Hello,
I think I'm having a problem with two false positive detections having to do with Virtumonde.ddc, also two bookmark detections having to do with net-integration that I cannot locate, but the main thing is this Virtumonde thing.
XP Home Edition, SeaMonkey 1.1.7, Firefox 2.0.0.11, IE 7 (hardly used except for updating Windows). Spybot 1.5.2, latest definitions.
Here are some screenshots:
http://img87.imageshack.us/img87/1589/virtumonde1ii5.png
http://img222.imageshack.us/img222/999/virtumonde2zt1.png
This is what I find when I jump to location(s):
http://img222.imageshack.us/img222/3483/jump1jk9.png
http://img86.imageshack.us/img86/8030/jump2nl5.png
Thanks for any advice.
--- Report generated: 2008-02-01 10:25 ---
Virtumonde.ddc: [SBI $B451B415] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
Virtumonde.ddc: [SBI $01D0F2C0] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
Net-Integration: [SBI $61F39AC8] Bookmark (Mozilla: profile name) (Bookmark, nothing done)
Net-Integration: [SBI $61F39AC8] Bookmark (Firefox: profile name) (Bookmark, nothing done)
Common Dialogs: [SBI $61F39AC8] History (57 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: [SBI $61F39AC8] Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: [SBI $61F39AC8] Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: [SBI $61F39AC8] Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: [SBI $61F39AC8] Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: [SBI $61F39AC8] Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: [SBI $61F39AC8] Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: [SBI $61F39AC8] Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: [SBI $61F39AC8] Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: [SBI $61F39AC8] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: [SBI $61F39AC8] Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: [SBI $61F39AC8] Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: [SBI $61F39AC8] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir
Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir
Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\ahead\Nero - Burning Rom\General\OFDLastISODir
Ahead Nero Burning Rom: [SBI $505FB952] Last Audio directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\ahead\Nero - Burning Rom\General\OFDLastAudioDir
Internet Explorer: [SBI $1E8157BE] Typed URL list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $E48560B4] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Search Assistant\ACMru
MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows.OpenWith: [SBI $3A7F8A99] Open with list - .BZ2 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BZ2\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (43 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (10 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (128 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\WinRAR\ArcHistory
WinRAR: [SBI $A59A1C0A] Recent exe file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\WinRAR\DialogEditHistory\ArcName
WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1766569649-2188278862-2612450137-1005\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: Cookie (10) (Cookie, nothing done)
Cache: Cache (130) (Cache, nothing done)
History: History (2) (History, nothing done)
Cookie: Cookie (122) (Cookie, nothing done)
Cookie: Cookie (87) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-01-31 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-01-30 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi (*)
2008-01-30 Includes\DialerC.sbi (*)
2008-01-30 Includes\HeavyDuty.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-30 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-16 Includes\Malware.sbi (*)
2008-01-30 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-01-30 Includes\PUPSC.sbi (*)
2008-01-30 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-01-30 Includes\SecurityC.sbi (*)
2008-01-23 Includes\Spybots.sbi (*)
2008-01-30 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti (*)
2008-01-16 Includes\Trojans.sbi (*)
2008-01-30 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
No opinions eh? Thanks anyway.
hello,
thank you for reporting.
The 2 Virtumonde.ddc entries are false positives, none of the entries shown in your registry are targeted. We will change the detection rules with the upcoming update to avoid this false positive.
Your Net-integration bookmarks also appear to be false positives. We are going to check on this issue, please post a feedback if the bookmarks are still found after the next update. A report with the scan result, like yours above will do.
You're welcome, and thank you.
I will report back if the bookmarks etc. are still detected after the next update.
I updated SSD and ran another scan, no more problem with the Virtumonde.dds false positives and I finally located the two bookmark entries for net-integration and deleted them from my SeaMonkey and Firefox bookmarks, so my problems seem to be resolved now.
Thanks very much.
Thank you for letting us know. :bigthumb: