Spybot S&D locking up!

[Ricky-D]

Recently for the past three of four times my Spybot 1.6.2 is locking up at the same point each time.

The point is noted as 495258/860718 Virtumonde.sdn

I've uninstalled Spybot and reinstalled Spybot but that has not cured the problem.

I need help to get this problem solved

Thanks, Ricky-D

[Zenobia]

You could open Spybot,click Mode,Advanced Mode,Settings,Ignore Products,and at the All Products tab,scroll through and find Virtumonde.sdn,then temporarily checkmark it to be ignored,to see if Spybot will be able to get through the scan that way.

Are you having any other problems with your computer?

[Ricky-D]

You could open Spybot,click Mode,Advanced Mode,Settings,Ignore Products,and at the All Products tab,scroll through and find Virtumonde.sdn,then temporarily checkmark it to be ignored,to see if Spybot will be able to get through the scan that way.

Are you having any other problems with your computer?

I have followed your directions and Spybot S&D has now made it through the scan successfully. Thank-you

I have experienced no problems whatsoever up to this particular time.

Should I proceed to continue running Spybot S&D in the advanced mode.

Is the event that happened, referred to as a 'false positive' or is my computer now infected with a virus that cannot be removed?

I thank you for your help and quick response.

Ricky-D

[drragostea]

Hello there. Proceeding to run in Advanced Mode is up to the user as it either mode does not impact the performance of Spybot-Search&Destroy. Default Mode is simplified while Advanced Mode offers more options to the users (would not be necessary to the everyday PC user).

A false positive occurs when a legitimate file is mistakenly marked as a bad file. In your case, you do not have a False Positive, so do not worry.

[Zenobia]

You're welcome.

Checkmarking Virtumonde.sdn to be ignored let you be able to run a complete Spybot scan,but unfortunately Spybot will no longer check for Virtumonde.sdn.
That doesn't mean you necessarily have a virus or malware,though.I wanted to see if Spybot would go past Virtumonde.sdn or if it would lock up again after it got past that point.So,like drragostea said,no need to worry.

Would you open Spybot,click Mode,then Advanced Mode,if you've switched back to Default Mode,then go to Settings,Ignore Products,and at the All Products tab,scroll through and uncheck Virtumonde.sdn to be ignored?
Then start windows in safe mode:
http://www.computerhope.com/issues/chsafe.htm
Open Spybot while in safe mode,and run a scan.Does it still lock up at the same point it did before?
When you're done,just reboot your computer to get out of safe mode.

[Ricky-D]

according to your instructions:

Opened Spybot S&D and unchecked Virtumonde.sdn in the advanced mode and proceeded to then run the Spybot S&D program.

Results were that Spybot S&D found a virus: Virtumonde.sdn Trojans c

I 'removed the entry' according to directions and closed Windows.

Restarted Windows in normal mode and came directly to this thread to report on what had transpired.

Do you consider there is no more to do, with the problem I have had?

Is my computer healthy again?

Thanks for all you help. Ricky-D

[Zenobia]

You're welcome.
There might not be more to do,but I would like to see what was found,though.It just makes it easier to see if I ought to suggest you go to malware removal,or not,if I can track down what was found.

Could you copy and paste what Spybot found here?
Open Spybot,go to Mode,Advanced Mode,Tools,View Report,View Previous Report,then find the fixes log from when you ran the scan.It'll have the date in it...like this:Fixes.yymmdd-hhmm

[Ricky-D]

--- Report generated: 2010-02-15 18:58 ---

Virtumonde.sdn: [SBI $52D0EB0F] Library (File, fixed)
C:\WINDOWS\system32\ENCAPI32.DLL
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-02-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-02-09 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-02-09 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-02-09 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-02-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-02-10 Includes\Malware.sbi (*)
2010-02-10 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-02-09 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-02-09 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-02-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thank you again for the help you provided to me.

Ricky-D

[Zenobia]

Hi,there.
Thanks for posting your report.

From what I could find,ENCAPI32.DLL could either be a bad file,or it could be part of Microsoft's Encarta.And,the location of either seems to be the same in both cases,from all I could gather.

Did you have Encarta or anything related to Encarta installed on your computer?
Or Microsoft Works & Money,or something along those lines?

[Ricky-D]

Hi,there.
Thanks for posting your report.

From what I could find,ENCAPI32.DLL could either be a bad file,or it could be part of Microsoft's Encarta.And,the location of either seems to be the same in both cases,from all I could gather.

Did you have Encarta or anything related to Encarta installed on your computer?
Or Microsoft Works & Money,or something along those lines?

I have found three files in C:\Documents and Settings\Richard\Start Menu\Programs\Microsoft Reference. Three shortcuts, two associated with Encarta 96 encyclopedia and the other associated with a Mulitmedia Catalog. All three shortcuts were non functional and I deleted them. A subsequent search revealed no more files related to "Encarta" There are no Microsoft Works programs at all on my computer. I looked for (ENCAPI32.DLL) but no file exists, at least not anymore! I hope I did the correct thing in removing those three shortcuts, they were unneeded regardless. I am continually trying to remove unnecessary files from my hard drive (to gain room) and so some of the problem may be of my own making. I can't thank you enough for your help in this matter Ricky-D