Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot detecting virtumonde.dll


  • Please log in to reply
1 reply to this topic

#1 wchurchill1945

wchurchill1945

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 27 November 2010 - 02:14 PM

Hi, I'm running XP Pro, and using Firefox, AVG AntiVirus (paid version), malaware bytes (free version), and Spybot (free version). I usually run scans every 2-3 days. During yesterday's scan, AVG and malaware bytes both ran clean, but Spybot gave me a message that it detected virtumonde.dll (listing it as a TrojansC-05), and gave me the option of rebooting after the scan. After Spybot ended, I let Spybot "fix" the infected file (WINDOWS/SYSTEM32/mfc40.dll) and rebooted. After the reboot, Spybot automatically ran again and found 2 files (mfc40.dll SBI $DB0322C4, and mfc40.dll_tobe_deleted SBI $4792FFB9). I again selected "fix", then rebooted again, and again let Spybot do its' automatic run...with the same results (which I sort of expected). I checked the SYSTEM32 folder and the file was still there. I tried to rename the file, which appeared to work...but a file with the original name immediately appeared in the SYSTEM32 folder. I went offline and reran the AVG, malaware bytes, and Spybot scans....same results...I then let Spybot do another after boot scan...same results. My system appears to be running at its' normal speed, and I don't seem to have any pop-ups, or redirect problems. I've just downloaded the latest AdAware installation file (on my other computer...not networked to the problem computer) and was considering installing it on my problem PC and seeing what it might find. I used to run AdAware until last year when, after an AdAware update, it falsely detected a rootkit problem. After spending several days trying to figure the problem out, I determined (through google, etc.) that several other users were having the same problem after the update was installed. So, I'm not a big fan of AdAware. I'm not sure where to go from here...Any help or suggestions would be appreciated...Thanks

BC AdBot (Login to Remove)

 


#2 wchurchill1945

wchurchill1945
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 27 November 2010 - 08:40 PM

Thanks to user "ChuckAmock....I just checked this link ( http://188.165.126.154/showthread.php?t=60590 )and Spybot has verified that this is a false detection. They claim it will be fixed in a new update this coming Wednesday. While I'm glad to hear this news...well, it sort of sucks that I've been running and rerunning scans, etc., since 3PM yesterday afternoon...so I already have 18 hours invested in looking for a non-existent problem. I'm sure that others have been performing similar tasks.......Happy Thanksgiving!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users