Spyware Doctor (6.0.0.386 Database Version 5.11280 Intelli-Signatures 949,722) is picking up a Trojan.Virtumonde False Positive 'infection' at C:\Program Files\Webroot\Washer\NscpWzrd.dll. It is part of the Webroot Window Washer program, which I have had installed on my PC for approx. 4 to 5 years with no previous infections encountered.

I have also performed a full system scan using Norton Internet Security 2009 which found no infections.

Please refer to attached screenshot:

Same as the one I got yesterday. Read the post: Increasing problem...
FP or not, who knows. Clean out the comp and do another full scan, not only intelli.

Hello,
here is my participation at the discussion...
My report:
PC Tools Spyware Doctor
Date Status
06/12/2008 09:26:17:882 Analyse démarrée
Type d'analyse - Analyse complète

06/12/2008 09:26:28:607 Résultats d'Immunizer
La section ActiveX a été immunisée. Aucun élément n'a été traité.
06/12/2008 09:27:01:680 Une infection a été détectée sur cet ordinateur

Nom de la menace - Trojan.Virtumonde
Type - Fichier
Degré de risque - Grave
Infection - C:\Program Files\a-squared Free\a2cmd.exe

06/12/2008 10:25:36:527 Analyse terminée
Type d'analyse - Analyse complète
Eléments traités - 259452
Menaces détectées - 1
Infections détectées - 1
Infections ignorées - 0

06/12/2008 10:25:41:205 Détection IntelliGuard nettoyée
Nom de la menace - Application.TrackingCookies
Type - Cookie
Degré de risque - Faible
Infection - statse.webtrendslive.com/ statse.webtrendslive.com

In A-Squared free...
Hope it will be fixed soon! Jérôme

Lots of FP are coming out of SD I just don't know why. I hope the PC Tools Team will provide a update to fix this issue.

Meh...I get a few false positives when running Malwarebytes too.

Spyware Doctor (6.0.0.386 Database Version 5.11 Intelli-Signatures 949,722) is picking up a Trojan.Virtumonde False Positive 'infection' at C:\Program Files\Webroot\Washer\NscpWzrd.dll. It is part of the Webroot Window Washer program, which I have had installed on my PC for approx. 4 to 5 years with no previous infections encountered.

I have also perormed a full system scan using Norton Internet Security 2009 which found no infections.

Please refer to attached screenshot:

******************************************


I got the same. Don't use window washer anymore, not installed. Just have download on desktop. Also hit in the restore.

Threat Name - Trojan.Virtumonde
Type - File
Risk Level - Elevated
Infection - C:\Documents and Settings\Dave\Desktop\WindowWasherRegSetup.exe

Hi Guys,

The MRC team are aware of this issue and are currently working on a fix. A fix will be on its way shortly.

Hi Guys,

The MRC team are aware of this issue and are currently working on a fix. A fix will be on its way shortly.

Even with the latest update (Database Version 5.11290 Intelli-Signatures 950,256) its is still picking up a Trojan.Virtumonde False Positive 'infection' at C:\Program Files\Webroot\Washer\NscpWzrd.dll.

Even with the latest update (Database Version 5.11290 Intelli-Signatures 950,256) its is still picking up a Trojan.Virtumonde False Positive 'infection' at C:\Program Files\Webroot\Washer\NscpWzrd.dll.

The fix is currently being reviewed and once all is well, will be available via the Smart Updates :) Sorry for the inconvenience.

Hello,
today with Database 5.11300 and 950408 signatures, the problem of the detection:

Nom de la menace - Trojan.Virtumonde
Type - Fichier
Degré de risque - Grave
Infection - C:\Program Files\a-squared Free\a2cmd.exe

has NOT be fixed...
Thank you,
Jérôme.

Today (09 Dec 2008), with Database 5.11300 and 950408 signatures, SpywareDoctor 6.0.0.386 detected the false positive "Trojan.VirtuMonde" in a-squared Anti-Malware 4.0 and TrojanHunter 5.0:

09/12/2008 15:05:34:109 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - File
Risk Level - Elevated
Infection - C:\Program Files\a-squared Anti-Malware\a2cmd.exe

09/12/2008 02:28:46:828 IntelliGuard: System Event Blocked
Threat Name - Trojan.Virtumonde
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - Elevated
Infection - C:\PROGRAM FILES\TROJANHUNTER 5.0\RULEFILES\GEN.DLL

When I tried to submit these two files (in a single zip file) to support@pctools.com, I received the following error message from 'System Administrator':

------------------
Your message did not reach some or all of the intended recipients.

Subject: FW: False positive: “Trojan.Virtumonde” - in a-squared Anti-Malware 4.0 and TrojanHunter 5.0.
Sent: 09/12/2008 15:53

The following recipient(s) cannot be reached:

support@pctools.com on 09/12/2008 15:53
552 5.7.0 to review our attachment guidelines. k5sm172243nfd.48
-----------------

How should I submit 'suspect' files in future?

The zip file can not be more than 1.74MB. If your zip was bigger than this, you may have to send separately.

I also received Elevated infection when I'm installing K-Lite Codec Mega Pack. Not sure if it's FP. I allow the installation to continue. After that I did a full scan, the result is as follow:

10/12/2008 3:47:59 PM:644 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}, (Default)

10/12/2008 3:47:59 PM:648 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\InprocServer32, (Default)

10/12/2008 3:47:59 PM:651 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\InprocServer32, ThreadingModel

10/12/2008 3:47:59 PM:653 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\InprocServer32

10/12/2008 3:47:59 PM:659 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\Instance\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}, FriendlyName

10/12/2008 3:47:59 PM:662 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\Instance\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}, CLSID

10/12/2008 3:47:59 PM:666 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\Instance\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}, FilterData

10/12/2008 3:47:59 PM:669 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\Instance\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}

10/12/2008 3:47:59 PM:671 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}\Instance

10/12/2008 3:47:59 PM:674 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E15A6D E-B1F1-4E1F-8448-F5A06E179208}

10/12/2008 3:47:59 PM:680 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ABE7B1D 9-4B3E-4ACD-A0D1-92611D3A4492}, (Default)

10/12/2008 3:47:59 PM:684 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ABE7B1D 9-4B3E-4ACD-A0D1-92611D3A4492}\InprocServer32, (Default)

10/12/2008 3:47:59 PM:702 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ABE7B1D 9-4B3E-4ACD-A0D1-92611D3A4492}\InprocServer32, ThreadingModel

10/12/2008 3:47:59 PM:704 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ABE7B1D 9-4B3E-4ACD-A0D1-92611D3A4492}\InprocServer32

10/12/2008 3:47:59 PM:707 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ABE7B1D 9-4B3E-4ACD-A0D1-92611D3A4492}

10/12/2008 3:47:59 PM:712 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}, (Default)

10/12/2008 3:47:59 PM:716 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\InprocServer32, (Default)

10/12/2008 3:47:59 PM:719 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\InprocServer32, ThreadingModel

10/12/2008 3:47:59 PM:722 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\InprocServer32

10/12/2008 3:47:59 PM:728 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\Instance\{DFD031D4-4780-44E7-A5F5-951D672FC93A}, FriendlyName

10/12/2008 3:47:59 PM:732 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\Instance\{DFD031D4-4780-44E7-A5F5-951D672FC93A}, CLSID

10/12/2008 3:47:59 PM:736 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Value
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\Instance\{DFD031D4-4780-44E7-A5F5-951D672FC93A}, FilterData

10/12/2008 3:47:59 PM:740 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\Instance\{DFD031D4-4780-44E7-A5F5-951D672FC93A}

10/12/2008 3:47:59 PM:743 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}\Instance

10/12/2008 3:47:59 PM:746 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - Registry Key
Risk Level - Elevated
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DFD031D 4-4780-44E7-A5F5-951D672FC93A}

10/12/2008 3:48:05 PM:844 Infection was detected on this computer
Threat Name - Trojan.Virtumonde
Type - File
Risk Level - Elevated
Infection - C:\Program Files\K-Lite Codec Pack\Filters\DCBassSource.ax


Can anyone confirm this?
I'm using Spyware Doctor with AntiVirus 6.0.0.386 Database Version 5.11300

Edit* Problem solved when I updated the Database Version to 5.11310

Cheers
Jackie

Hello,
today after update to Database 5.11310 with 950.718 signature a full scan is clean!
Thank you,
Jérôme