Virtumonde.sdn

Discussion in 'ESET Smart Security' started by Handries, Feb 10, 2010.

Thread Status:
Not open for further replies.
  1. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Tonight I scanned my computer with Spybot S&D and it found malware called: "Virtumonde.sdn" which was not detected by ESS how come that it was missed?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    While the SpyBot scanning criteria has some similarities, the item flagged by SpyBot should be examined by the folks at the support venue for that product.
    You may submit the suspect file as Ron instructed, if you are able to retrieve it for submission.

    This is how your Safer-Networking product identifies this threat.
     
    Last edited: Feb 10, 2010
  4. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Sorry, but I can't retrieve that file as Spybot S&D removed it from my computer.
    Hopefully it won't decide to make a return appearance:rolleyes:
    Also I've now activated Spybot Resident Teatimer, which I understand will not interfere with ESS as its not an antivirus component, maybe that helps with more protection.
    Thanks Siljaline for the description of that file.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You are welcome for the identity of the threat, however you are quite likely infected with Virtumonde.sdn or a variant.
    See these options as to where you may seek infection assistance and how to prepare for it prior to seeking assistance.
     
    Last edited: Feb 11, 2010
  6. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Is that really necessary as when the Spybot S&D scan was complete I checked that file for deletion, so I figured that the infection should be gone by now.
    Also I have Super AntiSpyware installed and I will run a scan with that one as well, just to make sure.
     
    Last edited: Feb 11, 2010
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    As I had earlier you should seek help for your Safer-Networking product at the venue where it is supported.
    Assuming the pest has been eradicated and comfirming 100% are two different animals. It is up to you at this juncture to decide what to do next.
     
  8. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Super AntiSpyware, with their latest definitions installed, finished scanning my system and did not find any harmful sofware on my computer .
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I have found these relevant threads for you, I suggest you read them and seek support there. Wilder's cannot provide support for third-party software.
     
  10. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    I checked this out, however I have no symptoms of infection on my system, at this time.
    Thanks.
     
    Last edited: Feb 11, 2010
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Did you physically post a log to the thread I mentioned at Safer-Networking ?
    If so, please post back the URL here so that we may review the findings.
     
  12. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    As suggested on the Safer-Networking Forum, before doing anything else I ran another Spybot S&D scan and that Virtumonde.sdn malware is gone and my system is clean.
    So there is no need for me to pursue this matter any further, by posting a log etc.
    Anyway, thanks siljaline for your care and suggestions.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Although I would have much preferred seeing a log analysed by the folks at Safer-Networking, I cannot force you to do what you are not willing to do.

    If repeated SpyBot scans are showing that Virtumonde.sdn is fully eradicated, then you have a clean bill of health, though, you should run SpyBot repeatedly for this infestation and consider that you may,
    soon, have to submit a full log to the folks at Safer-Networking.
     
  14. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Please, note the advice given on: http://forums.spybot.info/showthread.php?t=288 As you will note that they state: "If you have no symptoms of infection there is no need to post a log in this forum, (as in requesting a 'checkup' for no malware removal reason but only to show a log)".
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Your follow-up notes are appreciated, thank you.

    Please post back if we can be of further assistance to you.
     
Thread Status:
Not open for further replies.