After the 2009-06-17 updates I picked up the following "Virtumonde.sdn" detections:
Code:
--- Report generated: 2009-06-17 11:50 ---
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005686_.tmp.dll
Properties.size=132096
Properties.md5=3CD291A2C4909088B3D1E98DED73D4B2
Properties.filedate=1155817707
Properties.filedatetext=2006-08-17 08:28:27
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005687_.tmp.dll
Properties.size=146432
Properties.md5=777EB29D0135D81AD9828A2B05443496
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005688_.tmp.dll
Properties.size=101888
Properties.md5=A1C10F87248529173F39F4B4734DF14B
Properties.filedate=1091595408
Properties.filedatetext=2004-08-04 00:56:48
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005689_.tmp.dll
Properties.size=1845248
Properties.md5=E0F718290D19531FD10328EFB09808EC
Properties.filedate=1205920020
Properties.filedatetext=2008-03-19 05:47:00
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005696_.tmp.dll
Properties.size=96768
Properties.md5=0CB3AF149A0BAC0836022CA307C7A0F8
Properties.filedate=1102447954
Properties.filedatetext=2004-12-07 15:32:34
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005697_.tmp.dll
Properties.size=22040
Properties.md5=3967AEEE12073446C4FB4AF0B681F0FA
Properties.filedate=1090079324
Properties.filedatetext=2004-07-17 11:48:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005698_.tmp.dll
Properties.size=50688
Properties.md5=BD7FB0957C716F1A60333AEE04DE2178
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005699_.tmp.dll
Properties.size=983552
Properties.md5=7808313CBC634EE08346D5DDFEF1CC5F
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005701_.tmp.dll
Properties.size=108032
Properties.md5=C6CE6EEC82F187615D1002BB3BB50ED4
Properties.filedate=1091595416
Properties.filedatetext=2004-08-04 00:56:56
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005702_.tmp.dll
Properties.size=144896
Properties.md5=532EA80E9F5452928F8426653215BE29
Properties.filedate=1177510875
Properties.filedatetext=2007-04-25 10:21:15
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005705_.tmp.dll
Properties.size=415744
Properties.md5=E15154E7FDA8A580A8F74C7CC16B1FFE
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005706_.tmp.dll
Properties.size=64000
Properties.md5=EBE12F403FDE45E7312E7BF764BFB6C6
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005708_.tmp.dll
Properties.size=58880
Properties.md5=1D536BEBC30DD8D0D3B6FF3B0CD2D32B
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005709_.tmp.dll
Properties.size=61440
Properties.md5=30E244A707E6CE0A4B099CD6384EC6CA
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005710_.tmp.dll
Properties.size=657920
Properties.md5=BA5D5FD3CCA6F64A429E2E0E1A1A0917
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005712_.tmp.dll
Properties.size=236544
Properties.md5=CD1F7ED9842138BEADF9ECBF37818BEF
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005715_.tmp.dll
Properties.size=37888
Properties.md5=980665E58317B29C9A0F7221D576CC51
Properties.filedate=1122352789
Properties.filedatetext=2005-07-26 00:39:49
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005716_.tmp.dll
Properties.size=550912
Properties.md5=0144ABC4C4A624B583D432EE478A711C
Properties.filedate=1196793493
Properties.filedatetext=2007-12-04 14:38:13
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005718_.tmp.dll
Properties.size=419840
Properties.md5=0738F4B53D967E46CC5E51F84BC1EB39
Properties.filedate=1091595416
Properties.filedatetext=2004-08-04 00:56:56
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005720_.tmp.dll
Properties.size=8192
Properties.md5=C5EF2A4F6CB968B3119B43F43C64A1A6
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005721_.tmp.dll
Properties.size=708096
Properties.md5=BB5CBFFC096497506167BCE1D9690EF2
Properties.filedate=1091595398
Properties.filedatetext=2004-08-04 00:56:38
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005723_.tmp.dll
Properties.size=129536
Properties.md5=77C41F9146450C89534704A75836CE56
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005726_.tmp.dll
Properties.size=721920
Properties.md5=F1C69FD5009CD4219C8DCA5DF475D66B
Properties.filedate=1194427616
Properties.filedatetext=2007-11-07 05:26:56
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005728_.tmp.dll
Properties.size=341504
Properties.md5=71D3D970127D939A4BB062B5040B6EBA
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005729_.tmp.dll
Properties.size=249270
Properties.md5=1F3E83A56B5177A22BA9594A37F986BE
Properties.filedate=1090079324
Properties.filedatetext=2004-07-17 11:48:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005730_.tmp.dll
Properties.size=13824
Properties.md5=B3EFF6D938C572E90A07B3D87A3C7657
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005731_.tmp.dll
Properties.size=984576
Properties.md5=A01F9CA902A88F7CED06884174D6419D
Properties.filedate=1176738773
Properties.filedatetext=2007-04-16 11:52:53
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005732_.tmp.dll
Properties.size=144384
Properties.md5=5AFCE94E8286B2F57A04DA37F01BF21A
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005735_.tmp.dll
Properties.size=111616
Properties.md5=EF545E1A4B043DA4C84E230DD471C55F
Properties.filedate=1148043581
Properties.filedatetext=2006-05-19 08:59:41
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005736_.tmp.dll
Properties.size=135168
Properties.md5=E931B4DD87DFACE46468FD506FDCD262
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005737_.tmp.dll
Properties.size=32768
Properties.md5=D06EAA8B23BC1F671B11D18CFEA65115
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005738_.tmp.dll
Properties.size=276992
Properties.md5=1EDB1BB89D021955E6F7265911175B8D
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005739_.tmp.dll
Properties.size=617472
Properties.md5=B0124CB21D28B1C9F678B566B6B57D92
Properties.filedate=1156520758
Properties.filedatetext=2006-08-25 11:45:58
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005744_.tmp.dll
Properties.size=616960
Properties.md5=1AFF244CA134956C54474F4E2433E4CE
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42
Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005746_.tmp.dll
Properties.size=2897920
Properties.md5=1320AEA7057A26A671D9548CC7BEBDA5
Properties.filedate=1091595398
Properties.filedatetext=2004-08-04 00:56:38
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer 1.6.4.26.exe (1.6.4.26)
2009-02-11 TeaTimer 1.6.5.28.exe (1.6.5.28)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-04-28 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Although I am continuing to research the source of the "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files that were detected, it appears that the files were generated over a period of time and only were detected after the 2009-06-17 updates. Therefore, I suspect that these detections may be false positives.
I am sending an email to detections@spybot.info containing:
- A reference to this thread.
- With attachments:
- Of my Checks.090617-1150.txt file.
- A zipped folder (named "2009-06-17 detections.zip") containing the 35 files "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files identified in the Checks.090617-1150.txt file as "Problems".