Results 1 to 4 of 4

Thread: False Positive with Virtumonde.sdn ?

  1. #1
    Junior Member
    Join Date
    Sep 2009
    Posts
    17

    Default False Positive with Virtumonde.sdn ?

    Hello Spybot team,

    I just ran a scan with the most recent version of Spybot S&D and I got these 2 detections flagged as Virtumonde.sdn.
    Can you please tell if they are false positive ?

    Here are the details :

    Operating System : Vista Home Premium SP2 x64
    Browser : Firefox 3.6.3
    Version of Spybot : 1.6.2.46
    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    --- Report generated: 2010-05-09 06:06 ---

    Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
    C:\Program Files (x86)\StarOffice9\Sun\StarOffice 9\Basis\program\bat.dll
    Properties.size=98304
    Properties.md5=42D6BF00274F8BE3EAEC41920D5F8C52
    Properties.filedate=1239920168
    Properties.filedatetext=2009-04-16 15:16:08

    Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
    C:\Windows\Installer\$PatchCache$\Managed\412BFE77AC5044E41A43D2C47A6C2538\9.1.9399\bat.dll
    Properties.size=98304
    Properties.md5=42D6BF00274F8BE3EAEC41920D5F8C52
    Properties.filedate=1239920168
    Properties.filedatetext=2009-04-16 15:16:08

    Thanks in advance for any help.

  2. #2
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Hey,

    no, they are not. But thanks for reporting this issue perfectly. A fixed detection file will be published on Wednesday. Thanks again for reporting!

    best regards,
    Buster
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Sep 2009
    Posts
    17

    Default

    Hi Buster,
    Thanks for your answers.
    Let me double check my understanding of what you said :
    - these 2 files are true malwares / trojans and I need to get rid of them
    - and if I have updated my spybot with the most recent files and signatures etc of Wednesday 05/12, then I can clean them up effectively after doing a new scan.
    Am I correct ?
    Thanks.

  4. #4
    Junior Member
    Join Date
    Sep 2009
    Posts
    17

    Default

    Hi Buster and Spybot team,

    I just ran a scan on a different machine, an other Laptop that I have running Windows XP and here is what I have also with Virtumonde.sdn :
    - Operating System : Windows XP Pro SP2
    --- System information ---
    Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
    - Browser : Firefox 3.6
    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
    --- Search result list ---
    Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
    C:\Program Files\Oracle\Oracle Open Office 3\program\bat.dll
    Properties.size=98304
    Properties.md5=B7AB2EE7D4C8487EBD2DF5412251D2A4
    Properties.filedate=1269474529
    Properties.filedatetext=2010-03-24 16:48:49

    As you noticed, this time I have a similar "bat.dll" file in the "Oracle Open Office 3" directory instead of the "Sun StarOffice 9" directory.
    These 2 "Office" programs are being a version of each other, could this "bat.dll" be not harmful ?
    Thanks for any guidance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •