Spybot Search and Destroy Definitions Updated on 5/14/2008
If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.
If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.
If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.
* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."
Spybot Updates - published every Wednesday
Additions made on May 14, 2008:
Adware
++ CliprexDivXPlayer
++ CliprexDVDRipper
Hijackers
+ Inet Delivery
Keyloggers (Keyloggers steal your logins and passwords)
+ KGBKeylogger
Malware Includes fake anti-virus and anti-spyware programs, like VirusHeat
++ BPS.Gen
++ Fraud.Antivirus2008
+ ISearchTech
+ MagicControl.Agent
+ Rogue.IEAntivirus
++ Rogue.ScanAndRepair2007
+ Smitfraud-C.
+ SpyShredder
++ Themida.Bot.tsj
+ Vario.AntiVirus
+ VirusHeat
++ Win32.Agent.kmf
+ Win32.BHO.je
PUPS Possibly Un(popular|wanted) Software
+ CliprexDVDPro
Security
+ Microsoft.Windows.AppFirewallBypass
Trojans Includes 1 new Zlob* Trojan detections
+ Banker.PorSMTP
+ ShudderLtd.AntiVirusPro
+ Smitfraud-C.MSVPS
++ Win32.Agent.cn
++ Win32.Agent.esq
++ Win32.Agent.qwq
+ Win32.Delf.eq
++ Win32.Konik
++ Win32.SlhClient
++ Win32.Small.dv
++ Win32.Small.imu (2)
++ Win32.Systembin
+ Zlob.Downloader.vdt
Total: 607566 fingerprints in 158897 rules for 3918 products!
False positive detections fixed this week:
SpyBossPro detected in ijl11.dll false positive fixed.
* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.
Continue reading "Spybot Search and Destroy Definitions Updated on 5/14/2008" »