Hello Spybot Team,

Today I've made a "Check for problems" with Spybot SD v1.4 with latest updates and it found 2 bad results named "Virtumonde". The one was a registry key called "Root class: HKEY_LOCAL_MACHINE\Software\Classes\WR" and the other one was a file with the following full path: "C:\WINDOWS\system32\llbcjv.dll". The registry key was successfully deleted and quarantined, but the "llbcjv.dll" file couldn't be deleted and so Spybot offered me to run a checkup on WINDOWS startup. I said "Yes" and the checkup on startup was made and the file was listed again in the results list but again it couldn't be deleted. Then I've made a backup of that file (for safety) and deleted it manually from within Windows Explorer. The deletion went perfectly without the "Can't delete file..." warning message. After that I've run a new check and Spybot didn't find anything. So ... I'm a little confused ... is this file really a threat? Or is a false positive? And why couldn't Spybot delete it? I have a backup copy of that file - do you want me to send it to you or attach it here in the forum (in order for you to analyze it)? Just tell me and I'll do it.

Thank you for the help in advance!
Best wishes!