View Full Version : Fixed: Virtumonde all the time
I'm not sure....I'm using Vista. Every time I scan, it detects Virtumonde, in c:Win/sys32/zipfldr.DLL. So I run the program as Administrator, and clean it. Then when I reboot, and Spybot starts it auto search, there it is again! So I'm wondering is it not really cleaning it or what? Anyone have an idea? Thanks!
Hi dlbhina,
:welcome: to Safer Networking Forums.
Which version of Spybot do you use? :)
I too have the same problem. I use Windows XP Media Centre Edition.
Is this a real threat? Event viewer sees c:Win/sys32/zipfldr.DLL as a protected windows file and windows keeps restoring the file after Spybot cleans it up.
Hi kenmur,
:welcome: to Safer Networking Forums.
It sounds like a false positive from Spybot 1.5.x . But this verison is out of date. If you use this version, I would like to uninstall Spybot 1.5.2, reboot your computer, delete all leavings manually and install Spybot 1.6.2 from here (http://www.safer-networking.org/en/ownmirrors3/index.html).
For the two of you:
Which version of Spybot do you use?
Thank you Matt.
I tried as you said and it seemed to work. :thanks:
btw I was using 1.5.2.20 and now 1.6.2.46
Cheers,
Ken.
Thank you Matt.
I tried as you said and it seemed to work. :thanks:
btw I was using 1.5.2.20 and now 1.6.2.46
Cheers,
Ken.
You're welcome. :bigthumb:
Thanks Matt. Was on vacation and didn't get to your reply until now.
Thanks Matt. Was on vacation and didn't get to your reply until now.
I hope you enjoyed your time. :bigthumb:
Happy Safe Surfing!
While I have not seen any classic symptoms of "Virtumonde", I always seem to find it in a scan.
I've been getting a simular false positive on a dll file or dll files that come under different names. Always in the C:\WINNT\system32 area.
Copying one of them and renaming to a txt file displays a company name in the file as: w w w . h e l i x c o m m u n i t y . o r g
This relates to RealPlayer (which I've tried to remove many times).
My version of S&D is 1.5.2.20
What worries me is the advice; "delete all leavings manually".
So if one does miss something, then what?
TIA,
Gerry
PS: While I donated many years ago, as soon as this old retired fart get's some expendable cash, I will do so again.
spybotsandra
2009-08-26, 11:26
Hello,
This is a false positive in older versions.
You seem to be using a dated version of Spybot-S&D.
Please uninstall Spybot - Search & Destroy according to the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Then download our current version Spybot - Search & Destroy 1.6.2. That should fix it.
You will find links to several download locations for this new version on our web site:
http://www.safer-networking.org/en/mirrors/index.html
Best regards
Sandra
Team Spybot