Fixed: Is "Virtumonde.sci" FP??

samtso · Jul 5, 2010

I updated the latest definition, but still got this result, same as last week:

--- Report generated: 2010-07-05 14:57 ---

Virtumonde.sci: [SBI $4F4EEBA5] Class ID (登錄檔數值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{ACBCF095-E8C0-420F-8769-2845D9B92E8C}\InprocServer32\=...C:\Program Files\FlashGet\jccatch.dll...

Virtumonde.sci: [SBI $98980AB3] Class ID (登錄檔鍵值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{ACBCF095-E8C0-420F-8769-2845D9B92E8C}

Virtumonde.sci: [SBI $C74569A6] 資料庫 (檔案, nothing done)
C:\Program Files\FlashGet\jccatch.dll
Properties.size=94308
Properties.md5=F75511A4E8C213D088BA7E53BA0CC4DA
Properties.filedate=1186391518
Properties.filedatetext=2007-08-06 17:11:58

Virtumonde.sci: [SBI $98B8218B] Class ID (登錄檔數值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32\=...C:\Program Files\FlashGet\jccatch.dll...

Virtumonde.sci: [SBI $88FD8DA6] Class ID (登錄檔鍵值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090310) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-03-11 SpybotSD.exe (1.6.3.51)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-16 Includes\Adware.sbi (*)
2010-06-22 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-06-22 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-06-22 Includes\HijackersC.sbi (*)
2010-06-22 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-06-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-06-22 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-06-23 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-06-22 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-16 Includes\Spyware.sbi (*)
2010-06-22 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi (*)
2010-06-22 Includes\TrojansC-02.sbi (*)
2010-06-22 Includes\TrojansC-03.sbi (*)
2010-06-22 Includes\TrojansC-04.sbi (*)
2010-06-22 Includes\TrojansC-05.sbi (*)
2010-06-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

---------------------------------------------------------
I am using WinXP SP3 + IE8

Thanks for your kind attention,

mddawson · Jul 5, 2010

I have the same issue with the file jccatch.dll and 4 associated registry entries showing as infected with virtumonde.sci. The file is part of Flashget 1.9.6.

At no time has the computer acted as if infected and I can easily remove the infected file with Spybot or just deleting it.

One strange thing is that it is only showing on my laptop running Windows 7 while my PC running XP shows no problem. I even copied the jccatch.dll file from the PC to the laptop which then showed as infected.

Yodama · Jul 6, 2010

I can confirm this false positive with Flashget, the detection database will be fixed with the next update scheduled for Wednesday 2010-07-07.

samtso · Jul 6, 2010

Thanks a lot!

samtso · Jul 12, 2010

FP - Virtumonde.sci still there

Yodama said:
I can confirm this false positive with Flashget, the detection database will be fixed with the next update scheduled for Wednesday 2010-07-07.

Hi Yodama,

the dll file and two registry still not fixed yet, below is the latest scan result:
--------------------------------------------------------------------------
Virtumonde.sci: [SBI $98B8218B] Class ID (登錄檔數值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32\=...C:\Program Files\FlashGet\jccatch.dll...

Virtumonde.sci: [SBI $88FD8DA6] Class ID (登錄檔鍵值, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}

Virtumonde.sci: [SBI $B96421CF] 資料庫 (檔案, nothing done)
C:\Program Files\FlashGet\jccatch.dll
Properties.size=94308
Properties.md5=F75511A4E8C213D088BA7E53BA0CC4DA
Properties.filedate=1186391518
Properties.filedatetext=2007-08-06 17:11:58

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090310) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-03-11 SpybotSD.exe (1.6.3.51)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-06 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-06 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

-------------------------------------------------------------------------
Please help, thanks!

Yodama · Jul 13, 2010

must have somehow slipped, will be fixed with the update scheduled for tomorrow Wednesday 2010-07-14.

samtso · Jul 15, 2010

Yodama said:
must have somehow slipped, will be fixed with the update scheduled for tomorrow Wednesday 2010-07-14.

Thanks, it's fixed now :bigthumb:

Cheers!

Fixed: Is "Virtumonde.sci" FP??

samtso

New member

mddawson

New member

Yodama

New member

samtso

New member

samtso

New member

Yodama

New member

samtso

New member