virtumonde.sdn

[knipper]

Recently due to a problem on another computer (Which I have posted a thread for) I wanted to check my laptop again. I use several tools, MBAM, SuperAntiSpyware, Spybot S&D, and also use AVG 9.0 anti-virus.

I did come up with a couple trojans (1 on each malware program), nothing with AVG... but spybot shows 2 instances of virtumonde.sdn - Which I has a run-in with on late 2008.

Here is a bit from the ss&d log:
Virtumonde.sdn: [SBI $29141721] Executable (File, nothing done)
C:\WINDOWS\system32\oVpO9PU.vbs
Properties.size=615
Properties.md5=768466EA2059580A84F9C0E68D94C644
Properties.filedate=1241406564
Properties.filedatetext=2009-05-03 22:09:24

Virtumonde.sdn: [SBI $29141721] Executable (File, nothing done)
C:\WINDOWS\system32\wZbfr.vbs
Properties.size=615
Properties.md5=768466EA2059580A84F9C0E68D94C644
Properties.filedate=1241401899
Properties.filedatetext=2009-05-03 20:51:39

I re-ran all other malware programs, and AVG, nothing else shows it.

Tips?

[Gopher John]

You could upload the two .vbs files to VirusTotal to see if any of the other antivirus programs the site uses finds anything.

[knipper]

Yep... checking through the link you supplied several antivirus sites showed both files as containing a virus.

Luckily, It appears I have been successful in cleaning this without too much problem.

I've rescanned the computer multiple times with my malware programs, brought the system back to normal, and no issues so far.

Oddly, I had no symptoms prior to the fins.

Thanks!