Hi,
I am wondering why Spybot found virtuamond.dii in one of three 'identical' downloaded files.
I updated a program on three computers on my home network. One Vista with defender, IE8 and Spybot, one XP with defender firefox and Spybot, one XP with firefox and only Spybot--I didn't like Windows Defender. I have Avast on all three with auto update and I apply all Windows and Spybot updates while they're still warm and fresh. Always one right after the other going from room to room.
When I opened my new version file of another app, Spybot stopped and deleted virtuamonde.dii on the third (xp/ff/spybot) machine, but not the other two. Spybot scans were clean on the other two immediately after. This has happened before, on the second machine, I think.
So, where does the malware come from? The publisher, but only sometimes? Hitching a ride from cyberspace?
Just wondering,
Bub

Hello Bubbator,

Hi,
I am wondering why Spybot found virtuamond.dii in one of three 'identical' downloaded files.

Could you provide more information as per this topic, (ignore the title). How to report False Positives (http://forums.spybot.info/showthread.php?t=19117)

Best regards.

Hi,
pc #1= Windows Vista Home Premium, Internet Explorer 8.0.6001.18813, Spybot S&D 1.6.2.0 with latest update as of August 8, 2009*. No positive result.

tablet pc #2= Windows XP tablet, Firefox 3.5.2, Spybot S&D 1.6.2.0 with same update. No positve result.

pc #3= Windows XP Professional, Firefox and Spybot as above. "Teatimer message when a program was executed" Log: "8/9/2009 9:07:42 AM Encountered and terminated Virtumonde.Dll in C:\DOCUME~1\DRFAC8~1.BRU\LOCALS~1\Temp\nst52.tmp\AnyDVDTray.exe!"

*Latest update on all three pc's, log quote:"8/5/2009 9:01:37 AM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
8/5/2009 9:01:52 AM downloaded update Detection rules: Supplemental
8/5/2009 9:01:52 AM - URL: http://spybot.grailit.com/updates/supplemental.zip
8/5/2009 9:01:52 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
8/5/2009 9:02:04 AM downloaded update Detection rules: Update
8/5/2009 9:02:04 AM - URL: http://spybot.grailit.com/updates/includes.zip
8/5/2009 9:02:04 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"[mm/dd/yyyy]

I hope this is what you needed.:thanks:

B

hello Bubbator,

it looks like we need to take a further look.
The AnyDVDTray.exe normally should not be started from a temporary directory but from Slysofts program files folder.
Use your Explorer to navigate to this temporary files folder:
C:\DOCUME~1\DRFAC8~1.BRU\LOCALS~1\Temp\
then search it and it subfolders for AnyDVDTray.exe, zip the file and attach it to your next email.
Also do a full scan with Spybot S&D, then right click the scan result and choose to save a full report to your desktop, attach this report to your email to detections@spybot.info as well. Make a link to this thread in your email so we can make the connection between the email and this thread.