Virtumonde all the time
I'm not sure....I'm using Vista. Every time I scan, it detects Virtumonde, in c:Win/sys32/zipfldr.DLL. So I run the program as Administrator, and clean it. Then when I reboot, and Spybot starts it auto search, there it is again! So I'm wondering is it not really cleaning it or what? Anyone have an idea? Thanks!
Hi dlbhina,
to Safer Networking Forums.
Which version of Spybot do you use?
Best regards - Beste Grüße,
Matt
Same problem
I too have the same problem. I use Windows XP Media Centre Edition.
Is this a real threat? Event viewer sees c:Win/sys32/zipfldr.DLL as a protected windows file and windows keeps restoring the file after Spybot cleans it up.
Last edited by kenmur; 2009-08-15 at 19:39.
Hi kenmur,
It sounds like a false positive from Spybot 1.5.x . But this verison is out of date. If you use this version, I would like to uninstall Spybot 1.5.2, reboot your computer, delete all leavings manually and install Spybot 1.6.2 from here.
For the two of you:
Which version of Spybot do you use?
Last edited by Matt; 2009-08-15 at 19:44.
Best regards - Beste Grüße,
Matt
Thank you Matt.
I tried as you said and it seemed to work.
btw I was using 1.5.2.20 and now 1.6.2.46
Cheers,
Ken.
You're welcome.Originally Posted by kenmur
Thank you Matt.
I tried as you said and it seemed to work.
btw I was using 1.5.2.20 and now 1.6.2.46
Cheers,
Ken.
Best regards - Beste Grüße,
Matt
Thanks Matt. Was on vacation and didn't get to your reply until now.
I hope you enjoyed your time.
Happy Safe Surfing!
Best regards - Beste Grüße,
Matt
should I upgrade also?
While I have not seen any classic symptoms of "Virtumonde", I always seem to find it in a scan.
I've been getting a simular false positive on a dll file or dll files that come under different names. Always in the C:\WINNT\system32 area.
Copying one of them and renaming to a txt file displays a company name in the file as: w w w . h e l i x c o m m u n i t y . o r g
This relates to RealPlayer (which I've tried to remove many times).
My version of S&D is 1.5.2.20
What worries me is the advice; "delete all leavings manually".
So if one does miss something, then what?
TIA,
Gerry
PS: While I donated many years ago, as soon as this old retired fart get's some expendable cash, I will do so again.
Last edited by Gerry_D; 2009-08-26 at 03:41. Reason: added PS.
Hello,
This is a false positive in older versions.
You seem to be using a dated version of Spybot-S&D.
Please uninstall Spybot - Search & Destroy according to the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Then download our current version Spybot - Search & Destroy 1.6.2. That should fix it.
You will find links to several download locations for this new version on our web site:
http://www.safer-networking.org/en/mirrors/index.html
Best regards
Sandra
Team Spybot
Posting Permissions
Reply With Quote