Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sdn Infection?


  • Please log in to reply
13 replies to this topic

#1 Madkool

Madkool

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 03:28 PM

I've been running Spybot Search and Destroy, and I keep getting one error, Virtumonde.sdn. Norton is not catching this, nor is Malwarebytes Anti-alware. I have tried fixing the problem, but it shows up scan after scan. My computer is not acting much differently, I have not not been running much slower, and there seems to be no visible problems. The only thing that seems different is that Firefox is not loading as quickly, and sometimes it freezes a bit when I go to the search bar. Not quite sure what to do from here, so any assisstance would be appreciated and welcome. I'm not great at computers, but I am able to follow basic tutorials. Thanks!

BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2009 - 04:53 PM

welcom to this forum :thumbsup: what you can do is to fully update the Malwarebytes program reboot the computer and run another scan ; then post the reports from that scan for someone to check for you ?

#3 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 05:18 PM

welcom to this forum :thumbsup: what you can do is to fully update the Malwarebytes program reboot the computer and run another scan ; then post the reports from that scan for someone to check for you ?


Running a full scan right now. Is it possible it's just a false positive? I was looking here: http://www.bleepingcomputer.com/forums/t/235126/virtumondesdn-problem/
and it seems that they had a similar problem.

#4 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2009 - 05:33 PM

it is possible for it to be a 'false positive '..
when did you last update the Spybot definitions ? If memory serves, I think some people are 'moving away' from trusting that program and are utilising other programs for their protection


as to the Malwarebytes scan, I think it a more preferable idea to run it while you are off line so the computer can concentrate on the scan

Have you considered the use of Superantispyware yet?

http://www.superantispyware.com/

#5 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 05:47 PM

it is possible for it to be a 'false positive '..
when did you last update the Spybot definitions ? If memory serves, I think some people are 'moving away' from trusting that program and are utilising other programs for their protection


as to the Malwarebytes scan, I think it a more preferable idea to run it while you are off line so the computer can concentrate on the scan

Have you considered the use of Superantispyware yet?

http://www.superantispyware.com/


I last updated Spybot definitions right before I scanned today. I've been using Spybot for years, and if this is a false positive, it would would be the first problem I've had. I also don't like having too many programs on my computer at once, so far Norton, Malware Bytes, and Spybot have been doing a good job.

My results of the scan earlier are as follows,

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

6/21/2009 5:45:18 PM
mbam-log-2009-06-21 (17-45-18).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 198726
Time elapsed: 1 hour(s), 51 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Edit: Upon a system restart, I noticed a system 32 command prompt popped up. Not sure if that's a bad sign or not.

Edited by Madkool, 21 June 2009 - 07:46 PM.


#6 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 07:52 PM

Looks like the scan came up clean. Is there a way I can post a detailed result from the Spybot Scan?

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:53 AM

Posted 21 June 2009 - 08:19 PM

You can set Spybot to Advanced view, then click on tools, then click on View Report. That page will list a lot of options of what should be included in the report and it can be quite detailed. I think all you want is to have it show the infections that were found, so you should only have the box checked for "Include results of last check in report". Then click on "View Report" next to the green arrow on top. That will bring up the report and will list many things about the Spybot program that probably won't be too helpful here. I have not had it find anything on my system so I do not know but I am guessing that after the Spybot program info in the report, it will list the things it found and that would be the section of it you might want someone to look at. I would just highlight that part of the report and then copy it and then paste it into a post here.

After checking the Spybot forum, it seems to me the finding of Virtumonde.sdn is probably a false positive

Edited by Stang777, 21 June 2009 - 08:22 PM.


#8 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 08:27 PM

You can set Spybot to Advanced view, then click on tools, then click on View Report. That page will list a lot of options of what should be included in the report and it can be quite detailed. I think all you want is to have it show the infections that were found, so you should only have the box checked for "Include results of last check in report". Then click on "View Report" next to the green arrow on top. That will bring up the report and will list many things about the Spybot program that probably won't be too helpful here. I have not had it find anything on my system so I do not know but I am guessing that after the Spybot program info in the report, it will list the things it found and that would be the section of it you might want someone to look at. I would just highlight that part of the report and then copy it and then paste it into a post here.

After checking the Spybot forum, it seems to me the finding of Virtumonde.sdn is probably a false positive


I checked the list you suggested, and the last detailed malware found was in January. So I'm guessing that's not what you're looking for. I'm going to re run the scan and see if the results from this report will show up.

Edit: Assuming it is a False Positive, is there any current way to fix this problem? Would uninstalling then reinstalling Spybot fix this? Or is this just something that will likely be fixed in a later update?

Edited by Madkool, 21 June 2009 - 08:30 PM.


#9 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:53 AM

Posted 21 June 2009 - 08:37 PM

They do have atleast one form of the false positive for this set to be fixed in their June 24th update.

How long have you been getting this picked up by Spybot? It seems like a lot of people have had this picked up since the June 17th update and some have been confirmed as false positives, did you ever have it picked up before that date?

Edited by Stang777, 21 June 2009 - 08:47 PM.


#10 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 08:48 PM

They do have atleast one form of the false positive for this set to be fixed in their June 24th update.

How long have you been getting this picked up by Spybot?


I haven't run Spybot in ~1 month I believe (possibly later). I updated and ran it today. I have mostly been relying on Norton Scans and MalwareBytes.

#11 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:53 AM

Posted 21 June 2009 - 08:52 PM

Since you are not having any problems with the computer and Malwarebytes is not picking this up and Spybot did not pick it up before the June 17th update that has been known to cause false positives on this one, I would lean towards it being a false positve and try not to worry about it. I would wait until after the June 24th update and see what happens when you scan then.

In the meantime, I would also download and run SuperAntiSpyware just to confirm there isn't anything harmful on your computer. Since none of the programs are running realtime protection, there is no reason to be concerned about running too many of them. Malwarebytes and SuperAntiSpyware find different things quite often, you should have both.

Edited by Stang777, 21 June 2009 - 08:55 PM.


#12 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 09:19 PM

Since you are not having any problems with the computer and Malwarebytes is not picking this up and Spybot did not pick it up before the June 17th update that has been known to cause false positives on this one, I would lean towards it being a false positve and try not to worry about it. I would wait until after the June 24th update and see what happens when you scan then.

In the meantime, I would also download and run SuperAntiSpyware just to confirm there isn't anything harmful on your computer. Since none of the programs are running realtime protection, there is no reason to be concerned about running too many of them. Malwarebytes and SuperAntiSpyware find different things quite often, you should have both.


Ok, I downloaded, installed, and updated SuperAntiSpyware. I will post a log of what it finds once it finishes running. (:

#13 Madkool

Madkool
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 June 2009 - 10:25 PM

This was the scan result. Doesn't look like anything serious. So unless it's a very elusive trojan, I think it's probably a false positive.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2009 at 08:18 PM

Application Version : 4.26.1004

Core Rules Database Version : 3949
Trace Rules Database Version: 1891

Scan type : Complete Scan
Total Scan Time : 01:00:17

Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 5890
Registry threats detected : 0
File items scanned : 19324
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\Sammy\Cookies\sammy@adinterax[2].txt
C:\Documents and Settings\Sammy\Cookies\sammy@specificmedia[1].txt
C:\Documents and Settings\Sammy\Cookies\sammy@intermundomedia[2].txt

#14 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:53 AM

Posted 21 June 2009 - 10:49 PM

This was the scan result. Doesn't look like anything serious. So unless it's a very elusive trojan, I think it's probably a false positive.

Scan looks good so I agree, try to quit worrying




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users