Probably won't need to as it keeps coming back anyway lol
It is on c:\Windows/system32/mfc40.dll and
c:\Windows/system32mfc40.dll_tobe_deleted
(Kind: trojan c-05) everytime
Probably won't need to as it keeps coming back anyway lol
It is on c:\Windows/system32/mfc40.dll and
c:\Windows/system32mfc40.dll_tobe_deleted
(Kind: trojan c-05) everytime
S&D found this file on my pc, then a strange message about reboot to remove now yes/no still half way through the scan.
So I deleted the file (no qurantine?) and rebooted, then it started on some other type of scan which went on forever.
Then it turns out to be a false positive, if it wasn't for the fact that this could happen with any malware scanner I would uninstall S&D.
I am now doing another scan so don't know if its still there.
I found the file on another pc if anyone wants to download it (win7)
http://www.mediafire.com/?byaufxrnj2v9bzh
Glad I came here and saw Namrepus's post about the alleged Virtumonde. I have exactly the same (mfc40.dll)
and have been worrying what on earth it is, and why my Norton hasnt picked it up. So what is it please??
Thankyou.
Last edited by tashi; 2010-11-29 at 19:28. Reason: Moved from the malware removal forum and merged
Unfortunatly, in my post. Mfc40.dll is not mentioned as well as it not being in any log from spybot. Its a different file that I keep getting than mfc40.dll
I just think spybot is giving a false positive because other checkers specifically for vundo infections aren't finding the same thing or anything at all.
The mfc40.dll ist used by older versions of Visual C++ and Visuals Studio, it could also be used by other C/C++ based software.
Yesterday on Monday 29.12.2010 we released an update to fix this false positive.
If somehow Spybot S&D managed to remove the mfc40.dll you can restore it with the built in recovery function from Spybot S&D.
@Namrepus221
if you have a different possible false positive follow the steps here
on how to report a false positive. Just posting that it is about Virtumonde.dll is not enough since our database has several hundred thousand entries concerning Virtumonde.
@Yodama
Apologies this is my first post (yes I'm a newbie) and if I was supposed to start a new thread then let me know and I will. My question is not about mfc40.dll or false positive.
It's about dectecting and removing Virtumonde. I have SpybotS&D (version 1.6.2.46) using from a USB of HirensBootCD running its MiniXP. I did a scan on my laptop which I know has issues trojans etc. The SpybotS&D scan has reported many. One in particular is :-
Vitumonde.dll (threat TrojansC-05). Reading the bottom of the description it says:
"Removal requires reboot, the internet Explorer should not be used when infected with Virtumonde. For further help with removal please contact Team Spy S&D via email detections@spybot.info or furums: http://forums.spybot.info/"
That is why I am here.
So if I allow spybotS&D to clean this trojan and reboot is that enough and I can start using IE again?
OR is there some extra steps to do from this forum to remove Vitumonde.dll (threat TrojansC-05)?
Many Thanks.
Kind Regards,
Sleep
If you are using Spybot S&D from a bootcd it will be able to remove all entries it finds since the malware is not able to run and protect itself. However with a threat like Virtumonde it is possible that parts of it evade detection by pure diversity. So before you start using the IE again you should make sure that there are no more Virtumonde files on your computer that can be started.
To do that you can send in a Spybot S&D report file (right click the scan results screen and choose to save a full report) or you can check this yourself by looking at the entries for BHO and System Startup and looking up the entries you find. Most Virtumonde infection use random names for dynamic library files (dll) and tries to load them via BHO, System Startup and Winlogon.