Virtumonde.sci on my computer, also a fishy document called @FinalDlg_default_logfile

BleepingComputer.com: Virtumonde.sci on my computer, also a fishy document called @FinalDlg_default_logfile_name

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Virtumonde.sci on my computer, also a fishy document called @FinalDlg_default_logfile_name Read about this virus online but it seems it's not a problem?

#1 tyronicus5000

New Member

Group: Members
Posts: 4
Joined: 28-August 10

Posted 24 December 2010 - 04:50 PM

Just read about something called Virtumonde online and noticed on my last scan that spybot was scanning files from it so it must be on my computer.
Also found something suspicious in my documents called @FinalDlg_default_logfile_name...

This post has been edited by hamluis: 24 December 2010 - 05:13 PM
Reason for edit: Moved from Win 7 to Am I Infected ~ Hamluis.

#2 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,516
Joined: 09-July 05
Gender:Male
Location:Virginia, USA

Posted 24 December 2010 - 11:33 PM

I have not used Spybot S&D in years since it is not as effective as other free alternatives. See here - (scroll down and read under Freeware Antispyware Products).

Users not familiar with Spybot have reported they could see the status bar at the bottom of the program display various types of malware and were confused if that meant the computer was infected. This search display is how Spybot performs its scanning routines using its detection list (includes files) some of which have malware looking names with an .sbi extention. This listing of malware during the scan is what Spybot is searching for and does not necessarily mean your system is infected. You only need to be concerned with the search results after the scan has been completed and what items was detected as a threat. Spybot also scans the registry and Virtumonde.sci is a detection commonly found in Browser Helper Objects registry keys.

Quote

--- Search result list ---
Virtumonde.sci: [SBI $C747BB01] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Virtumonde.sci: [SBI $53DCC2E2] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Virtumonde.sci detections could just be remnants (orphan keys) in the registry left behind from a previous infection. After an anti-virus or anti-malware vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to find more entries which had previously gone undetected by prior scans. In these cases it means the associated physical file(s) are no longer present and the BHO is harmless.

For a second opinion, you may want to download Malwarebytes' Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.

I'm not sure what created FinalDlg_default_logfile_name in your documents but it doesn't appear to be anything of concern from the systems I reviewed where others had the same thing.

Microsoft MVP - Consumer Security 2007-2012