Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 spinnell


  • Members
  • 12 posts
  • Local time:08:20 AM

Posted 21 December 2010 - 10:51 AM

I have been trying to clean up a friend's machine, after working on it a couple of days all scans seem to be clean. My question here is, when spybot scan is running it shows file names running across the bottom of the window, are these files that are on the machine that spybot is looking through or are they files that spybot is searching for that may be on the machine? I hope that's not confusing.

example: while scanning it goes through many file names including win32.onlinegames.(many variations here) and virtumonde.sci (it hangs on this for most of the scan) but returns a clean report. I have tried the vundofix and virtumondebegone, neither found anything.

AVG Free 2011 AntiVirus
also using Spybot S&D and MBAM (all up to date)

Windows Vista Home Premium 32-bit
Acer Aspire 5920
Intel Core 2 Duo T5450
160 GB HDD

if I left any important info out I apologize!! and will be glad to submit more info!! and thanks in advance :)

Edited by spinnell, 21 December 2010 - 11:28 AM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,609 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 AM

Posted 21 December 2010 - 10:22 PM

I have not used Spybot S&D in years since it is not as effective as other free alternatives. See here - (scroll down and read under Freeware Antispyware Products).

However, I have read comments at the Spybot forum by users who reported they could see the status bar at the bottom searching for various types of malware. This search is how Spybot performs its scanning routines using its detection list (includes files) some of which have malware looking names with an .sbi extention. Spybot also scans the registry and Virtumonde.sci is a detection commonly found in Browser Helper Objects registry keys.

--- Search result list ---
Virtumonde.sci: [SBI $C747BB01] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Virtumonde.sci: [SBI $53DCC2E2] Class ID (Registry key, nothing done)

Virtumonde.sci detections could just be remnants (orphan keys) in the registry left behind from a previous infection. After an anti-virus or anti-malware vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to find more entries which had previously gone undetected by prior scans. In these cases it means the associated physical file(s) are no longer present and the BHO is harmless.

As a precaution, you may want to download Malwarebytes' Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users