[jdc]

My machine is: Win XP SP1
Updates are in place except for the IE8,
I prefer to use IE6 when I have to use IE but mainly use Firefox.

I am on a building network that has Open DNS running.
I do not know what other ‘things’ they use for security,
but my internet connection is free.

Security Utilities I use are:
Spyware Blaster
Spybot S&D
SuperAntispyware
Avast antivirus(free version) is my antivirus
I also run CC Cleaner, an old version, periodically.

The computer was diagnosed by an emachine tech as having a most likely,
failing motherboard about 2 yrs. back.
I don’t like to download and install stuff because of that
and this computer has done massive amts of photo scanning
and photo editing over the years I have had it;
also some graphic work done with PhotoShop.

Regular scans done nightly with Spybot S&D and
with SuperAntispyware and Avast come up clean.
A boot scan, done nightly with Avast comes up clean.

I have also done an Eset online scan, it also finds nothing.

Here’s my problem:
When I right click on a file, say in My Pictures, and scan with
Spybot S&D, the heuristic scan finds:
File name: Thumbs.db
Status: Virtumonde.dll
Or in a couple of cases it finds
Status: Virtumonde.sdn

As you know, I’m nearly computer illiterate so, if you can help me figure out this problem,
please use simple, make that VERY simple, terms and ‘things’ .

Thanks, Jan

[roddy32]

Hi Jan. I will let our expert chime in on this but it is probably a false positive. I have seen this on my own computer also which I know is clean so I figured I would put in my 2 cents.

Many heuristic scan findings are false positives. How long as that picture file that is is flagging been on the computer? And also does that finding show up on a regular scan or only when you right click and can with Spybot? If you do the same with Super or avast does it also flag it?

Some of my gifs have been flagged exactly the same

File name: Thumbs.db
Status: Virtumonde.dll

And in MY case they have always been false positives. These gifs have been on here for 4 or 5 years and they are not infected.

Fred's turn now and I am sorry for diving into your territory Fred.

Edit:. I just reread your post and I see you already answered some of my questions. LOL

[Fred Flintstone]

Hi Jan,
I would go along with Rod's comments if that is the sole symptom you are getting!.
SpyBot is in my opinion not as reliable as it once was and heuristics are notoriously unreliable in some cases!
Personally, I would replace it with MBAM and give it a scan with that, MBAM will get rid of anything that happens to be there and is much more reliable in cleaning most infections that are currently doing the rounds...

Thumbs.db is a harmless file which can be deleted without any problems, it is simply there to store thumbnails for your stored pictures. It will be re-created as needed.

Here is the link for MBAM if you want it:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and select then follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

• Launch Malwarebytes' Anti-Malware
  
• Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Regards
Fred.

[roddy32]

We also have that download here (The newest version) in our downloads section (We have permission from Marcin).

http://www.lognrock....u...tail&f_id=1

[Fred Flintstone]

roddy32, on Dec 6 2009, 12:30 AM, said:

We also have that download here (The newest version) in our downloads section (We have permission from Marcin).

http://www.lognrock....u...tail&f_id=1

Yep, sorry about that, when my lappy crashed I lost all my canned speeches, got to replace them all and will get them right soon..

[Rawe]

The easier url for MBAM http://www.lognrock.com/mbam.html

[roddy32]

I forgot about that link Rawe. I just checked in my LnR folder and I have it there saved. I have the HJT one too.

http://www.lognrock.com/hjt.html

http://www.lognrock.com/mbam.html

[jdc]

THANK YOU ALL OF YOU for your response
I see you now logged on too, jasper

I didn't think this was anything as it's shown up in Spybot S&D scans for years,
but thought I had better check to i don't give anything to any email pals

I'll leave it lay as is until the holidays, etc. are over with.

Thanks again
Jan

[roddy32]

Jan, as Fred says and I agree with him about replacing Spybot with MBAM. You will be happy with it. The scanner is lighter on resouces than Spybot besides it removes thing better. The updates are easier also and more frequent. I use the quick scan which take about 5 or 6 minutes on my computer. YOUR processor and mine are in the same condition. If I scan with Spybot, the fan comes on during the scan, MBAM does not turn the fan on and I never even know it is scanning.

Any questions about it, just ask in our last e-mail.

[jdc]

OK, I want to do this switch to MBAM.
It takes foreverrrrr for Spybot to just come up and do the scan.
Yeah, it uses lots of 'stuff' to run.
Figured I'd download this new program and

ok, any questions
I'll ask in the email...remember you said that Roddy
THANKS, AGAIN

[roddy32]

You want to uninstall Spybot BUT FIRST click on the Immunize section and and at the top of that page click the "Undo" button and once that is done. close the program and uninstall it. You MIGHT have to reboot when you do that. I don't remember. Then install MBAM. You MIGHT have to reboot then also but I don't remember.

[roddy32]

BTW you should also click on "Tools" and then "Resident" and take the checkmarks OUT of the 2 boxes, "SDHelper" and "TeaTimer". You probably don't have a check mark in the second one anyway.

[jdc]

Thanks, I'm printing out all the info you gave to me now
and plan to do this tomorrow.
No, I don't use the Tea-timer, Roddy

Thanks for your help Roddy and Fred

PS. Does MBAM get along with Superantispyware and Avast OK?

This post has been edited by jdc: 06 December 2009 - 03:32 AM

[Fred Flintstone]

jdc, on Dec 6 2009, 03:24 AM, said:

PS. Does MBAM get along with Superantispyware and Avast OK?

Hi Jan,

From MalwareBytes website:

Quote

Activating the full version unlocks realtime protection, scheduled scanning, and scheduled updating.

On the free version you will need to update and scan manually as the real time protection module is only activated in the paid version. Other than that there is no difference between the two.

As for SAS, as it say's in the "Key features" list at MBAM site "Works together with other anti-malware utilities.".
I have never noticed any problems with running MBAM as an "on demand" scanner with other programs installed and had the free version for many months when it first was released / in development.
Normal circumstances, I used to run a scan once a week or so just to check etc..

I use MBAM premium version now along with Avira antivirus (free), and again.. experience no problems at all.

Fred

[roddy32]

You're welcome Jan and once again Fred, I apologize for going into your area. I was happy to see you agreed with my advice though.

[Fred Flintstone]

roddy32, on Dec 6 2009, 02:22 PM, said:

You're welcome Jan and once again Fred, I apologize for going into your area. I was happy to see you agreed with my advice though.

Always welcome in this humble abode Rod..!

And you are as qualified as anyone else to give the advice needed!!...

Quote

Microsoft MVP Consumer Security 2006 thru 2009

...

[roddy32]

I have not been to boot camp though so I do not feel qualified for actual malware removal. I do more in the protection aspect than the removal aspect. If you don't let anything IN then there is nothing that can get OUT.

[Fred Flintstone]

roddy32, on Dec 6 2009, 02:39 PM, said:

If you don't let anything IN then there is nothing that can get OUT.

Not a bad base to start from!!...

[jdc]

THANK YOU TO YOU BOTH
Here's the MBAM scan report as requested:

Malwarebytes' Anti-Malware 1.42
Database version: 3325
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/8/2009 6:00:32 PM
mbam-log-2009-12-08 (18-00-32).txt

Scan type: Quick Scan
Objects scanned: 100826
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Nice program, quick loading, quick scaning

[roddy32]

Looks great Jan. Glad to see that you remembered to update the defs to the latest version also.

This progam has several defs updates a day but all you need to do is update when you are going to run a scan. And as always with ANY PROGRAM , ASK me, Jeff or Fred before you delete anything to prevent a possible false positive.