Search:

Hello Yodama,
Thanks for acknowledging on these findings.
And Thanks for the comment on the "download" directories I will remove "C:" from that section before the next scan.
Appreciate it.

Hello SpyBot S&D team,
I am running a scan on a laptop with the following config and the tool found a few potential threats :

- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) : last...

Hi Buster and Spybot team,

I just ran a scan on a different machine, an other Laptop that I have running Windows XP and here is what I have also with Virtumonde.sdn :
- Operating System : Windows...

Hi Buster,
Thanks for your answers.
Let me double check my understanding of what you said :
- these 2 files are true malwares / trojans and I need to get rid of them
- and if I have updated my...

Hello Spybot team,

I just ran a scan with the most recent version of Spybot S&D and I got these 2 detections flagged as Virtumonde.sdn.
Can you please tell if they are false positive ?

Here...

Hello Yodama,
My apologies for the delay in answering your previous suggestions, as I was away for a long week-end and I did not have access to my laptop.
I don't think I am running any kind of...

Hello Yodama,
I was able to generate a good PML file today with your configuration file (size is much smaller, about 1 MB) and the .EXE was indeed recreated at 10:00 AM.
I sent this file and an...

Hello Yodama,
I was not able to save a "decent" PML log file today. The .EXE file was recreated today at 10:02 am, but when I let procmon run for 2+ min, the PML log file was huge (800MB...

Hello Yodama,
1) Yes, the file was recreated at the same time with the same time stamp.
2) Will do as you indicated, and I should be able to send an email with the results later today if all goes...

Hello Yodama,
No problem at all.
So I used IceSword to delete the ".EXE" file at 08:30 am. No problem with that.

But at 10:00 am, the ".EXE" file is being re-created at the exact same time stamp...

Hello Yodama,
After my last post of 10/08/09, I have a new update for you.
This morning 10/12/09, I made a new update to Spybot, did a run and the tool found now the following:
SpyLocked: [SBI...

Hello Yodama,
Sorry for the delay in my answer.
1) First I noticed I had a typo in my previous report of the instances I found.
Here are the correct names.

- ".EXE". Created 08/21/2008 10:00...

Hello Yodama,
Here are the results of my searches.
1) Rootalyzer
Ran the quick scan : nothing found
Ran the deep scan : nothing found

2) search for files with same Modified dates

- ".EXE"....

Hello drragostea,
Thanks for helping here.
I just tried Virustotal, but it did not really work as the files are empty (argh, as in for no possible analysis). And they cannot be uploaded ...

Hello Yodama,
First Thanks for confirming about narrowing the detection on the result. Indeed removing C:\Program Files would probably not be a good idea :-(

Second Thanks for the 2 suggestions...

Hello drragostea and everyone,
sorry I am not sure I understand your answer.
I assume when you refer to the "empty folder", you meant the "AntiVirGear" folder ?

Because the alert message says :...

Hello,
This is my first post so I hope I am doing the right things.
I just installed the latest version 1.6.2 and ran a scan and I got the following alert which I believe is a false positive.
For...