PDA

View Full Version : As Intended: Virtumonde.sci false positive?


gvwilliaa1
2009-10-26, 23:24
First scan since installing Windows 7.

--- Search result list ---
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-10-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-10-20 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-10-14 Includes\Dialer.sbi (*)
2009-10-13 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-13 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-10-13 Includes\Malware.sbi (*)
2009-10-21 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-20 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-10-20 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-10-13 Includes\Spyware.sbi (*)
2009-10-20 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi (*)
2009-10-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
Yodama
2009-10-27, 13:52
Hello,

please see this (http://forums.spybot.info/showthread.php?t=19117) on how to create a full report file and attach it to your next post or email it with a reference to this thread to detections@spybot.info for analysis.
Matt
2009-10-27, 14:50
First scan since installing Windows 7.

--- Search result list ---
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
Sounds like an malware orphan (http://www.systemlookup.com/CLSID/3519-no_file.html) to me
gvwilliaa1
2009-10-27, 16:36
Hope this helps.
Yodama
2009-10-28, 08:09
looks like Matt was right, the report shows that the Browser Helper Object (BHO) in question is an orphan, which means that the associated files are not present anymore thus making the BHO useless.

There is also a second orphaned BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

It is safe to remove them in your case.

Other than that there are no suspicious entries in your report file.
gvwilliaa1
2009-11-01, 21:04
Thanks for your help.

Regards

Alan