False positive or malware orphan? Or are my programs missing something here?

Using the right-click scan, I found Virtumonde.dll and/or .sdn when scanning any given image folder containing the Thumbs.db file(s).

It only appears on the Heuristic scan; the regular Malware scan always lists the same file(s) as 'nothing found' during right-click. Normal scans initiated in SpybotS&D itself results in a green check, all clear. AVG Free similarly does not detect any malware, and otherwise my system seems to be running normally.


Windows XP Pro SP2
Firefox 3.5.5
SpybotS&D 1.6.2.46, last update on 12/2

Sorry, if there's a log of right-click scans then I'm having trouble finding them.

Thanks in advance.

~Z

Hello,

this is a false positive with the heuristics part of the scan. There will be changes to this with the next detection update scheduled for Wednesday 2009-12-09. Please report in again if the the result still shows the items after the update.

I have downloaded the programme with the update today (18-12-2009) and the same problem (menrtiooned in the previous posts) occurs.

please attach the files that get detected as Virtumonde to your email to detections@spybot.info with a reference to this thread.

Apologies for the late response; been a busy holiday.

I've since updated, but am still getting Virtumonde.dll Heuristic infections on some Thumbs.db files; at the same time other Thumbs.db files scan as "Nothing found." I can't distinguish any difference between the supposedly infected files and the uninfected; both can exist in the same folder. Also, I'm at least not seeing any Virtumonde.sdn.

On the other hand, now I'm seeing Fraud.SecurityTool on the Heuristic side of certain .jpg files. Not all of them, just some.

Again, this only happens on the right-click scans, and the normal Malware side of it all reads "Nothing found." Regular system scans on both SpybotS&D and Norton are coming back clean.

~Z

Hello,

Fraud.SecurityTool heuristics detecting jpg files is also a false positive, it will be fixed with the next detection update scheduled for Wednesday 2010-01-06.

Hi

I´ve had similar detections, but in files like doc (word), pdf (adobe reader) and htm.

Could be, like this case, a false positive?

Thanks in advance for the answer.

Reacher

Hello,

if the scan shows heuristics results for Fraud.SecurityTool only and not malware it is very likely a false positive. Please wait for the update Wednesday 2010-01-06.

I am also getting Virtumonde.dll, on a right-click scan only, heuristics only, in a single, very old Thumbs.db file (in folder containing only jpgs) (running latest SSD w/ latest updates on Win7).

It just seems unlikely b/c it's suddenly showing in my backup flash drive, which only gets plugged into the PC once a month and that only after a safe-mode, full system scan w/ NAV, MBAM and SSD, and a HijackThis scan.

Thanks for your hard work! I sure hope it's a false positive, else my backups are toast :hair:

@ThumbDrive

make sure that you have all Spybot S&D updates installed, if the false positive with the Thumbs.db still occurs, then send in the file for analysis to detections@spybot.info with a reference to this thread.