Fixed: False Positive with Virtumonde.sdn ?

T

TrucMuche

New member
Hello Spybot team,

I just ran a scan with the most recent version of Spybot S&D and I got these 2 detections flagged as Virtumonde.sdn.
Can you please tell if they are false positive ?

Here are the details :

Operating System : Vista Home Premium SP2 x64
Browser : Firefox 3.6.3
Version of Spybot : 1.6.2.46
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

--- Report generated: 2010-05-09 06:06 ---

Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
C:\Program Files (x86)\StarOffice9\Sun\StarOffice 9\Basis\program\bat.dll
Properties.size=98304
Properties.md5=42D6BF00274F8BE3EAEC41920D5F8C52
Properties.filedate=1239920168
Properties.filedatetext=2009-04-16 15:16:08

Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
C:\Windows\Installer\$PatchCache$\Managed\412BFE77AC5044E41A43D2C47A6C2538\9.1.9399\bat.dll
Properties.size=98304
Properties.md5=42D6BF00274F8BE3EAEC41920D5F8C52
Properties.filedate=1239920168
Properties.filedatetext=2009-04-16 15:16:08

Thanks in advance for any help.
 
Hey,

no, they are not. But thanks for reporting this issue perfectly. :bigthumb: A fixed detection file will be published on Wednesday. Thanks again for reporting! :rockon:

best regards,
Buster
 
Hi Buster,
Thanks for your answers.
Let me double check my understanding of what you said :
- these 2 files are true malwares / trojans and I need to get rid of them
- and if I have updated my spybot with the most recent files and signatures etc of Wednesday 05/12, then I can clean them up effectively after doing a new scan.
Am I correct ?
Thanks.
 
Hi Buster and Spybot team,

I just ran a scan on a different machine, an other Laptop that I have running Windows XP and here is what I have also with Virtumonde.sdn :
- Operating System : Windows XP Pro SP2
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
- Browser : Firefox 3.6
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
--- Search result list ---
Virtumonde.sdn: [SBI $CAB94FF0] Downloaded program file (File, nothing done)
C:\Program Files\Oracle\Oracle Open Office 3\program\bat.dll
Properties.size=98304
Properties.md5=B7AB2EE7D4C8487EBD2DF5412251D2A4
Properties.filedate=1269474529
Properties.filedatetext=2010-03-24 16:48:49

As you noticed, this time I have a similar "bat.dll" file in the "Oracle Open Office 3" directory instead of the "Sun StarOffice 9" directory.
These 2 "Office" programs are being a version of each other, could this "bat.dll" be not harmful ?
Thanks for any guidance.
 
You must log in or register to reply here.
Back
Top