Results 1 to 6 of 6

Thread: Possible Virtumonde.sdn false positives

  1. #1
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default Possible Virtumonde.sdn false positives

    After the 2009-06-17 updates I picked up the following "Virtumonde.sdn" detections:

    Code:
    --- Report generated: 2009-06-17 11:50 ---
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005686_.tmp.dll
      Properties.size=132096
      Properties.md5=3CD291A2C4909088B3D1E98DED73D4B2
      Properties.filedate=1155817707
      Properties.filedatetext=2006-08-17 08:28:27
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005687_.tmp.dll
      Properties.size=146432
      Properties.md5=777EB29D0135D81AD9828A2B05443496
      Properties.filedate=1091595418
      Properties.filedatetext=2004-08-04 00:56:58
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005688_.tmp.dll
      Properties.size=101888
      Properties.md5=A1C10F87248529173F39F4B4734DF14B
      Properties.filedate=1091595408
      Properties.filedatetext=2004-08-04 00:56:48
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005689_.tmp.dll
      Properties.size=1845248
      Properties.md5=E0F718290D19531FD10328EFB09808EC
      Properties.filedate=1205920020
      Properties.filedatetext=2008-03-19 05:47:00
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005696_.tmp.dll
      Properties.size=96768
      Properties.md5=0CB3AF149A0BAC0836022CA307C7A0F8
      Properties.filedate=1102447954
      Properties.filedatetext=2004-12-07 15:32:34
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005697_.tmp.dll
      Properties.size=22040
      Properties.md5=3967AEEE12073446C4FB4AF0B681F0FA
      Properties.filedate=1090079324
      Properties.filedatetext=2004-07-17 11:48:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005698_.tmp.dll
      Properties.size=50688
      Properties.md5=BD7FB0957C716F1A60333AEE04DE2178
      Properties.filedate=1091595418
      Properties.filedatetext=2004-08-04 00:56:58
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005699_.tmp.dll
      Properties.size=983552
      Properties.md5=7808313CBC634EE08346D5DDFEF1CC5F
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005701_.tmp.dll
      Properties.size=108032
      Properties.md5=C6CE6EEC82F187615D1002BB3BB50ED4
      Properties.filedate=1091595416
      Properties.filedatetext=2004-08-04 00:56:56
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005702_.tmp.dll
      Properties.size=144896
      Properties.md5=532EA80E9F5452928F8426653215BE29
      Properties.filedate=1177510875
      Properties.filedatetext=2007-04-25 10:21:15
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005705_.tmp.dll
      Properties.size=415744
      Properties.md5=E15154E7FDA8A580A8F74C7CC16B1FFE
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005706_.tmp.dll
      Properties.size=64000
      Properties.md5=EBE12F403FDE45E7312E7BF764BFB6C6
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005708_.tmp.dll
      Properties.size=58880
      Properties.md5=1D536BEBC30DD8D0D3B6FF3B0CD2D32B
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005709_.tmp.dll
      Properties.size=61440
      Properties.md5=30E244A707E6CE0A4B099CD6384EC6CA
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005710_.tmp.dll
      Properties.size=657920
      Properties.md5=BA5D5FD3CCA6F64A429E2E0E1A1A0917
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005712_.tmp.dll
      Properties.size=236544
      Properties.md5=CD1F7ED9842138BEADF9ECBF37818BEF
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005715_.tmp.dll
      Properties.size=37888
      Properties.md5=980665E58317B29C9A0F7221D576CC51
      Properties.filedate=1122352789
      Properties.filedatetext=2005-07-26 00:39:49
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005716_.tmp.dll
      Properties.size=550912
      Properties.md5=0144ABC4C4A624B583D432EE478A711C
      Properties.filedate=1196793493
      Properties.filedatetext=2007-12-04 14:38:13
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005718_.tmp.dll
      Properties.size=419840
      Properties.md5=0738F4B53D967E46CC5E51F84BC1EB39
      Properties.filedate=1091595416
      Properties.filedatetext=2004-08-04 00:56:56
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005720_.tmp.dll
      Properties.size=8192
      Properties.md5=C5EF2A4F6CB968B3119B43F43C64A1A6
      Properties.filedate=1091595406
      Properties.filedatetext=2004-08-04 00:56:46
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005721_.tmp.dll
      Properties.size=708096
      Properties.md5=BB5CBFFC096497506167BCE1D9690EF2
      Properties.filedate=1091595398
      Properties.filedatetext=2004-08-04 00:56:38
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005723_.tmp.dll
      Properties.size=129536
      Properties.md5=77C41F9146450C89534704A75836CE56
      Properties.filedate=1091595404
      Properties.filedatetext=2004-08-04 00:56:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005726_.tmp.dll
      Properties.size=721920
      Properties.md5=F1C69FD5009CD4219C8DCA5DF475D66B
      Properties.filedate=1194427616
      Properties.filedatetext=2007-11-07 05:26:56
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005728_.tmp.dll
      Properties.size=341504
      Properties.md5=71D3D970127D939A4BB062B5040B6EBA
      Properties.filedate=1091595404
      Properties.filedatetext=2004-08-04 00:56:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005729_.tmp.dll
      Properties.size=249270
      Properties.md5=1F3E83A56B5177A22BA9594A37F986BE
      Properties.filedate=1090079324
      Properties.filedatetext=2004-07-17 11:48:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005730_.tmp.dll
      Properties.size=13824
      Properties.md5=B3EFF6D938C572E90A07B3D87A3C7657
      Properties.filedate=1091595404
      Properties.filedatetext=2004-08-04 00:56:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005731_.tmp.dll
      Properties.size=984576
      Properties.md5=A01F9CA902A88F7CED06884174D6419D
      Properties.filedate=1176738773
      Properties.filedatetext=2007-04-16 11:52:53
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005732_.tmp.dll
      Properties.size=144384
      Properties.md5=5AFCE94E8286B2F57A04DA37F01BF21A
      Properties.filedate=1091595404
      Properties.filedatetext=2004-08-04 00:56:44
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005735_.tmp.dll
      Properties.size=111616
      Properties.md5=EF545E1A4B043DA4C84E230DD471C55F
      Properties.filedate=1148043581
      Properties.filedatetext=2006-05-19 08:59:41
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005736_.tmp.dll
      Properties.size=135168
      Properties.md5=E931B4DD87DFACE46468FD506FDCD262
      Properties.filedate=1091595418
      Properties.filedatetext=2004-08-04 00:56:58
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005737_.tmp.dll
      Properties.size=32768
      Properties.md5=D06EAA8B23BC1F671B11D18CFEA65115
      Properties.filedate=1091595402
      Properties.filedatetext=2004-08-04 00:56:42
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005738_.tmp.dll
      Properties.size=276992
      Properties.md5=1EDB1BB89D021955E6F7265911175B8D
      Properties.filedate=1091595402
      Properties.filedatetext=2004-08-04 00:56:42
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005739_.tmp.dll
      Properties.size=617472
      Properties.md5=B0124CB21D28B1C9F678B566B6B57D92
      Properties.filedate=1156520758
      Properties.filedatetext=2006-08-25 11:45:58
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005744_.tmp.dll
      Properties.size=616960
      Properties.md5=1AFF244CA134956C54474F4E2433E4CE
      Properties.filedate=1091595402
      Properties.filedatetext=2004-08-04 00:56:42
    
    Virtumonde.sdn: [SBI $2CF65D3D]  Library (File, nothing done)
      C:\WINDOWS\system32\_005746_.tmp.dll
      Properties.size=2897920
      Properties.md5=1320AEA7057A26A671D9548CC7BEBDA5
      Properties.filedate=1091595398
      Properties.filedatetext=2004-08-04 00:56:38
    
    
    --- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---
    
    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer 1.6.4.26.exe (1.6.4.26)
    2009-02-11 TeaTimer 1.6.5.28.exe (1.6.5.28)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-02-12 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-06-02 Includes\AdwareC.sbi (*)
    2009-04-28 Includes\Beta.sbi
    2007-11-06 Includes\Beta.uti
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-06-02 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-06-09 Includes\HijackersC.sbi (*)
    2009-06-16 Includes\Keyloggers.sbi (*)
    2009-06-16 Includes\KeyloggersC.sbi (*)
    2009-06-10 Includes\Malware.sbi (*)
    2009-06-16 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-06-17 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-06-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi (*)
    2009-06-17 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Although I am continuing to research the source of the "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files that were detected, it appears that the files were generated over a period of time and only were detected after the 2009-06-17 updates. Therefore, I suspect that these detections may be false positives.

    I am sending an email to detections@spybot.info containing:
    1. A reference to this thread.
    2. With attachments:
      1. Of my Checks.090617-1150.txt file.
      2. A zipped folder (named "2009-06-17 detections.zip") containing the 35 files "C:\WINDOWS\system32\_nnnnnn_.tmp.dll" files identified in the Checks.090617-1150.txt file as "Problems".

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  2. #2
    Junior Member
    Join Date
    May 2007
    Location
    Oklahoma City
    Posts
    9

    Default

    I believe you are right - I also had this problem after today's update. I have sent them for determination of whether they are false positive, too.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Thank you, I left a note for our detectives.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this issue.

    I analyzed your files and they appear to be temporary files installed by the Service Pack 2 and maybe other Windows updates.

    So it should not cause any problems if the files get deleted, however we will treat this as a false positive and adjust our detection rules accordingly with the next update scheduled for 2009-06-24.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    1

    Smile

    Quote Originally Posted by Yodama View Post
    Thank you for reporting this issue.

    I analyzed your files and they appear to be temporary files installed by the Service Pack 2 and maybe other Windows updates.

    So it should not cause any problems if the files get deleted, however we will treat this as a false positive and adjust our detection rules accordingly with the next update scheduled for 2009-06-24.
    I had 199 virtumonde.sdn the 23 june 2009. All cleaned and deleted, however my PC functions OK. I had one start problem, repeat start solved that.

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Removing these files will not compromise the computer since they are temporary copies of Windows update files only. In most cases Windows does not leave these files on the hard disk.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •