Fraud.UPSInvoice and Virtumonde.sdn found : False positives ?

[TrucMuche]

Hello SpyBot S&D team,
I am running a scan on a laptop with the following config and the tool found a few potential threats :

- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) : last updated on Friday 14 May.
- Firefox 3.6
- OS : Windows XP Professional (Build: 2600) Service Pack 2 (5.1.2600)

--- Search result list ---
Fraud.UPSInvoice: [SBI $4898E396] Downloaded program file (File, nothing done)
C:\Program Files\Common Files\GTK\2.0\bin\gtk-query-immodules-2.0.exe
Properties.size=25050
Properties.md5=3ECFC716919C100857258F6AF54E6203
Properties.filedate=1236002268
Properties.filedatetext=2009-03-02 06:57:48

Fraud.UPSInvoice: [SBI $4898E396] Downloaded program file (File, nothing done)
C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
Properties.size=20750
Properties.md5=EF3A00413BD3D15F3807F6AD35E95C60
Properties.filedate=1236002200
Properties.filedatetext=2009-03-02 06:56:40

Fraud.UPSInvoice: [SBI $4898E396] Downloaded program file (File, nothing done)
C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
Properties.size=21329
Properties.md5=AD7FDFD35C2672BD446EE99793275490
Properties.filedate=1236002204
Properties.filedatetext=2009-03-02 06:56:44

Fraud.UPSInvoice: [SBI $4898E396] Downloaded program file (File, nothing done)
C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
Properties.size=23858
Properties.md5=55384739DB66F2FE0E2929A6E2677427
Properties.filedate=1236002204
Properties.filedatetext=2009-03-02 06:56:44

Virtumonde.sdn: [SBI $D2777D3A] Downloaded program file (File, nothing done)
C:\WINDOWS\I386\Drivers\R200\Video\Win2000\ialmcoin.dll
Properties.size=61440
Properties.md5=7C3BCA0EE18DD307C9CC878D9B7C7DFD
Properties.filedate=1109116440
Properties.filedatetext=2005-02-22 16:54:00

Virtumonde.sdn: [SBI $D2777D3A] Downloaded program file (File, nothing done)
C:\WINDOWS\I386\Drivers\R500\Video\Win2000\ialmcoin.dll
Properties.size=61440
Properties.md5=B53A16CD9BCCA100A91AA7EB673BE822
Properties.filedate=1151694820
Properties.filedatetext=2006-06-30 12:13:40

Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
C:\Program Files\Oracle\Oracle Open Office 3\program\bat.dll
Properties.size=98304
Properties.md5=B7AB2EE7D4C8487EBD2DF5412251D2A4
Properties.filedate=1269474529
Properties.filedatetext=2010-03-24 16:48:49

Please note that this last entry is the same entry I referred to in my other thread opened for a Vista machine with 2 Virtumonde.sdn found on "bat.dll" file, but with the "Sun Microsystems StarOffice 9" program instead of the new "Oracle OpenOffice 3" program.

Thanks for any guidance on any of the above entries.

[Yodama]

Thank you for reporting theses issues.

These false positives will be corrected with the next detection update scheduled for Wednesday 2010-05-19

Please also note that it appears that you added your Windows and Program files folder to the download directories within Spybot S&D, this will cause the scan duration to be a lot higher and is not recommended for a regular scan.

[TrucMuche]

Hello Yodama,
Thanks for acknowledging on these findings.
And Thanks for the comment on the "download" directories I will remove "C:" from that section before the next scan.
Appreciate it.