Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sdn Problem


  • Please log in to reply
7 replies to this topic

#1 jsos1298

jsos1298

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 19 June 2009 - 09:37 AM

I recently had "Virtumonde.sdn" show up when I ran a Spybot - Search and Destroy scan. The whole problem message read - Virtumonde.sdn and in the expanded window the following was include (SBI $75457FE7) Library C:\Windows\System32\rpcnet.dll.

Initially Spybot could not fix the problem so then I also ran MalewareBytes, VundoFix, Virtumondebegone, and SuperAnitSpyware. None of the programs found a problem.

I then ran Spyboy in safe mode. Again, Spybot found the same problem but this time it was able to fix it. When the computer restarted in normal mode the Spybot began automatically and searched and found the problem again. Again it said it fixed the problem. However every time I restart the computer and run a scan the problem resurfaces. I tried disabling the restore points and went through the same process with the same results.

I am running Windows Vista Home Basic.

Any help getting rid of this would be appreciated.

Thanks,
Jim

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2009 - 10:27 AM

Hi,

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#3 jsos1298

jsos1298
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 21 June 2009 - 07:51 AM

I followed the steps that you outlined. A copy of the report is included below. The scanner didn't find any problems.

What next?

Jim

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 21, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, June 21, 2009 07:51:36
Records in database: 2373172
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101344
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:19:07

No malware has been detected. The scan area is clean.

The selected area was scanned.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 21 June 2009 - 08:24 AM

Hi,

I think this is just a false positive from Spybot S&D. See also here: http://www.processlibrary.com/directory/files/rpcnet/417732/

:thumbsup:

#5 jsos1298

jsos1298
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 June 2009 - 09:26 PM

That is a relief to know that it is just a false positive. Is there anyway to prevent this from coming up on the scans.


Thanks,
Jim

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2009 - 12:38 AM

No. I don't remember if Spybot has a whitelist? If so, you can add the file to that lit. If not, you can just ignore it.

#7 jsos1298

jsos1298
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 22 June 2009 - 07:06 AM

Okay. Thank you for your help.

Jim

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2009 - 07:09 AM

You're most welcome. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users