Fixed: Virtumonde.Dll false positive

P

polle

New member
Operating System: Windows Vista Home SP1
Browser and Version: Internet Explorer 7
Version of Spybot S&D: 1.6.0.31
Date of the latest update: 26-08-2008
Where did the false positive occur: Scan result

--- Report generated: 2009-08-26 21:43 ---

Virtumonde.Dll: [SBI $8347FF87] Instellingen (Registerwaarde., nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs= C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL; C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll;

Processes belong to Google Desktop & Kaspersky AV.

Both programs are installed on my system since a long time.
Previous S&D scan on 2009-08-15 turned up clean.

Kaspersky AV scan: clean
Adaware scan: clean

I searched for extra info on Virtumode.dll with google.
I could not find any of the files, processes or registry keys associated with Virtumonde.dll on my system.
 
Thank you for reporting this false positive.
This false positive occurs due to a version flag in the recent detection update in combination with an outdated version of Spybot S&D.
To fix this false positive please make sure to install the most recent version of Spybot S&D, this is currently 1.6.2.

Detection rules will also be modified, the next update is scheduled for Wednesday 2009-09-02.
 
hello,

ouch! I received this message on Saturday. If you look back to the first post all I got was the text up to DLLs=. Because of this I have no idea what programs were referred to, so can only assume it was also Kaspersky and Google. Now, I acted on the spybot result and clicked "fixed selected problem". Now what do I do? Will there be a detrimental effect on my Kaspersky anti-virus? Over the past couple of days updates to Kaspersky have been coming in and so I am hoping all is ok. I would be grateful for any advice on this.
 
hello,

you can use Spybot S&Ds recovery function to restore the entries that you fixed.

If you want to check out the entries in the registry open the registry editor and navigate to : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
the data there will reference a couple of dll files, some of them may be different than the ones from polle's post. Security software is ok to be entered at this location while all others are suspicious.
 
thanks for your reply Yodama. I will check the registry entry as you suggest. I'm hoping all is ok with Kaspersky as I'm still getting the updates each day. I guess all these sorts of happenings are a learning curve for us computer users!
 
Re virtuemondII

I have been using the search and destroy repeatedly and this will say prob. fixed the run scan again( up to 10 times in a row till comes up clean then sometimes a couple hrs later its back.
Not a real good tech guy hear but can follow directions.
Tried to find the 1.6.2 version but don't seem to be able to locate it.
Am I missing something simple.
Any help would be eternally appreciated
 
propower said:
I have been using the search and destroy repeatedly and this will say prob. fixed the run scan again( up to 10 times in a row till comes up clean then sometimes a couple hrs later its back.
Not a real good tech guy hear but can follow directions.
Tried to find the 1.6.2 version but don't seem to be able to locate it.
Am I missing something simple.
Any help would be eternally appreciated
Click to expand...

try this Link for the download of Spybot S&D 1.6.2
 
You must log in or register to reply here.
Back
Top