Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sci on my computer, also a fishy document called @FinalDlg_default_logfile_name


  • Please log in to reply
1 reply to this topic

#1 tyronicus5000

tyronicus5000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 December 2010 - 04:50 PM

Just read about something called Virtumonde online and noticed on my last scan that spybot was scanning files from it so it must be on my computer.
Also found something suspicious in my documents called @FinalDlg_default_logfile_name...

Edited by hamluis, 24 December 2010 - 05:13 PM.
Moved from Win 7 to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 AM

Posted 24 December 2010 - 11:33 PM

I have not used Spybot S&D in years since it is not as effective as other free alternatives. See here - (scroll down and read under Freeware Antispyware Products).

Users not familiar with Spybot have reported they could see the status bar at the bottom of the program display various types of malware and were confused if that meant the computer was infected. This search display is how Spybot performs its scanning routines using its detection list (includes files) some of which have malware looking names with an .sbi extention. This listing of malware during the scan is what Spybot is searching for and does not necessarily mean your system is infected. You only need to be concerned with the search results after the scan has been completed and what items was detected as a threat. Spybot also scans the registry and Virtumonde.sci is a detection commonly found in Browser Helper Objects registry keys.

--- Search result list ---
Virtumonde.sci: [SBI $C747BB01] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Virtumonde.sci: [SBI $53DCC2E2] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{549B5CA7-4A86-11D7-A4DF-000874180BB3}

Virtumonde.sci detections could just be remnants (orphan keys) in the registry left behind from a previous infection. After an anti-virus or anti-malware vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to find more entries which had previously gone undetected by prior scans. In these cases it means the associated physical file(s) are no longer present and the BHO is harmless.

For a second opinion, you may want to download Malwarebytes' Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.


I'm not sure what created FinalDlg_default_logfile_name in your documents but it doesn't appear to be anything of concern from the systems I reviewed where others had the same thing.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users