Virtumonde.dll trojan C-05: Superantispyware cannot find Spybot did....cannot remove it! Suggestions

[Bob]

How can I have this removed?
Suggestions so far is to use SuperAntiSpyware in safe mode
but does not detect it!

Any suggestions as to what software I can use to successfully
remove this item?

Bob.

 

[David H. Lipman]

From: "Bob" <[email protected]>

| How can I have this removed?
| Suggestions so far is to use SuperAntiSpyware in safe mode
| but does not detect it!

| Any suggestions as to what software I can use to successfully
| remove this item?

Use Malwarebytes' anti malware. Very effective on the Vundo/Virtumonde family of trojans.

 

[Bob]

From: "Bob" <[email protected]>

| How can I have this removed?
| Suggestions so far is to use SuperAntiSpyware in safe mode
| but does not detect it!

| Any suggestions as to what software I can use to successfully
| remove this item?

Use Malwarebytes' anti malware. Very effective on the Vundo/Virtumonde family of trojans.

Ran Malwarebytes, did not pick up virtumonde.dll!
Spybot still shows it but again cannot remove it.

Any further advice on this.

Bob

 

[Nil]

Ran Malwarebytes, did not pick up virtumonde.dll!
Spybot still shows it but again cannot remove it.

Any further advice on this.

I may have found the same symptom. After installing the most recent
detection definitions, Spybot supposedly found Virtumonde. I have since
run Malwarebytes and SuperAntiSpyware, but they detected nothing. I
haven't had time to troubleshoot it any further, but I suspect a false
positive on Spybot's part. I don't consider Spybot to be reliable these
days - its useful days seem to be in the past.

 

[David H. Lipman]

From: "Bob" <[email protected]>

| On Sat, 27 Nov 2010 11:17:01 -0500, "David H. Lipman"

| Ran Malwarebytes, did not pick up virtumonde.dll!
| Spybot still shows it but again cannot remove it.

| Any further advice on this.

Please post the fully qualified name and path of the file deemed to be infected by the
Virtumonde adware.

A log snippet can help.

 

[Bob]

From: "Bob" <[email protected]>

| On Sat, 27 Nov 2010 11:17:01 -0500, "David H. Lipman"


| Ran Malwarebytes, did not pick up virtumonde.dll!
| Spybot still shows it but again cannot remove it.

| Any further advice on this.

Please post the fully qualified name and path of the file deemed to be infected by the
Virtumonde adware.

A log snippet can help.

C:\windows\system32\mfc40.dll

----------- found in search ----------
I also have in C:\windows\system32\mfc.dll_tobe_deleted
and in C:\windows\system32\dllcache

I don't have a log snippet, log file is empty, sorry.

Bob.

 

[David H. Lipman]

From: "Bob" <[email protected]>

| On Sat, 27 Nov 2010 14:44:00 -0500, "David H. Lipman"

| C:\windows\system32\mfc40.dll

| ----------- found in search ----------
| I also have in C:\windows\system32\mfc.dll_tobe_deleted
| and in C:\windows\system32\dllcache

| I don't have a log snippet, log file is empty, sorry.


Please submit a sample of mfc40.dll to Virus Total

If the one in dllcache is the same and is also flagged , submit that.

http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[David H. Lipman]

From: "Bob" <[email protected]>

| How can I have this removed?
| Suggestions so far is to use SuperAntiSpyware in safe mode
| but does not detect it!

| Any suggestions as to what software I can use to successfully
| remove this item?

False Positive.

http://forums.spybot.info/showthread.php?p=389658#post389658

{ Thanx JD }

 

[Bob]

From: "Bob" <[email protected]>

| How can I have this removed?
| Suggestions so far is to use SuperAntiSpyware in safe mode
| but does not detect it!

| Any suggestions as to what software I can use to successfully
| remove this item?

False Positive.

http://forums.spybot.info/showthread.php?p=389658#post389658

{ Thanx JD }

Thanks again David!

Bob