I'm not sure....I'm using Vista. Every time I scan, it detects Virtumonde, in c:Win/sys32/zipfldr.DLL. So I run the program as Administrator, and clean it. Then when I reboot, and Spybot starts it auto search, there it is again! So I'm wondering is it not really cleaning it or what? Anyone have an idea? Thanks!
Fixed: Virtumonde all the time
- Thread starter dlbhina
- Start date
Hi kenmur,
:welcome: to Safer Networking Forums.
It sounds like a false positive from Spybot 1.5.x . But this verison is out of date. If you use this version, I would like to uninstall Spybot 1.5.2, reboot your computer, delete all leavings manually and install Spybot 1.6.2 from here.
For the two of you:
Which version of Spybot do you use?
:welcome: to Safer Networking Forums.
It sounds like a false positive from Spybot 1.5.x . But this verison is out of date. If you use this version, I would like to uninstall Spybot 1.5.2, reboot your computer, delete all leavings manually and install Spybot 1.6.2 from here.
For the two of you:
Which version of Spybot do you use?
Last edited:
You're welcome. :bigthumb:
should I upgrade also?
While I have not seen any classic symptoms of "Virtumonde", I always seem to find it in a scan.
I've been getting a simular false positive on a dll file or dll files that come under different names. Always in the C:\WINNT\system32 area.
Copying one of them and renaming to a txt file displays a company name in the file as: w w w . h e l i x c o m m u n i t y . o r g
This relates to RealPlayer (which I've tried to remove many times).
My version of S&D is 1.5.2.20
What worries me is the advice; "delete all leavings manually".
So if one does miss something, then what?
TIA,
Gerry
PS: While I donated many years ago, as soon as this old retired fart get's some expendable cash, I will do so again.
While I have not seen any classic symptoms of "Virtumonde", I always seem to find it in a scan.
I've been getting a simular false positive on a dll file or dll files that come under different names. Always in the C:\WINNT\system32 area.
Copying one of them and renaming to a txt file displays a company name in the file as: w w w . h e l i x c o m m u n i t y . o r g
This relates to RealPlayer (which I've tried to remove many times).
My version of S&D is 1.5.2.20
What worries me is the advice; "delete all leavings manually".
So if one does miss something, then what?
TIA,
Gerry
PS: While I donated many years ago, as soon as this old retired fart get's some expendable cash, I will do so again.
Last edited:
spybotsandra
New member
Hello,
This is a false positive in older versions.
You seem to be using a dated version of Spybot-S&D.
Please uninstall Spybot - Search & Destroy according to the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Then download our current version Spybot - Search & Destroy 1.6.2. That should fix it.
You will find links to several download locations for this new version on our web site:
http://www.safer-networking.org/en/mirrors/index.html
Best regards
Sandra
Team Spybot
This is a false positive in older versions.
You seem to be using a dated version of Spybot-S&D.
Please uninstall Spybot - Search & Destroy according to the following link:
http://www.safer-networking.org/en/howto/uninstall.html
Then download our current version Spybot - Search & Destroy 1.6.2. That should fix it.
You will find links to several download locations for this new version on our web site:
http://www.safer-networking.org/en/mirrors/index.html
Best regards
Sandra
Team Spybot