Home > Threat descriptions >



Category: Malware

Type: Trojan

Aliases: Wdialupd, W32/Wdialupd.Adware, PornDial-177, Dialer.Porno.J,, TROJ_WDIALUPD.A, Trojan.Win32.Dialer, Dialer


We have received several reports about this adware/downloader. The messages that the adware was distributed in, appear to have certain common characteristics.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

The 'From:' field always consists of a seemingly random sequence of alphanumeric characters followed by '@yahoo.com'. In the reports we received the length of the alphanumeric string was not constant.

The 'Subject:' field looks like those from common SPAM (unsolicited email), referring to porn and other miscellaneous topics.

In all the messages the attachment names are different, they can be the following:


These ZIP files contain executables that are the actual installers/downloaders of the Wdialupd alware. The names of known Wdialupd executable files are:


When run, the Wdialupd asks a user to select his/her location and then attempts to download and activate additional components from Internet without asking for permission.

It posts information on the users location/language to the same address from where it tries to download files, nothing confidential appears to be posted.

The address is a hardcoded IP physically situated in Spain. At the time of this writing the address is unreachable.

The Wdialupd adware is detected by F-Secure Anti-Virus as:

Security risk or a "backdoor" program

because of its intrusiveness and because it appears to collect information about computer users.

It is advised to delete messages with Wdialupd downloaders and avoid running their executable files.