Virtumonde.SCI detected on NAV Helper BHO

[The Phlebob]

Got a warning the other night on a Spybot scan of my wife's machine (Windows XP Home 32-bit, Firefox 3.0.5, S&D version 1.6.0.31, Updates of 1/28/2009) for two registry keys supposedly placed by Virtumonde.SCI:

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\A8F38D8D-E480-4D52-B7A2-731BB6995FDD
which had a single REG_SZ of NAV Helper

and

HKCR\CLSID\A8F38D8D-E480-4D52-B7A2-731BB6995FDD

Had to rerun in Safe Mode to delete them. No symptoms noted either before or after deletion.

I looked at an old Registry export .reg file (12/06/07 (sic)) and noted the keys there, too. Since I run Spybot weekly, I think this is a new False Positive in the Update noted.

My machine also has them (Windows XP Home 32-bit, FF 3.0.5, S&D 1.6.0.31, Updates of 1/21/2009) but the last scan did not detect the keys. I suspect they're part of Norton Anti-Virus 2006. I run Norton Internet Security 2006 on my machine and Norton System Works 2006 on my wife's.

Thank you.

[Yodama]

hello,

thank you for reporting this issue, it will be fixed with the next detection update scheduled for this Wednesday