Virtumonde Win98

[alicez]

My elderly neighbor has run SB tonight and she told me it found one Problem. It states: Virtumonde - 1 entry Trojan.
How would we go about helping her get it off of her old Vaio notebook which is using Win98?

Thank you for your help. I'll tell her not to worry for now.

Alice

[Matt]

Hi alicez,

which version of Spybot does she use?
Isn't Spybot able to delete this entry?

[alicez]

Thank you.
I went to see her this A.M. and she told me she clicked the "Fix It" and got the reply (something like) "Problem Fixed." Seems to have been easy to remove!
Said she ran another scan and nothing found. She looked in the "Vault" and saw that 'virtumonde' was listed.

I didn't think it would be that easy to remove after reading all the 'virtumonde' posts and the 'long' explanations that were listed regarding how to remove this 'trojan.' Maybe that is because those people had newer OS?

(I believe she has the latest SB 162)

So, there is nothing more she has to do?
Should she leave that virtumonde in the "Vault?"

[Matt]

I went to see her this A.M. and she told me she clicked the "Fix It" and got the reply (something like) "Problem Fixed." Seems to have been easy to remove!
Said she ran another scan and nothing found.

Sounds good to me.

She looked in the "Vault" and saw that 'virtumonde' was listed.

Should she leave that virtumonde in the "Vault?"

Now you have to help me... my Engish isn't good enough. What does "vault" mean? The translation programs I use don't give me a good explanation... and the meanings of this word doesn't fit here

So, there is nothing more she has to do?

She could ran more AntiMalware tools.
Well, the problem is that there aren't many tools which are still supporting Windows 98.

If she thinks that she is still infected:
http://forums.spybot.info/showpost.p...88&postcount=2

Please keep me updated.

[alicez]

Thank you Matt.

Went back to look at her notebook and the file is in the "Recovery" section. I should have said that originally.

Should she leave that "virtumonde trojan" in there (Recovery section)? If not, how would she get rid of it?

P.S. Your English is fine.

[Matt]

Should she leave that "virtumonde trojan" in there (Recovery section)? If not, how would she get rid of it?

Well, that's a decision on her own... I would delete it (select the item(Virtumonde) and click "purge selected items")

Well, it's a little bit strange that Spybot did only detect one file... perhaps a leaving which can be only detected with newer rules...

Can you give me the path and filename(I want to eliminate the possibility that it is a false positive (FP) )?

P.S. Your English is fine.

[alicez]

Thank you.

All that I can see is: C:\Windows\System\DOSFNT01.dll

Is that what you wanted?

[Matt]

All that I can see is: C:\Windows\System\DOSFNT01.dll

Is that what you wanted?

Well, it looks more like a false positive to me now. It could belong to Microsoft or a printer. Does she get error messages?

To be really on the safe side, I would like you to report a possible FP here.

More information:
Infected Files. How To Submit. Please do not attach or link them here.

If you decide to do so, I'll write a PM to a member of TeamSpybot to check this in the next days.