Spybot Search & Destroy updates for June 16, 2010
Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.
Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake security programs (fraudulent anti virus/spyware; scareware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.
Additionally, as of June 2, 2010, Spybot S&D now includes detections for iPhone malware threats. These will be updated as needed (+ or -).
Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.
Definition updates made on 06/16/2010
Adware
+ Tencent.AdressBar
Malware
+ Fraud.AntimalwareDoctor
++ Fraud.Antivirus2009
++ Fraud.QIPGuard
+ Fraud.SecurityTool
+ Fraud.Sysguard
+ Fraud.VolcanoSecuritySuite
+ SpywareBOT (This ripoff pretends to be Spybot S&D)
++ Win32.DotTorrent
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
++ Win32.FraudLoad.pc
+ Win32.FraudPack
Pups (PUPS means Potentially Unwanted Programs)
++ DoubleD.HottieStarToolbar
++ SweetIM
Spyware
+ AdRotator
+ AlexaToolbar
+ Fake.AdobeUpdater
+ ShopNav
+ Win32.Spynet.a
Trojans
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.bkr
++ Win32.Agent.chs
+ Win32.Agent.fbx
++ Win32.Agent.mwl
++ Win32.Agent.psr
++ Win32.Agent.ssp
++ Win32.Agent.tsr
++ Win32.Agent.wur
+ Win32.Ambler
+ Win32.Muollo
+ Win32.Runouce.ch2
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk
Total: 2887130 fingerprints in 994747 rules for 5636 products.
This week's false positive reports and program usage instructions are in the extended content.
False Positives Reported This Past Week
One possible false positive is being investigated this past week..
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB979906-X86.exe was
identified as SpyArsenal.HomeKeyLogger. This may be a legitimate Windows Update file. Team Spybot is still waiting for the file to be sent to them for analysis, by the person who reported it.
My note: Malware fingerprints are frequently changed by their purveyors, to slip past definition based anti-malware tools. As malware detections and behavioral analysis modules increase in complexity, so does the possibility of false positives. For this reason it is often a good idea to quarantine suspected malware rather than deleting it, until the next weekly Spybot definitions have been released. Scan the quarantined items again and if they are still detected as malware, delete them after a week or two. You can also open a new thread on the Spybot False Positives Forum to see if your detection is real, or a false positive.
Installing or uninstalling and Immunizing Spybot S&D
Installing, upgrading to a new version, or uninstalling Spybot requires Administrator level privileges. Updating definitions does not require these permissions most of the time. But, to immunize against all threats does require Admin privileges. If you. like me, operate as a Power/Standard User, you can right-click on the icon to launch Spybot S&D and Run As (an) Administrator. From there you can download the latest definitions, immunize completely and scan/disinfect with full administrator authority.
Updating Spybot Search and Destroy
Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.
In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."
You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.
Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".
TeaTimer false positives
In the case of Teatimer false positives that are fixed by updates, TeaTimer will have to be restarted after the update is applied. TeaTimer cannot be updated with new definitions if it is still running! After you update definitions to fix false positives, a restart of either TeaTimer or the Computer is required. If this doesn't fix the false positives, you may need to reset the TeaTimer detection list, as follows:
Right click the (TeaTimer) Resident tray icon
Select "Reset lists"
Alternately, close and restart TeaTimer using this method:
* start Spybot S&D
* switch to advanced mode
* navigate to "Tools" , then "Resident"
* uncheck the check box for Resident TeaTimer to close TeaTimer
* wait a bit so TeaTimer can unload completely, for instance wait 1min
* check the check box for Resident TeaTimer again to restart the TeaTimer
If that fails also, please read the rest of the things to try on this forum page, in replies #2 and #4.
When TeaTimer blocks the file you can also allow the file to be executed (also remove the check mark for deletion). You can exclude any file from further detections during a scan by right clicking the items in the Spybot S&D scan result and select "exclude this detection from further searches"
If you are running several brands of security software, make sure that only one active protection (realtime monitoring) feature runs at a time. In case you want to deactivate the TeaTimer, to avoid conflicts, you can do this in Spybot S&D advanced mode in Tools - Resident, as described above..
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f383550d-e23e-42f4-8d95-2dc03f02325d)
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
