Results 1 to 9 of 9

Thread: Virtumonde.Dll false positive

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    2

    Default Virtumonde.Dll false positive

    Operating System: Windows Vista Home SP1
    Browser and Version: Internet Explorer 7
    Version of Spybot S&D: 1.6.0.31
    Date of the latest update: 26-08-2008
    Where did the false positive occur: Scan result

    --- Report generated: 2009-08-26 21:43 ---

    Virtumonde.Dll: [SBI $8347FF87] Instellingen (Registerwaarde., nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs= C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL; C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll;

    Processes belong to Google Desktop & Kaspersky AV.

    Both programs are installed on my system since a long time.
    Previous S&D scan on 2009-08-15 turned up clean.

    Kaspersky AV scan: clean
    Adaware scan: clean

    I searched for extra info on Virtumode.dll with google.
    I could not find any of the files, processes or registry keys associated with Virtumonde.dll on my system.

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this false positive.
    This false positive occurs due to a version flag in the recent detection update in combination with an outdated version of Spybot S&D.
    To fix this false positive please make sure to install the most recent version of Spybot S&D, this is currently 1.6.2.

    Detection rules will also be modified, the next update is scheduled for Wednesday 2009-09-02.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    2

    Default

    Thank you for reply.
    Upgrading to 1.6.2 solved the issue.

  4. #4
    Junior Member
    Join Date
    Aug 2009
    Posts
    2

    Default

    Quote Originally Posted by polle View Post
    Thank you for reply.
    Upgrading to 1.6.2 solved the issue.
    Same here, I had the exact same version and everything as you. thank you guys!

  5. #5
    Junior Member
    Join Date
    Jun 2008
    Posts
    12

    Default

    hello,

    ouch! I received this message on Saturday. If you look back to the first post all I got was the text up to DLLs=. Because of this I have no idea what programs were referred to, so can only assume it was also Kaspersky and Google. Now, I acted on the spybot result and clicked "fixed selected problem". Now what do I do? Will there be a detrimental effect on my Kaspersky anti-virus? Over the past couple of days updates to Kaspersky have been coming in and so I am hoping all is ok. I would be grateful for any advice on this.

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    you can use Spybot S&Ds recovery function to restore the entries that you fixed.

    If you want to check out the entries in the registry open the registry editor and navigate to : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
    the data there will reference a couple of dll files, some of them may be different than the ones from polle's post. Security software is ok to be entered at this location while all others are suspicious.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Junior Member
    Join Date
    Jun 2008
    Posts
    12

    Default

    thanks for your reply Yodama. I will check the registry entry as you suggest. I'm hoping all is ok with Kaspersky as I'm still getting the updates each day. I guess all these sorts of happenings are a learning curve for us computer users!

  8. #8
    Junior Member
    Join Date
    Sep 2009
    Location
    Victoria BC canada
    Posts
    1

    Exclamation Re virtuemondII

    I have been using the search and destroy repeatedly and this will say prob. fixed the run scan again( up to 10 times in a row till comes up clean then sometimes a couple hrs later its back.
    Not a real good tech guy hear but can follow directions.
    Tried to find the 1.6.2 version but don't seem to be able to locate it.
    Am I missing something simple.
    Any help would be eternally appreciated

  9. #9
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by propower View Post
    I have been using the search and destroy repeatedly and this will say prob. fixed the run scan again( up to 10 times in a row till comes up clean then sometimes a couple hrs later its back.
    Not a real good tech guy hear but can follow directions.
    Tried to find the 1.6.2 version but don't seem to be able to locate it.
    Am I missing something simple.
    Any help would be eternally appreciated
    try this Link for the download of Spybot S&D 1.6.2
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •