Heuristics: Virtumonde.dll/Virtumonde.sdn

[Cyan Ducard]

False positive or malware orphan? Or are my programs missing something here?

Using the right-click scan, I found Virtumonde.dll and/or .sdn when scanning any given image folder containing the Thumbs.db file(s).

It only appears on the Heuristic scan; the regular Malware scan always lists the same file(s) as 'nothing found' during right-click. Normal scans initiated in SpybotS&D itself results in a green check, all clear. AVG Free similarly does not detect any malware, and otherwise my system seems to be running normally.


Windows XP Pro SP2
Firefox 3.5.5
SpybotS&D 1.6.2.46, last update on 12/2

Sorry, if there's a log of right-click scans then I'm having trouble finding them.

Thanks in advance.

~Z

[Yodama]

Hello,

this is a false positive with the heuristics part of the scan. There will be changes to this with the next detection update scheduled for Wednesday 2009-12-09. Please report in again if the the result still shows the items after the update.

[mirek-j]

I have downloaded the programme with the update today (18-12-2009) and the same problem (menrtiooned in the previous posts) occurs.

[Yodama]

please attach the files that get detected as Virtumonde to your email to detections@spybot.info with a reference to this thread.

[Cyan Ducard]

Apologies for the late response; been a busy holiday.

I've since updated, but am still getting Virtumonde.dll Heuristic infections on some Thumbs.db files; at the same time other Thumbs.db files scan as "Nothing found." I can't distinguish any difference between the supposedly infected files and the uninfected; both can exist in the same folder. Also, I'm at least not seeing any Virtumonde.sdn.

On the other hand, now I'm seeing Fraud.SecurityTool on the Heuristic side of certain .jpg files. Not all of them, just some.

Again, this only happens on the right-click scans, and the normal Malware side of it all reads "Nothing found." Regular system scans on both SpybotS&D and Norton are coming back clean.

~Z

[Yodama]

Hello,

Fraud.SecurityTool heuristics detecting jpg files is also a false positive, it will be fixed with the next detection update scheduled for Wednesday 2010-01-06.