Results 1 to 10 of 10

Thread: Heuristics: Virtumonde.dll/Virtumonde.sdn

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    3

    Default Heuristics: Virtumonde.dll/Virtumonde.sdn

    False positive or malware orphan? Or are my programs missing something here?

    Using the right-click scan, I found Virtumonde.dll and/or .sdn when scanning any given image folder containing the Thumbs.db file(s).

    It only appears on the Heuristic scan; the regular Malware scan always lists the same file(s) as 'nothing found' during right-click. Normal scans initiated in SpybotS&D itself results in a green check, all clear. AVG Free similarly does not detect any malware, and otherwise my system seems to be running normally.


    Windows XP Pro SP2
    Firefox 3.5.5
    SpybotS&D 1.6.2.46, last update on 12/2

    Sorry, if there's a log of right-click scans then I'm having trouble finding them.

    Thanks in advance.

    ~Z

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    this is a false positive with the heuristics part of the scan. There will be changes to this with the next detection update scheduled for Wednesday 2009-12-09. Please report in again if the the result still shows the items after the update.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    Default The same problem again

    I have downloaded the programme with the update today (18-12-2009) and the same problem (menrtiooned in the previous posts) occurs.

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    please attach the files that get detected as Virtumonde to your email to detections@spybot.info with a reference to this thread.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Junior Member
    Join Date
    Dec 2005
    Posts
    3

    Default Update

    Apologies for the late response; been a busy holiday.

    I've since updated, but am still getting Virtumonde.dll Heuristic infections on some Thumbs.db files; at the same time other Thumbs.db files scan as "Nothing found." I can't distinguish any difference between the supposedly infected files and the uninfected; both can exist in the same folder. Also, I'm at least not seeing any Virtumonde.sdn.

    On the other hand, now I'm seeing Fraud.SecurityTool on the Heuristic side of certain .jpg files. Not all of them, just some.

    Again, this only happens on the right-click scans, and the normal Malware side of it all reads "Nothing found." Regular system scans on both SpybotS&D and Norton are coming back clean.

    ~Z
    Last edited by Cyan Ducard; 2010-01-04 at 09:10.

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    Fraud.SecurityTool heuristics detecting jpg files is also a false positive, it will be fixed with the next detection update scheduled for Wednesday 2010-01-06.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    1

    Default Fraud.Securitytool in .doc, htm eand pdf files

    Hi

    I´ve had similar detections, but in files like doc (word), pdf (adobe reader) and htm.

    Could be, like this case, a false positive?

    Thanks in advance for the answer.

    Reacher

  8. #8
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    if the scan shows heuristics results for Fraud.SecurityTool only and not malware it is very likely a false positive. Please wait for the update Wednesday 2010-01-06.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  9. #9
    Guest
    Join Date
    Jan 2010
    Posts
    1

    Default

    I am also getting Virtumonde.dll, on a right-click scan only, heuristics only, in a single, very old Thumbs.db file (in folder containing only jpgs) (running latest SSD w/ latest updates on Win7).

    It just seems unlikely b/c it's suddenly showing in my backup flash drive, which only gets plugged into the PC once a month and that only after a safe-mode, full system scan w/ NAV, MBAM and SSD, and a HijackThis scan.

    Thanks for your hard work! I sure hope it's a false positive, else my backups are toast

  10. #10
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    @ThumbDrive

    make sure that you have all Spybot S&D updates installed, if the false positive with the Thumbs.db still occurs, then send in the file for analysis to detections@spybot.info with a reference to this thread.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •