False Positive on Virtumonde in zipfldr.dll?
Greetings.
On a SBS&D scan this evening, Virtumonde was identified as being present on one of my computers in the following DLL (only):
c:\Windows\system32\zipfldr.dll
The machine is not misbehaving in any noticeable manner, in ways I have seen documented on this trojan or otherwise. The creation and modification date on the file is the same. I ran a scan on two other computers in my home: one using the same version and build of the program, and another using a newer version but the same build again... and no such infection was found on either of them. A complete scan with Kaspersky Anti-Virus 7.x on the system in question found no infection either.
I am wondering if this is a comparable situation that was reported last month and even one from last summer, both of which turned out to be false positives. To this possible end, I emailed a copy of the file in question to your Detections email address with reference to this thread.
Below is the log report generated associated with this alert; please note that the first entry is related to Kaspersky's presence. Thanks in advance for your assistance.
--- Report generated: 2009-02-23 20:57 ---
Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
Virtumonde: [SBI $92386332] Library (File, nothing done)
C:\WINDOWS\system32\zipfldr.dll
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-04-02 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-17 Includes\KeyloggersC.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-02-17 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-10 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-18 Includes\Trojans.sbi (*)
2009-02-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Reply With Quote
Originally Posted by dsbsnag
