

 

At the moment it appears that my OS is managing the connections but they tell me that any glitches would have to be sorted by MS.

 

Whereas their own is self repairing and self updating but only for BT/BTYAHOO.

 

Thanks again for all your input.