Virtumonde.sci false positive?

**gvwilliaa1** · 2009-10-26, 23:24

First scan since installing Windows 7.

--- Search result list ---
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-10-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-10-20 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-10-14 Includes\Dialer.sbi (*)
2009-10-13 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-13 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-10-13 Includes\Malware.sbi (*)
2009-10-21 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-20 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-10-20 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-10-13 Includes\Spyware.sbi (*)
2009-10-20 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi (*)
2009-10-21 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

**Yodama** · 2009-10-27, 13:52

Hello,

please see this on how to create a full report file and attach it to your next post or email it with a reference to this thread to detections@spybot.info for analysis.

**Matt** · 2009-10-27, 14:50

Originally Posted by gvwilliaa1

First scan since installing Windows 7.

--- Search result list ---
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Sounds like an malware orphan to me

**gvwilliaa1** · 2009-10-27, 16:36

Hope this helps.

**Yodama** · 2009-10-28, 08:09

looks like Matt was right, the report shows that the Browser Helper Object (BHO) in question is an orphan, which means that the associated files are not present anymore thus making the BHO useless.

There is also a second orphaned BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

It is safe to remove them in your case.

Other than that there are no suspicious entries in your report file.

**gvwilliaa1** · 2009-11-01, 21:04

Thanks for your help.

Regards

Alan

Thread: Virtumonde.sci false positive?

Thread Tools

Display

Virtumonde.sci false positive?

Log file attached

Posting Permissions