PDA

View Full Version : Spybot detected "llbcjv.dll" as a threat


k_kolev1985
2007-06-08, 15:24
Hello Spybot Team,

Today I've made a "Check for problems" with Spybot SD v1.4 with latest updates and it found 2 bad results named "Virtumonde". The one was a registry key called "Root class: HKEY_LOCAL_MACHINE\Software\Classes\WR" and the other one was a file with the following full path: "C:\WINDOWS\system32\llbcjv.dll". The registry key was successfully deleted and quarantined, but the "llbcjv.dll" file couldn't be deleted and so Spybot offered me to run a checkup on WINDOWS startup. I said "Yes" and the checkup on startup was made and the file was listed again in the results list but again it couldn't be deleted. Then I've made a backup of that file (for safety) and deleted it manually from within Windows Explorer. The deletion went perfectly without the "Can't delete file..." warning message. After that I've run a new check and Spybot didn't find anything. So ... I'm a little confused ... is this file really a threat? Or is a false positive? And why couldn't Spybot delete it? I have a backup copy of that file - do you want me to send it to you or attach it here in the forum (in order for you to analyze it)? Just tell me and I'll do it.

Thank you for the help in advance!
Best wishes!
tashi
2007-06-08, 17:04
Hello.

Please zip or rar the file/s and send them to: detections(AT)spybot.info (Replace AT with @)

That is the preferred method for our detectives attention. Please do not attach to a topic.

A copy of the scan results would also be helpful. Cheers.
k_kolev1985
2007-06-09, 16:06
Hello again,

I've sent the file together with results list to detections(at)spybot.info as djpailo suggested. Can someone from the Spybot Team please notify me about the analyzes results when they are ready?

Thank you in advance!
Best wishes!
spybotsandra
2007-06-11, 10:15
Hello,

I am sorry but i could not find an e-mail adressed that subject.
Could you please tell us the exactly subject or the sender address of that mail?
(replace the @ with at)

Thanks
Best regards
Sandra
Team Spybot
k_kolev1985
2007-06-11, 10:39
OK, here is the info you wanted:
subject: Spybot detected "llbcjv.dll" as a threat
e-mail: removed

Hope that works. If not, please tell me and I'll send it again.

Best wishes!
MisterW
2007-06-11, 11:36
Thank you very much,

found your message and will analyze it now

regards
Markus
MisterW
2007-06-19, 09:37
I already sent you an email. It is a false positive and will be fixed with the next update scheduled for the end of the week :oops:

regards
Markus