Results 1 to 3 of 3

Thread: Vundo Trojan?

  1. 2010-04-30, 16:48 #1
    cetuskun
    cetuskun is offline
    Junior Member
    Join Date
    Apr 2010
    Posts
    1

    Default Vundo Trojan?

    I've been fighting with a fake rouge antivirus program called AntiVirus Soft over the past month or two. I thought I eliminated it with Malwarebytes, but it keeps coming back. I recently installed Spybot and after removing the entries related to it my system seems fine. However, Spybot picked up Virtumonde.sdn in my Windows NT folder under the file name PFW. I've read that Virtumonde is known to spread fake antivirus software online. Is this a false positive or do I really have it? Spybot wasn't able to remove the Virtumonde entry because it said I needed administrator rights. I'm running Windows Vista.

    Also should I use this removal tool to get rid of Vundo/Virtumonde if I have it?

    http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99

    Thanks.
    Last edited by cetuskun; 2010-04-30 at 16:49.
    Reply With Quote Reply With Quote
  2. 2010-04-30, 17:02 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    Hello cetuskun,

    Quote Originally Posted by cetuskun View Post
    I recently installed Spybot and after removing the entries related to it my system seems fine. However, Spybot picked up Virtumonde.sdn in my Windows NT folder under the file name PFW. I've read that Virtumonde is known to spread fake antivirus software online. Is this a false positive or do I really have it?
    How to report Possible False Positives
    Quote Originally Posted by cetuskun View Post
    Spybot wasn't able to remove the Virtumonde entry because it said I needed administrator rights. I'm running Windows Vista.
    "On Windows Vista and Windows 7, Spybot-S&D might tell you that you are not authorized to perform some actions, since they require Administrator rights. You can solve this problem as follows:

    1. Right-click the Spybot - Search & Destroy entry in your start menu, instead of just left-clicking to start it.
    2. Choose Run as administrator from the context menu."

    From our FAQ here: http://www.safer-networking.org/en/faq/42.html

    There is also a screen shot which should help.
    Quote Originally Posted by cetuskun View Post
    I've been fighting with a fake rouge antivirus program called AntiVirus Soft over the past month or two. I thought I eliminated it with Malwarebytes, but it keeps coming back.
    If running Spybot-S&D with Administrator rights does not resolve the issue, try running Spybot in safe mode.

    Next option would be to follow the instructions in this link to post a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start a new topic in the Malware Removal Forum and copy paste the log into it, an analyst will advise you as soon as available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
  3. 2010-04-30, 17:37 #3
    Matt
    Matt is offline
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi cetuskun,

    Quote Originally Posted by cetuskun View Post
    Spybot picked up Virtumonde.sdn in my Windows NT folder under the file name PFW.
    Sounds like a confirmed Virtumonde false positive:
    Confirmed: Virtumonde.sdn
    Best regards - Beste Grüße,

    Matt
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules