The last two weeks, after updating with the latest definitions, at the conclusion of a scan Spybot reports a Virtumonde.sdn infection, as follows:
Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
I suspect that this may be a false positive, but would appreciate help from those in the know. If it's not a false positive, what steps should I follow to fix the problem?
OS: Windows XP SP3 Professional
Browser: IE6
Spybot: 1.6.0.30
Latest definitions Update: 28 April 2010
Report appeared following a routine scan
Regards,
John
Image of the Registry key involved is attached: