virtumonde trojan

[GhanGuy]

Similar to this thread started above, I visited my out-of-state sister last weekend, and updated her Spybot (she is not computer savvy). After running a scan, it turned up two instances of virtumonde trojan on her PC. One is cqsccol.dll, and the other dosfnt01.dll. I clicked the fix problem button, and Spybot said both instances were fixed. Then I re-scanned her PC, and it again turned up the two instances of virtumonde trojan. I repeated the fix problem, but the re-scan again showed the virtumonde trojan. I rebooted her PC, and again Spybot was not able to successfully permanently remove the trojan.

She runs Windows ME.

Any suggestions on how to permanently remove the virtumonde trojan? What is the danger of not being able to delete it?

Thanks for the help....

[tashi]

Hello GhanGuy

The issue "False Positives > virtumonde trojan" has not been marked as resolved yet.

She runs Windows ME.

Meanwhile please see: End of support for Windows 98 and Windows ME

Best regards.

[MisterW]

Hello,
it would be very helpful if you could provide us these files. Please send it to detections@spybot.info . If it is a false positive we will solve it with our next update scheduled for wednesday

Best regards,
Markus
Team Spybot

[GhanGuy]

Tashi - Thank you for the quick reply. Spybot runs well on Windows ME (unlike some other programs that are not backwards compatible). It's too bad that MicroSoft does not support the older software at all. My sister will probably unfortunately keep running the Windows ME until it gets totally corrupted.

MisterW - I have returned home, so I cannot forward you the affected .dll files. I'll try to talk my sister through the process of sending them to you.

[alicez]

Hello,
Before you restore the file what would mean a possible risk for your computer please have a look at the recovery files itself. They are stored at

c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

There should be one file named something like Virtumonde.zip. Please send this file to us via mail.

Best regards,
Markus

@drragostea: Sorry for my late reply to your pm!

=======================

How do I send via email?

[MisterW]

Hello,
we got your mail and we can confirm that it is a false positive and will be fixed in the next update scheduled for Wednesday

Best regards,
Markus

[alicez]

Hello,
we got your mail and we can confirm that it is a false positive and will be fixed in the next update scheduled for Wednesday

Best regards,
Markus

Thank you.

What should I do now? Should I remove the Virtumonde from Recovery?
Should I restore the Virtumonde? If so, how would I do that?

[Yodama]

@alicez

yes please recover these 2 files,

• start Spybot S&D
• click on recovery
• look for the 2 files named above
• select them and click on the check boxes until there are green checkmarks
• click on recover selected items

[tiger2]

What do you mean by:
"look for the 2 files named above"

I think there is only one files, namely: Virtumonde

I'll be going to my neighbor's house tomorrow when I can see what actually is in the Recovery.

AliceZ (Sorry for posting under my husband's sign-in name!)

[tiger2]

Similar to this thread started above, I visited my out-of-state sister last weekend, and updated her Spybot (she is not computer savvy). After running a scan, it turned up two instances of virtumonde trojan on her PC. One is cqsccol.dll, and the other dosfnt01.dll. I clicked the fix problem button, and Spybot said both instances were fixed. Then I re-scanned her PC, and it again turned up the two instances of virtumonde trojan. I repeated the fix problem, but the re-scan again showed the virtumonde trojan. I rebooted her PC, and again Spybot was not able to successfully permanently remove the trojan.

She runs Windows ME.

Any suggestions on how to permanently remove the virtumonde trojan? What is the danger of not being able to delete it?

Thanks for the help....

Just a thought = Think it would be proper for you to have posted your question as a separate thread as I am getting messages when answers are posted to your question(s). Thank you.