PDA

View Full Version : Fixed: False positive on virtumonde.sdn c:\windows\system32\ackpbsc.dll ?


keen_newbie
2009-01-09, 19:53
Firstly, I must say I LOVE S&D .. congratulations.

I hope I can contribute vie my feedback :

False positive on virtumonde.sdn c:\windows\system32\ackpbsc.dll ?

Found during system scan.

Windows XP Pro (SP3 just installed) on a newly setup HP 6735s

Latest S&D v 1.6.0.30 // latest detection update 07/01/2009

The modified & created file date/time for ackpbsc.dll are identical : 15 May 2007 23:08 (same as other .dlls) .. so either this is a false positive, or Windows SP3 update or HP machines have spyware in them.

Almost no web browsing was done on the new machine(just downdloaded and installed Firefox) .. so v. unlikely to have been infected by other means.

BTW, a full scan with Windows Defender didn't find anything.
calumwithonel
2009-01-12, 01:17
First of all I'd like to echo the support for S&D.

I also have bought an HP 6735s in the last week and used spybot to run a system scan and found the same thing. ackpbsc.dll came up as virtumonde.sdn

Scanning with MBAM and adaware brought up nothing...

Googling the effects of virtumonde tends to reveal that it hijacks your web browser and causes all manner of pop ups to occur etc but I have nothing like this at all so I'm hoping it is a false positive and there is nothing to worry about after all.

ackpbsc.dll seems to be related to accrdsub.exe http://www.processlibrary.com/directory/files/accrdsub/

I'm relieved that I'm not the only one with this similar issue and am interested to know what comes of this.

Regards

Calum
Yodama
2009-01-12, 07:15
hello,

thank you for reporting this issue, it may be a false positive. To confirm if it is a false positive please send the file to detections-at-spybot.info (replace -at with @) and make a reference to this thread.
keen_newbie
2009-01-12, 17:35
FYI, I just emailed the file to you ...

Thanks again
Yodama
2009-01-14, 08:26
Received the file and confirmed that it is a false positive.
Corrections to the detection rules will be effective with the update scheduled for 2009-01-14

thank you for your cooperation :bigthumb:
calumwithonel
2009-01-15, 12:05
Thanks for you help with this.

It's a relief to know I dont have virtumonde after only having my laptop for a week!

Thanks again

Calum
keen_newbie
2009-01-16, 20:16
Thank you ...