Got a warning the other night on a Spybot scan of my wife's machine (Windows XP Home 32-bit, Firefox 3.0.5, S&D version 1.6.0.31, Updates of 1/28/2009) for two registry keys supposedly placed by Virtumonde.SCI:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\A8F38D8D-E480-4D52-B7A2-731BB6995FDD
which had a single REG_SZ of NAV Helper
and
HKCR\CLSID\A8F38D8D-E480-4D52-B7A2-731BB6995FDD
Had to rerun in Safe Mode to delete them. No symptoms noted either before or after deletion.
I looked at an old Registry export .reg file (12/06/07 (sic)) and noted the keys there, too. Since I run Spybot weekly, I think this is a new False Positive in the Update noted.
My machine also has them (Windows XP Home 32-bit, FF 3.0.5, S&D 1.6.0.31, Updates of 1/21/2009) but the last scan did not detect the keys. I suspect they're part of Norton Anti-Virus 2006. I run Norton Internet Security 2006 on my machine and Norton System Works 2006 on my wife's.
Thank you.