After the 2009-06-17 updates I picked up the following "Virtumonde.sdn" detections:


--- Report generated: 2009-06-17 11:50 ---

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005686_.tmp.dll
Properties.size=132096
Properties.md5=3CD291A2C4909088B3D1E98DED73D4B2
Properties.filedate=1155817707
Properties.filedatetext=2006-08-17 08:28:27

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005687_.tmp.dll
Properties.size=146432
Properties.md5=777EB29D0135D81AD9828A2B05443496
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005688_.tmp.dll
Properties.size=101888
Properties.md5=A1C10F87248529173F39F4B4734DF14B
Properties.filedate=1091595408
Properties.filedatetext=2004-08-04 00:56:48

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005689_.tmp.dll
Properties.size=1845248
Properties.md5=E0F718290D19531FD10328EFB09808EC
Properties.filedate=1205920020
Properties.filedatetext=2008-03-19 05:47:00

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005696_.tmp.dll
Properties.size=96768
Properties.md5=0CB3AF149A0BAC0836022CA307C7A0F8
Properties.filedate=1102447954
Properties.filedatetext=2004-12-07 15:32:34

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005697_.tmp.dll
Properties.size=22040
Properties.md5=3967AEEE12073446C4FB4AF0B681F0FA
Properties.filedate=1090079324
Properties.filedatetext=2004-07-17 11:48:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005698_.tmp.dll
Properties.size=50688
Properties.md5=BD7FB0957C716F1A60333AEE04DE2178
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005699_.tmp.dll
Properties.size=983552
Properties.md5=7808313CBC634EE08346D5DDFEF1CC5F
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005701_.tmp.dll
Properties.size=108032
Properties.md5=C6CE6EEC82F187615D1002BB3BB50ED4
Properties.filedate=1091595416
Properties.filedatetext=2004-08-04 00:56:56

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005702_.tmp.dll
Properties.size=144896
Properties.md5=532EA80E9F5452928F8426653215BE29
Properties.filedate=1177510875
Properties.filedatetext=2007-04-25 10:21:15

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005705_.tmp.dll
Properties.size=415744
Properties.md5=E15154E7FDA8A580A8F74C7CC16B1FFE
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005706_.tmp.dll
Properties.size=64000
Properties.md5=EBE12F403FDE45E7312E7BF764BFB6C6
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005708_.tmp.dll
Properties.size=58880
Properties.md5=1D536BEBC30DD8D0D3B6FF3B0CD2D32B
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005709_.tmp.dll
Properties.size=61440
Properties.md5=30E244A707E6CE0A4B099CD6384EC6CA
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005710_.tmp.dll
Properties.size=657920
Properties.md5=BA5D5FD3CCA6F64A429E2E0E1A1A0917
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005712_.tmp.dll
Properties.size=236544
Properties.md5=CD1F7ED9842138BEADF9ECBF37818BEF
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005715_.tmp.dll
Properties.size=37888
Properties.md5=980665E58317B29C9A0F7221D576CC51
Properties.filedate=1122352789
Properties.filedatetext=2005-07-26 00:39:49

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005716_.tmp.dll
Properties.size=550912
Properties.md5=0144ABC4C4A624B583D432EE478A711C
Properties.filedate=1196793493
Properties.filedatetext=2007-12-04 14:38:13

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005718_.tmp.dll
Properties.size=419840
Properties.md5=0738F4B53D967E46CC5E51F84BC1EB39
Properties.filedate=1091595416
Properties.filedatetext=2004-08-04 00:56:56

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005720_.tmp.dll
Properties.size=8192
Properties.md5=C5EF2A4F6CB968B3119B43F43C64A1A6
Properties.filedate=1091595406
Properties.filedatetext=2004-08-04 00:56:46

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005721_.tmp.dll
Properties.size=708096
Properties.md5=BB5CBFFC096497506167BCE1D9690EF2
Properties.filedate=1091595398
Properties.filedatetext=2004-08-04 00:56:38

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005723_.tmp.dll
Properties.size=129536
Properties.md5=77C41F9146450C89534704A75836CE56
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005726_.tmp.dll
Properties.size=721920
Properties.md5=F1C69FD5009CD4219C8DCA5DF475D66B
Properties.filedate=1194427616
Properties.filedatetext=2007-11-07 05:26:56

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005728_.tmp.dll
Properties.size=341504
Properties.md5=71D3D970127D939A4BB062B5040B6EBA
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005729_.tmp.dll
Properties.size=249270
Properties.md5=1F3E83A56B5177A22BA9594A37F986BE
Properties.filedate=1090079324
Properties.filedatetext=2004-07-17 11:48:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005730_.tmp.dll
Properties.size=13824
Properties.md5=B3EFF6D938C572E90A07B3D87A3C7657
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005731_.tmp.dll
Properties.size=984576
Properties.md5=A01F9CA902A88F7CED06884174D6419D
Properties.filedate=1176738773
Properties.filedatetext=2007-04-16 11:52:53

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005732_.tmp.dll
Properties.size=144384
Properties.md5=5AFCE94E8286B2F57A04DA37F01BF21A
Properties.filedate=1091595404
Properties.filedatetext=2004-08-04 00:56:44

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005735_.tmp.dll
Properties.size=111616
Properties.md5=EF545E1A4B043DA4C84E230DD471C55F
Properties.filedate=1148043581
Properties.filedatetext=2006-05-19 08:59:41

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005736_.tmp.dll
Properties.size=135168
Properties.md5=E931B4DD87DFACE46468FD506FDCD262
Properties.filedate=1091595418
Properties.filedatetext=2004-08-04 00:56:58

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005737_.tmp.dll
Properties.size=32768
Properties.md5=D06EAA8B23BC1F671B11D18CFEA65115
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005738_.tmp.dll
Properties.size=276992
Properties.md5=1EDB1BB89D021955E6F7265911175B8D
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005739_.tmp.dll
Properties.size=617472
Properties.md5=B0124CB21D28B1C9F678B566B6B57D92
Properties.filedate=1156520758
Properties.filedatetext=2006-08-25 11:45:58

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005744_.tmp.dll
Properties.size=616960
Properties.md5=1AFF244CA134956C54474F4E2433E4CE
Properties.filedate=1091595402
Properties.filedatetext=2004-08-04 00:56:42

Virtumonde.sdn: [SBI $2CF65D3D] Library (File, nothing done)
C:\WINDOWS\system32\_005746_.tmp.dll
Properties.size=2897920
Properties.md5=1320AEA7057A26A671D9548CC7BEBDA5
Properties.filedate=1091595398
Properties.filedatetext=2004-08-04 00:56:38


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer 1.6.4.26.exe (1.6.4.26)
2009-02-11 TeaTimer 1.6.5.28.exe (1.6.5.28)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-04-28 Includes\Beta.sbi
2007-11-06 Includes\Beta.uti
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-09 Includes\HijackersC.sbi (*)
2009-06-16 Includes\Keyloggers.sbi (*)
2009-06-16 Includes\KeyloggersC.sbi (*)
2009-06-10 Includes\Malware.sbi (*)
2009-06-16 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-17 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi (*)
2009-06-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Although I am continuing to research the source of the "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files that were detected, it appears that the files were generated over a period of time and only were detected after the 2009-06-17 updates. Therefore, I suspect that these detections may be false positives.

I am sending an email to detections@spybot.info containing:
A reference to this thread.
With attachments:
Of my Checks.090617-1150.txt file.
A zipped folder (named "2009-06-17 detections.zip") containing the 35 files "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files identified in the Checks.090617-1150.txt file as "Problems".

I believe you are right - I also had this problem after today's update. I have sent them for determination of whether they are false positive, too.

Thank you, I left a note for our detectives. :)

Thank you for reporting this issue.

I analyzed your files and they appear to be temporary files installed by the Service Pack 2 and maybe other Windows updates.

So it should not cause any problems if the files get deleted, however we will treat this as a false positive and adjust our detection rules accordingly with the next update scheduled for 2009-06-24.

Thank you for reporting this issue.

I analyzed your files and they appear to be temporary files installed by the Service Pack 2 and maybe other Windows updates.

So it should not cause any problems if the files get deleted, however we will treat this as a false positive and adjust our detection rules accordingly with the next update scheduled for 2009-06-24.

I had 199 virtumonde.sdn the 23 june 2009. All cleaned and deleted, however my PC functions OK. I had one start problem, repeat start solved that.

Removing these files will not compromise the computer since they are temporary copies of Windows update files only. In most cases Windows does not leave these files on the hard disk.