Hello,

I've decided to register because I am wondering about a few things concerning the trojan virtumonde.

I was using Vista but changed today for Windows Seven, the fact is that I had virtumonde on vista, but was able to delete it. Then my computer began working much better (because it was very slow before) but it seemed that all the files created by virtumonde were still on the disk.

When I launch a complete scan with Spybot, there are something like 650 000 files, and close to 500 000 are virtumonde (it can be dll, sci or sdn i think).

My computer is working just fine, and what I am wondering is : why are there so many files for virtumonde, and I could I delete them from my computer if they are on it.

It seems that when I installed Seven, it didn't really format the hard-drive, because if it was the case I suppose that I would not have those virtumonde files anymore.

I hope that someone will be able to answer me.

And thanks for creating Spybot, I have recommanded it alot amongst my friends and family ;)

Hi cireza,

:welcome: to Safer Networking Forums.



I was using Vista but changed today for Windows Seven, the fact is that I had virtumonde on vista, but was able to delete it.
Can you post the logfile from Spybot after this scan?



When I launch a complete scan with Spybot, there are something like 650 000 files, and close to 500 000 are virtumonde (it can be dll, sci or sdn i think).

My computer is working just fine, and what I am wondering is : why are there so many files for virtumonde, and I could I delete them from my computer if they are on it.

It seems that when I installed Seven, it didn't really format the hard-drive, because if it was the case I suppose that I would not have those virtumonde files anymore.

I hope that someone will be able to answer me.

And thanks for creating Spybot, I have recommanded it alot amongst my friends and family ;)
I guess your are talking about malware description under the (green) status bar. This status bar should only tell you that Spybot is searching for a specific Malware at the moment.
And yes, you are right. Spybot has about 400.000 to 500.000 detection rules about Virtumonde in it's database. The reason for that is very simple:
The virtumonde trojan changes every day. :fear:

I see almost every day new malware files, which belong to Virtumonde. :)

If Spybot detects Virtumone on your computer, it looks like that (http://www.safer-networking.org/images/spybotsd/getstarted5-interpretation.en.png).

So my question:
Did Spybot find Virtumonde on your computer or are you only worried about the fact that Spybot searches a long time for this kind of Malware?

Hi Matt,

First of all, thank you for answering me.

I read your post entirely and there is no need for me to post a log file from Spybot because you were able to solve my problem.

I was indeed worried by the fact that so many rules had the Virtumonde name because I thought that I had as many files on my hard-drive that were infected.

But in fact, I do not have any warning like the ones you have shown me in your picture, so everything is fine then. I was just a little bit worried because of the time it spent on searching for this malware !

Thanks :)

Hello csnomolas, your post containing a HJT log has been moved to the Malware forum.
http://forums.spybot.info/showthread.php?t=52551

Best regards.

Hello csnomolas, your post containing a HJT log has been moved to the Malware forum.
http://forums.spybot.info/showthread.php?t=52551

Best regards.
Wrong post? ;)



Hi Matt,

First of all, thank you for answering me.

I read your post entirely and there is no need for me to post a log file from Spybot because you were able to solve my problem.

I was indeed worried by the fact that so many rules had the Virtumonde name because I thought that I had as many files on my hard-drive that were infected.

But in fact, I do not have any warning like the ones you have shown me in your picture, so everything is fine then. I was just a little bit worried because of the time it spent on searching for this malware !

Thanks :)
You're welcome. :)