Wiz's Computer and Website Security Blog

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

An anti-spyware program that is updated once a week cannot protect you from malware threats created or modified and released in the last 24 - 48 hours. If you want realtime protection against the most current spyware, keyloggers, rootkits, rogue anti-virus and security programs, Trojans and other forms of malware, with very frequent automatic updates, scheduled malware scans and the blocking of known-hostile IP addresses, you should try Malwarebytes Anti-Malware.

Definition updates made on 08/11/2010

Malware (Fake anti-virus, etc)
+ ErrorSafe
+ Fraud.Antivirus
+ Fraud.InternetSecurity2010
+ Fraud.Sysguard
+ Win32.FraudLoad.edt

Trojan (Bots, Trojan downloaders, rootkits)
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sdn
+ Win32.Agent.fbx
+ Win32.Agent.sc
+ Win32.Bifrost.gen
+ Win32.FraudLoad.ss
+ Win32.Muollo
+ Win32.OnLineGames.noa
++ Win32.OnLineGames.tojy
++ Win32.OnLineGames.tolh
++ Win32.OnLineGames.tolu
++ Win32.OnLineGames.tomw
++ Win32.OnLineGames.tonk
++ Win32.OnLineGames.tooc
++ Win32.OnLineGames.toqk
++ Win32.OnLineGames.tote
++ Win32.OnLineGames.totl
++ Win32.OnLineGames.totv
++ Win32.OnLineGames.tozi
++ Win32.OnLineGames.tpct
++ Win32.OnLineGames.tpei
+ Win32.ZBot

Total: 3090503 fingerprints in 1057887 rules for 5711 products.

False Positives Reported This Past Week

There were 2 false positives reported this week.

1: A file named ww1138.exe - an update for win3.1x calculator, was detected as Win32.Monderb.aqpu. This has been fixed with the current updates.

2: A confirmed false positive was fixed today for "Win32.Wemon.sh" - [SBI $1ACF3A39] Settings (Registry change, fixed) - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\

Aways make sure you are using the current version of Spybot S&D, before updating definitions or scanning. Older versions tend to give false positives, or fail to adequately remove detected malware.

Continue reading "Spybot Search & Destroy updates for August 11, 2010" »

Posted by Wiz at 3:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

An anti-spyware program that is updated once a week cannot protect you from malware threats created or modified and released in the last 24 - 48 hours. If you want realtime protection against the most current spyware, keyloggers, rootkits, rogue anti-virus and security programs, Trojans and other forms of malware, with very frequent automatic updates, scheduled malware scans and the blocking of known-hostile IP addresses, you should try Malwarebytes Anti-Malware.

Definition updates made on 07/28/2010

Malware (Fake anti-virus, etc)
+ Fraud.AVSecuritySuite
+ Fraud.InternetSecurity2010
+ Fraud.Sysguard
+ Win32.Agent.chh
++ Win32.Bagle.upg
+ Win32.DotTorrent
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.FraudPack

Trojan (Bots, Trojan downloaders, rootkits)
+ Bredolab.fb
+ Hupigon
++ Win32.Agent.bin
+ Win32.Agent.fbx
+ Win32.Autorun.mbzt
+ Win32.Bifrost
+ Win32.FraudLoad.pd
++ Win32.Nepoe
++ Win32.Poison.st
++ Win32.Wemon.sh
+ Win32.ZBot

Total: 4158967 fingerprints in 1278273 rules for 5686 products.

False Positives Reported This Past Week

There is one possible false positive reported this week and being investigated. It is a detection of PerfectKeylogger in the McAfee SiteAdvisor file: "mcsacore.exe"

Continue reading "Spybot Search & Destroy updates for July 28, 2010" »

Posted by Wiz at 11:46 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

An anti-spyware program that is updated once a week cannot protect you from malware threats created or modified and released in the last 24 - 48 hours. If you want realtime protection against the most current spyware, keyloggers, rootkits, rogue anti-virus and security programs, Trojans and other forms of malware, with very frequent automatic updates, scheduled malware scans and the blocking of known-hostile IP addresses, you should try Malwarebytes Anti-Malware.

Definition updates made on 07/21/2010

Malware (Fake anti-virus, etc)
+ Fraud.AntivirusPro2010
+ Fraud.Sysguard
+ Fraud.SystemGuard2009
++ Win32.Chinky.gen
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.FraudPack
+ Win32.VB.bpbu
++ Win32.Winb2s32

Trojan (Bots, Trojan downloaders, rootkits)
+ Bredolab.fb (Bad Bot!)
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.sdn
+ Win32.Agent.fbx
++ Win32.Autoit.gen
+ Win32.Autorun.mbzt
+ Win32.Bifrost
+ Win32.CeeInject
++ Win32.Chinky.a
Win32.Turkojan
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 3078831 fingerprints in 1055775 rules for 5677 products.

False Positives Reported This Past Week

No false positives were reported or discussed this past week.

Continue reading "Spybot Search & Destroy updates for July 21, 2010" »

Posted by Wiz at 3:24 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 07/14/2010

Malware
+ Fraud.Sysguard
+ Win32.FraudPack

Trojan
+ Win32.Agent.fbx
+ Win32.Bifrost
+ Win32.CeeInject
++ Win32.IRCBot
++ Win32.Poison.gen
+ Win32.Runouce.ch2
++ Win32.Scar.a
++ Win32.Scar.gen
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 3024387 fingerprints in 1038931 rules for 5662 products.

False Positives Reported This Past Week

A confirmed false positive detection of "Virtumonde.sci" in FlashGet files and registry entries was supposed to be fixed with the 7/7/2010 updates. Somehow, it slipped through the cracks, but was fixed today!

Continue reading "Spybot Search & Destroy updates for July 14, 2010" »

Posted by Wiz at 12:25 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 07/7/2010

Keylogger (Keyloggers silently log and steal your login credentials to banks, websites and places you thought were secure)
++ SpyOnePro

Malware (includes fake/rogue security programs and alerts)
+ FakeAlert.gen
+ Fraud.AntiSpywarePro
+ Fraud.SecurityMasterAV
+ Fraud.Sysguard
+ Fraud.VolcanoSecuritySuite
+ Win32.Agent.chh
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.FraudLoad.pc
+ Win32.FraudPack
+ WinWebSecurity

Security (Redirects to 127.0.0.1 in your HOSTS file blocks access to Windows Updates, security programs and updates)
+ Microsoft.Windows.RedirectedHosts

Trojans (These are the really bad guys)
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.sdn
+ Win32.Agent.fbx
+ Win32.Banker.xe
+ Win32.Bifrost
+ Win32.FraudLoad.pd
++ Win32.FraudLoad.ss
+ Win32.Muollo
+ Win32.Runouce.ch2
+ Win32.TDSS.rtk
+ Win32.ZBot

Total: 3021867 fingerprints in 1038599 rules for 5667 products.

False Positives Reported This Past Week

A confirmed false positive detection of "Virtumonde.sci" in FlashGet files and registry entries was fixed with the 7/7/2010 updates.

More issues that prevent people using Spybot S&D from reaching or logging into AdultFriendFinder will be fixed on July 14, 2010.

Continue reading "Spybot Search & Destroy updates for July 7, 2010" »

Posted by Wiz at 1:59 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Additionally, as of June 2, 2010, Spybot S&D now includes detections for iPhone malware threats. These will be updated as needed (+ or -).

PUPS are Possibly Unwanted/Unpopular Programs. They appeal to many social networkers but may track your surfing habits and report on your computer configuration, without your explicit knowledge. These often include some smiley programs, screensavers and browser toolbars.

Spyware includes applications that track your surfing and report to a third party without your permission, and keyloggers that steal logon information to your bank, trading company, website and server control panels, Paypal, eBay, etc.

Trojans pretend to be a required missing Codec, Flash update, plug-in, or news report, or porn player, whereas they are really the worst malware that installs remote control (Bot) software and rootkits into your PC. Like the Trojan Horse of ancient Troy, once installed, Trojan Horse programs hand the keys to your PC castle to cybercriminals!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 06/30/2010

Malware
+ AntiSpyWare2007
+ Fraud.AntimalwareDoctor
++ Fraud.AVSecuritySuite
+ Fraud.DrGuard
+ Fraud.Sysguard
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.FraudPack

Trojans
+ Virtumonde.dll
+ Virtumonde.sdn
+ Win32.Bifrost
++ Win32.OnLineGames.bkxl
++ Win32.OnLineGames.mfcv
++ Win32.OnLineGames.mffn
++ Win32.OnLineGames.mffr
++ Win32.OnLineGames.mfhn
++ Win32.OnLineGames.tolp
++ Win32.OnLineGames.tonv
++ Win32.OnLineGames.torh
++ Win32.OnLineGames.urjh
++ Win32.OnLineGames.urnw
++ Win32.OnLineGames.uvev
++ Win32.OnLineGames.uwgv
+ Win32.Runouce.ch2
+ Win32.ZBot

Total: 2933640 fingerprints in 1010577 rules for 5654 products.

False Positives Reported This Past Week

A couple of people have reported a false positive detection of Virtumonde.sdn in System32\lvcoinst.dll. That file belongs to a Logitech Quick Cam driver. It was corrected today.

Some issues that prevented people using Spybot S&D from reaching or logging into AdultFriendFinder were fixed today.

Continue reading "Spybot Search & Destroy updates for June 30, 2010" »

Posted by Wiz at 2:44 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake (rogue) security programs (fraudulent anti virus/spyware; scareware) (Malware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Additionally, as of June 2, 2010, Spybot S&D now includes detections for iPhone malware threats. These will be updated as needed (+ or -).

PUPS are Possibly Unwanted/Unpopular Programs. They appeal to many social networkers but may track your surfing habits and report on your computer configuration, without your explicit knowledge. These often include some smiley programs, screensavers and browser toolbars.

Spyware includes applications that track your surfing and report to a third party without your permission, and keyloggers that steal logon information to your bank, trading company, website and server control panels, Paypal, eBay, etc.

Trojans pretend to be a required missing Codec, Flash update, plug-in, or news report, or porn player, whereas they are really the worst malware that installs remote control (Bot) software and rootkits into your PC. Like the Trojan Horse of ancient Troy, once installed, Trojan Horse programs hand the keys to your PC castle to cybercriminals!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 06/22/2010

Malware
+ Fraud.AntimalwareDoctor
+ Fraud.Antivirus
+ Fraud.Antivirus7
++ Fraud.DefenseCenter
++ Fraud.EcoAntivirus
+ Fraud.RCommander
+ Fraud.Sysguard
++ Fraud.SysinternalsAntivirus
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.Podnuha.rtk

PUPS
+ DoubleD.HottieStarToolbar

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
++ iPhone.Spyware.PinchMedia.ActionMethod
++ iPhone.Spyware.PinchMedia.AjiReaderPDF
++ iPhone.Spyware.PinchMedia.GasCubbybyFRAMMPG&CarMaintenance
++ iPhone.Spyware.PinchMedia.NightstandWeatherClockFree
+ Win32.Spynet.a

Trojans
+ Fraud.UPSInvoice
++ Sasan
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.fbx
+ Win32.Agent.mwl
+ Win32.Agent.psr
+ Win32.Agent.sc
+ Win32.Agent.wur
+ Win32.BHO.ttam
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
+ Win32.Muollo
+ Win32.OnLineGames.down
++ Win32.OnLineGames.mfey
++ Win32.OnLineGames.mffe
++ Win32.OnLineGames.mfgs
+ Win32.Runouce.ch2
++ Win32.Small.ttam
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk
+ Zlob.ImageActiveXAccess

Total: 2928345 checksums in 1009233 rules for 5651 products.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for June 22, 2010" »

Posted by Wiz at 11:15 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake security programs (fraudulent anti virus/spyware; scareware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Additionally, as of June 2, 2010, Spybot S&D now includes detections for iPhone malware threats. These will be updated as needed (+ or -).

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 06/16/2010

Adware
+ Tencent.AdressBar

Malware
+ Fraud.AntimalwareDoctor
++ Fraud.Antivirus2009
++ Fraud.QIPGuard
+ Fraud.SecurityTool
+ Fraud.Sysguard
+ Fraud.VolcanoSecuritySuite
+ SpywareBOT (This ripoff pretends to be Spybot S&D)
++ Win32.DotTorrent
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
++ Win32.FraudLoad.pc
+ Win32.FraudPack

Pups (PUPS means Potentially Unwanted Programs)
++ DoubleD.HottieStarToolbar
++ SweetIM

Spyware
+ AdRotator
+ AlexaToolbar
+ Fake.AdobeUpdater
+ ShopNav
+ Win32.Spynet.a

Trojans
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.bkr
++ Win32.Agent.chs
+ Win32.Agent.fbx
++ Win32.Agent.mwl
++ Win32.Agent.psr
++ Win32.Agent.ssp
++ Win32.Agent.tsr
++ Win32.Agent.wur
+ Win32.Ambler
+ Win32.Muollo
+ Win32.Runouce.ch2
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 2887130 fingerprints in 994747 rules for 5636 products.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for June 16, 2010" »

Posted by Wiz at 4:17 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake security programs (fraudulent anti virus/spyware; scareware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Additionally, as of June 2, 2010, Spybot S&D now includes detections for iPhone malware threats. There were too many new additions today to bother listing them all.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 06/09/2010

Malware
++ Fraud.IPClear
++ Fraud.ProtectionCenter
++ Fraud.SecurityMasterAV
++ Fraud.SpywareCleaner2010
++ Fraud.VaccineCenter
++ Fraud.WinGuard
+ Win32.FraudLoad.edt

Pups (Potentially Unwanted Programs)
+ FastBrowserSearchToolbar
+ GameVance
+ Hotbar

Security
+ Microsoft.Windows.RedirectedHosts

SpywareSpyware
+ AdRotator
Dozens of various iPhone.Spyware.(AdMob/Flurry/PinchMedia/GoogleAnalytics) variations

Trojans
+ Supsav.Smss32
++ Vapsup
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.cc
++ Win32.Agent.dif
+ Win32.Agent.fbx
++ Win32.Agent.ima
++ Win32.Agent.wex
+ Win32.Agent.ws
+ Win32.Bifrost
+ Win32.FakeAlert.ttam
++ Win32.IRCBot.rw
++ Win32.Muollo
++ Win32.Rbot.pc
+ Win32.Runouce.ch2
+ Win32.ZBot
+ Win32.ZBot.rtk
++ Xort.trj

Worms
+ Win32.Amburadul

Total: 2877962 fingerprints in 992400 rules for 5611 products

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for June 9, 2010" »

Posted by Wiz at 5:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. These detections include new or modified fake security programs (fraudulent anti virus/spyware; scareware), Trojan downloaders, password stealers, rootkits, DDoS attack bots and spam bots. It is imperative to keep your security tools updated and scan frequently for malware threats.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 05/26/2010

Malware
++ Fraud.AKMAntivirus2010Pro
++ Fraud.ByteDefender
+ Fraud.DigitalProtection
+ Fraud.MySecurityEngine
++ Fraud.UserAccountControl
+ Mirar

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator

Trojans
+ Fraud.UPSInvoice
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.asr
+ Win32.Agent.ctf
++ Win32.Agent.len
+ Win32.Ambler
+ Win32.FakeAlert.ttam
+ Win32.Runouce.ch2

Total: 3072750 checksums in 1099841 rules for 5405 malware programs.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for May 26, 2010" »

Posted by Wiz at 4:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. Updated detections include new or modified fake security programs (fraudulent anti virus/spyware), Trojan downloaders and password stealers, rootkits, online game password stealers and spam bots.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 05/19/2010

Malware
++ Fraud.DataProtection
+ Fraud.DesktopSecurity2010
+ Fraud.FastAntivirus2009
+ Fraud.IQManager
++ Fraud.LiveEnterprise
++ Fraud.LiveSecuritySuite
++ Fraud.PCGuide
++ Fraud.PCommander
++ Fraud.PrivacyGuard
++ Fraud.RTSAntivirus2010
+ Fraud.SecurityTool
++ Fraud.SystemArmor
+ Fraud.TotalPCDefender
++ Fraud.Virus2Bye
++ Fraud.VirusCatch
+ Win32.FraudLoad.edt
+ WurldMedia

Spyware
+ AdRotator

Trojans
++ IrcBot.Infocard
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.drv
++ Win32.Agent.get
++ Win32.Agent.ias
++ Win32.Agent.pro
++ Win32.Agent.srv
+ Win32.Agent.sys
+ Win32.Agent.wu
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
++ Win32.OnLineGames.awbv
++ Win32.OnLineGames.mfao
++ Win32.OnLineGames.urzt
++ Win32.OnLineGames.usfh
+ Win32.Runouce.ch2
++ Win32.Small.ev
+ Win32.ZBot

Total: 3070462 checksums in 1099132 rules for 5406 malware programs.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for May 19, 2010" »

Posted by Wiz at 12:18 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. Updated detections include new or modified fake security programs (fraudulent anti virus/spyware), Trojans, rootkits, online game password stealers and spam bots.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 05/12/2010

Adware
++ Win32.MyApp

Malware
+ Fraud.CleanUpAntivirus
++ Fraud.MySecurityEngine
+ Fraud.Sysguard ++ Fraud.VirusProtector

Security
++ Microsoft.Windows.InfectedHostfile

Trojan
++ Win32.Agent.ctf
+ Win32.Agent.msg
++ Win32.Banload.of
+ Win32.Bifrost
+ Win32.CeeInject
++ Win32.OnLineGames.awbu
++ Win32.OnLineGames.mfbo
++ Win32.OnLineGames.mfbp
++ Win32.OnLineGames.mfex
++ Win32.OnLineGames.mfgd
++ Win32.OnLineGames.mfge
++ Win32.OnLineGames.uryx
++ Win32.OnLineGames.usao
++ Win32.Qvod.ad
+ Win32.Runouce.ch2
++ Win32.Small.mup
+ Win32.Virut.bg
+ Win32.ZBot

Total: 3045260 checksums in 1091332 rules for 5371 malware programs.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for May 12, 2010" »

Posted by Wiz at 11:35 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. Updated detections include new or modified fake security programs (fraudulent anti virus/spyware), Trojans, rootkits, online game password stealers and spam bots. I noticed that one of the Trojan updates detects UPS Courier fake notices (Fraud.UPSInvoice), which usually contain the Zbot Trojan (Zeus bank password stealing Trojan), or something equally sinister, inside a zip or pdf file attachment.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 04/28/2010

Adware
++ FunnyMall

Malware
++ Fraud.OneClean
++ Fraud.TrustDoctor
+ Fraud.XPInternetSecurity2010
+ Lop
++ Win32.Agent.fg

Spyware
+ AdRotator
+ WurldMedia

Trojan
++ BDS.MalwareCatcher
++ Fraud.UPSInvoice
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.ah
++ Win32.Agent.fd
++ Win32.Agent.mc
++ Win32.Agent.msm
+ Win32.Agent.wu
+ Win32.Allaple.ab
+ Win32.FakeAlert.ttam
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.FraudPack
+ Win32.OnLineGames.down
++ Win32.OnLineGames.mfdt
++ Win32.OnLineGames.mfev
++ Win32.OnLineGames.urls
+ Win32.ScreenBlaze
+ Win32.TDSS.pr
+ Win32.ZBot

Total: 3030783 checksums in 1086724 rules for 5365 products.

This week's false positive reports and program usage instructions are in the extended content.

Continue reading "Spybot Search & Destroy updates for April 28, 2010" »

Posted by Wiz at 2:46 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. Updated detections include new or modified fake security programs (fraudulent anti virus/spyware), Trojans, rootkits, online game password stealers and spam bots.

These updates may include variants of the infamous Zbot, a.k.a Zeus, banking Trojan. This is a keylogger that captures your logins to banks or other financial institutions, then sends them home to criminals in Russia and other parts of the former Soviet Union, where most Botnets and Trojans are written and controlled. If you run an anti spyware scan and discover that you have the Zbot on your computer and use that PC for online banking, PayPal, or auctions, call your bank right away and change all of your passwords after removing the key-logging Trojans.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 04/21/2010

Malware
+ Fraud.ControlCenter
++ Fraud.DigitalProtection
++ Fraud.IQManager
++ Fraud.MyProtection
+ Fraud.PaladinAntivirus
+ Lop
+ Mirar
+ Win32.Bifrost
+ Win32.FraudLoad
+ Win32.FraudLoad.edt
+ Win32.Renos

Spyware
+ AdRotator
+ Fake.AdobeUpdater
+ Marketscore.RelevantKnowledge
+ Win32.Spynet.a

Trojan
++ Adload.dl
++ IRCBot.gu
++ SmileyDistrict
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.ark
++ Win32.Agent.cls
++ Win32.Agent.fw
++ Win32.Agent.of
++ Win32.Agent.svc
+ Win32.Agent.wu
+ Win32.Allaple.ab
++ Win32.AutoRun.ul
++ Win32.Delf.wsg
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
++ Win32.OnLineGames.mfem
+ Win32.TDSS.cl
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 3018027 checksums in 1083786 rules for 5353 products.

Continue reading "Spybot Search & Destroy updates for April 21, 2010" »

Posted by Wiz at 6:01 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. 5 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 33 new or modified Trojans, rootkits, online game password stealers and spam bots were added to the "Trojan" list. These include variants of the infamous Zbot, a.k.a Zeus, banking Trojan. If you have the Zbot on your computer and use that PC for online banking, call your bank right away. Cyber-criminals in Eastern Europe may have already emptied your accounts!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 04/14/2010

Adware
+ BaiduBar

Hijacker
+ Win32.Cherche.us

Malware
+ Fake.Antivir
+ Fraud.LivePCGuard
+ Fraud.SecurityCentral
+ Fraud.Sysguard
+ Fraud.YourProtection
+ Lop + Win32.FraudLoad
+ Win32.FraudLoad.edt

PUPS
+ MyWay.MyWebSearch

Spyware
+ AdRotator
+ Fake.AdobeUpdater
+ Win32.Spynet.a

Trojans
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.acc
+ Win32.Agent.dfg
+ Win32.Agent.exp
+ Win32.Agent.ghs
+ Win32.Agent.ie
+ Win32.Agent.msu
+ Win32.Agent.run
+ Win32.Agent.xwr
+ Win32.Allaple.ab
+ Win32.Ambler
+ Win32.FraudPack
+ Win32.OnLineGames.bknd
+ Win32.OnLineGames.tnba
+ Win32.OnLineGames.tndv
+ Win32.OnLineGames.tnee
+ Win32.OnLineGames.tnet
+ Win32.OnLineGames.tnfs
+ Win32.OnLineGames.tnhn
+ Win32.OnLineGames.tnsc
+ Win32.OnLineGames.tnwc
+ Win32.OnLineGames.tnxp
+ Win32.OnLineGames.ubga
+ Win32.OnLineGames.unsp
+ Win32.OnLineGames.vcrs
+ Win32.Rbot.cmd
+ Win32.Rbot.kav
+ Win32.SDBot.sys
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 2997706 checksums in 1077577 rules for 5338 products.

Continue reading "Spybot Search & Destroy updates for April 14, 2010" »

Posted by Wiz at 10:57 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. 4 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 13 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. These include a variant of the infamous Zbot, a.k.a Zeus, banking Trojan. If you have the Zbot on your computer and use that PC for online banking, call your bank right away. Cyber-criminals in Eastern Europe may have already emptied your accounts!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 04/7/2010

Malware
++ Fraud.BPSPCSpeedScanPro
+ Fraud.Sysguard
+ Win32.FraudLoad.edt
+ Win32.VB.bpbu

Spyware
+ Fake.AdobeUpdater
+ Win32.Spynet.a

Trojans
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.exp
+ Win32.Agent.sys
+ Win32.Agent.wu
+ Win32.FakeAlert.ttam
+ Win32.Koobface
++ Win32.OnLineGames.tned
++ Win32.OnLineGames.tnee
++ Win32.OnLineGames.tneu
++ Win32.OnLineGames.tngi
+ Win32.ZBot

Worm
+ Win32.Amburadul

Total: 2249732 checksums in 841186 rules for 5305 products.

Continue reading "Spybot Search & Destroy updates for April 7, 2010" »

Posted by Wiz at 2:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. 3 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 13 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. These include a variant of the infamous Zbot, a.k.a Zeus, banking Trojan. If you have the Zbot on your computer and use that PC for online banking, call your bank right away. Cyber-criminals in Eastern Europe may have already emptied your accounts!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 03/31/2010

Malware
++ Fraud.ControlComponents
++ Fraud.PCBugFinderPro
+ Fraud.Sysguard
+ Lop
+ Smitfraud-C.
+ Win32.Agent.ieu

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
++ Fake.AdobeUpdater
+ Win32.Spynet.a

Trojans
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.exp
++ Win32.Agent.per
++ Win32.Agent.spy
++ Win32.Agent.sun
++ Win32.AutoRun.tmp
++ Win32.OnLineGames.tnfg
++ Win32.OnLineGames.tnmk
++ Win32.OnLineGames.tnrh
++ Win32.OnLineGames.utvz
+ Win32.ZBot

Worm
+ Win32.Amburadul

Total: 2168355 checksums in 814643 rules for 5285 products.

Continue reading "Spybot Search & Destroy updates for March 31, 2010" »

Posted by Wiz at 4:53 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. 6 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 25 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. These include 2 variants of the infamous Zbot, a.k.a Zeus, banking Trojan. If you have the Zbot on your computer and use that PC for online banking, call your bank right away. Cyber-criminals in Eastern Europe may have already emptied your accounts!

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 03/24/2010

Adware
++ WhereSphere

Malware
+ FakeAlert.gen
+ Fraud.PersonalSecurity
++ Fraud.SecurityGuard
+ Fraud.Sysguard
++ Fraud.SystemDefence
++ Fraud.UserProtection
++ IRC.wbp
+ Lop
+ Win32.FraudLoad.edt
++ Win32.Refpron
+ Win32.Virut.ag

Spyware
+ Win32.Spynet.a

Trojans
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.ddrv
++ Win32.Agent.inc
++ Win32.Agent.mscs
++ Win32.Agent.phe
++ Win32.Agent.syn
++ Win32.Agent.tmp
++ Win32.Agent.wer
+ Win32.Ambler
++ Win32.Autoit.xp
++ Win32.Banker.pp
+ Win32.CeeInject
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
+ Win32.Monderb.aqpu
++ Win32.OnLineGames.breq
++ Win32.OnLineGames.mfcu
++ Win32.OnLineGames.mfew
++ Win32.OnLineGames.usco
++ Win32.OnLineGames.uvqe
++ Win32.OnLineGames.uvwv
++ Win32.Runouce.ch2
+ Win32.ZBot
+ Win32.ZBot.rtk

Total: 2166574 checksums in 813768 rules for 5286 products.

Continue reading "Spybot Search & Destroy updates for March 24, 2010" »

Posted by Wiz at 1:58 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule, as listed below. 11 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 29 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. These include 2 variants of the infamous Zbot, a.k.a Zeus, banking Trojan.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Definition updates made on 03/17/2010

Adware
++ Ulineguide

Malware
++ Fraud.Antivirus7
++ Fraud.CleanUpAntivirus
++ Fraud.ContentCleaner
++ Fraud.ErrorWiz
++ Fraud.MyComGuard
+ Fraud.MySecurityWall
+ Fraud.PCSecurity2009
++ Fraud.PrivacyOn
++ Fraud.SmartSecurity
+ Fraud.Sysguard
++ Fraud.XPInternetSecurity2010
+ Lop
++ Win32.Downloader.aafm
+ Win32.FraudLoad.edt

Spyware
+ AdRotator
+ Win32.Spynet.a

Trojans
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.ddod
++ Win32.Agent.fla
++ Win32.Agent.shi
+ Win32.Allaple.ab
+ Win32.Ambler
++ Win32.AutoRun.fw
++ Win32.Banker.ju
+ Win32.Banload.up
++ Win32.Clicker.ad
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
++ Win32.IRCBot.sys
+ Win32.Koobface
+ Win32.OnLineGames.down
++ Win32.OnLineGames.mfbh
++ Win32.OnLineGames.mfeg
++ Win32.OnLineGames.mffa
++ Win32.OnLineGames.mffh
++ Win32.OnLineGames.mfgr
++ Win32.Rbot.mum
++ Win32.SdBot.wch
+ Win32.Swisyn
+ Win32.TDSS.rtk (rootkit)
+ Win32.ZBot (a.k.a.: Zeus)
+ Win32.ZBot.rtk (Zeus rootkit)
++ XPInternetSecurity2010.FakeAlert
+ Zlob.PornPassManager

Worm
+ Win32.Amburadul

Total: 2161084 checksums in 812212 rules for 5267 products.

Continue reading "Spybot Search & Destroy updates for March 17, 2010" »

Posted by Wiz at 5:08 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on March 10, 2010, as listed below. 12 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 25 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 03/10/2010

Adware
++ CNNIC.Searchbar

Dialer
++ Microflat

Malware
++ Fraud.ControlManager
++ Fraud.DrGuard
+ Fraud.MalwareDefender2009
++ Fraud.MySecurityWall
+ Fraud.PersonalSecurity
++ Fraud.PrivacyControl
++ Fraud.SpyTechSpyAgent
++ Fraud.WindowsAntivirus
++ Fraud.WindowsSecurityCenter
++ Fraud.XPMicroAntivirus
++ Win32.Agent.be
+ Win32.FraudLoad

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Trojan
+ Fraud.avi
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.exp
++ Win32.Agent.jar
++ Win32.Agent.wio
++ Win32.Agent.wss
++ Win32.AutoRun.wu
++ Win32.Banload.up
++ Win32.Clicker.afo
++ Win32.Clicker.nqe
++ Win32.FakeAV.cn
+ Win32.FraudLoad.edt
+ Win32.FraudPack
+ Win32.Koobface
+ Win32.OnLineGames.mffm
++ Win32.OnLineGames.uedm
++ Win32.OnLineGames.uhbq
++ Win32.OnLineGames.uhgi
++ Win32.OnLineGames.uhmm
++ Win32.OnLineGames.uhvx
++ Win32.OnLineGames.uiwu
++ Win32.OnLineGames.uvmc
++ Win32.Swisyn
+ Win32.ZBot

Worm
+ Win32.Amburadul
++ Win32.Bzub.buz

Spybot S&D currently has 2153272 fingerprints in 809913 rules for 5228 products.

False Positives Reported This Past Week

One possible false positive was reported for this week, as of the time this article was published.

1: Possible false positive detection of "AzeSearch" in Microsoft Security Essentials. This is being investigated, in German. I will translate the results next week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for March 10, 2010" »

Posted by Wiz at 3:22 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on March 3, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 19 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 03/03/2010

Adware
++ WebPerform

Malware
+ Fraud.AntivirusPro2010
+ Fraud.VolcanoSecuritySuite
+ Lop
++ Municheventos
+ Win32.Bifrost
+ Win32.FraudLoad.edt
++ Win32.Philis

Pups (Potentially Unwanted Software)
+ Live-Player

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
+ Win32.Spynet.a

Trojan
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.mpc
+ Win32.Agent.sys
+ Win32.Allaple.ab
+ Win32.Autorun.mbzt
++ Win32.OnLineGames.mfen
++ Win32.OnLineGames.mfes
++ Win32.OnLineGames.mffd
+ Win32.OnLineGames.mffm
++ Win32.OnLineGames.mfjj
++ Win32.OnLineGames.mfqj
++ Win32.OnLineGames.utza
++ Win32.OnLineGames.uvij
++ Win32.OnLineGames.uxkq
+ Win32.TDSS.vot
+ Win32.ZBot
+ Zlob.Downloader

Spybot S&D currently has 2128838 fingerprints in 801788 rules for 5266 products.

False Positives Reported This Past Week

Thus-far, no false positives were confirmed for this week, as of the time this article was published.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for March 3, 2010" »

Posted by Wiz at 1:45 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 24, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 20 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 02/24/2010

Adware
+ MeMedia.AdVantage
++ YourSiteBar

Malware
++ Fraud.AntimalwareDoctor
++ Fraud.PCDefender
++ Fraud.PersonalAntiMalwareCenter
++ Fraud.SecureEssentials2010
+ Fraud.Sysguard
+ Lop
+ Win32.Virut.ag

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Spyware
+ Win32.Spynet.a

Trojan
++ Bredolab.fb
++ Fraud.avi
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.nb
+ Win32.Agent.xwr
+ Win32.Autorun.mbzt
+ Win32.Bifrost
+ Win32.CeeInject
+ Win32.FakeAlert.ttam
++ Win32.OnLineGames.bkrn
++ Win32.OnLineGames.uiwr
++ Win32.OnLineGames.ussu
++ Win32.Prolaco.p
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
++ Win32.vbs
+ Win32.ZBot
+ Win32.ZBot.rtk

Spybot S&D currently has 2111918 fingerprints in 796159 rules for 5250 products.

False Positives Reported This Past Week

Thus-far, no false positives were confirmed for this week, as of the time this article was published.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 24, 2010" »

Posted by Wiz at 4:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 17, 2010, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. One updated Internet Worm detection was also added this week.

Additions made on 02/17/2010

Adware
++ DonkeyToolbar

Malware
+ AdRotator
+ Fake.SpywareRemover
++ Fraud.AdvancedDefender
++ Fraud.GuardWWW
+ Fraud.MalwareDefense
++ Fraud.PaladinAntivirus
++ Fraud.SavePcAv
++ Fraud.SecurePcAv
+ Fraud.Sysguard
+ Fraud.SystemSecurity
+ Fraud.VolcanoSecuritySuite
++ Fraud.YourPCProtector
+ Lop
+ Mirar
+ Win32.FraudLoad
+ Win32.TDSS.reg

PUPS (Possibly Unwanted Programs)
++ GameVance.PlaySushi
+ Live-Player

Spyware
++ Win32.Spynet.a

Trojan
+ Supsav.Smss32
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.ado
++ Win32.Agent.svv
++ Win32.Agent.wi
+ Win32.Agent.wu
+ Win32.Autorun.mbzt
+ Win32.FakeAlert.ttam
++ Win32.HareBot.a
++ Win32.OnLineGames.ujug
++ Win32.Rbot.wu
++ Win32.ScreenBlaze
++ Win32.Stinx.h
+ Win32.TDSS.rtk
++ Win32.Virut.w
+ Win32.ZBot

Worm
+ Win32.Allaple.ab

Spybot S&D currently has 2033341 fingerprints in 769409 rules for 5235 products.

False Positives Reported This Past Week

TeaTimer mistakenly detected the "Morpheus Toolbar" in C:\WINDOWS\system32\WBEM\WMIADAP.EXE, during an upgrade of a user's Intel Wireless 3945ABG software from version 10.x to 11.5.x, using the DELL proprietary driver upgrade. Team Spybot offered this solution to the affected user, or others similarly affected by false positives in Teatimer:

If you are running several security software, make sure that only one active protection feature runs at a time. In case you want to deactivate the TeaTimer you can do this in Spybot S&D advanced mode in Tools - Resident.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 17, 2010" »

Posted by Wiz at 4:01 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 10, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 8 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. Two Internet Worm detections were also added this week and another long distance modem dialer.

Additions made on 02/10/2010

Dialer
+ Coulomb Ltd.Content Access Plugin

Malware
++ Fraud.AntimalwareDefender
++ Fraud.KasperskiyAntivir
+ Fraud.PCAntispyware2010
+ Fraud.Sysguard
+ Fraud.XPAntivirus
+ Win32.FraudLoad.edt
++ Win32.Wace.a

PUPS (Possibly Unwanted Programs)
+ Live-Player

Trojan
++ FakeAlert.gx
++ FakeAlert.lv
++ FakeBill.UPS
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Joleee.egx
+ Win32.ZBot

Worm
+ Win32.Allaple.ab
+ Win32.Socks.T

Spybot S&D currently has 1976598 fingerprints in 751278 rules for 5212 products.

False Positives Reported This Past Week

Teatimer had a false positive detection of "DoubleD.DesktopSmiley" in C:\WINDOWS\system32\msiexec.exe. Install the latest definition updates, then stop Teatimer, close it, wait a minute, then restart it. Instructions for restarting Teatimer are in my extended content.

This isn't a false positive, but a business decision that has been reversed. After reviewing the business email practices of VistaPrint, it was removed from HOSTS file IP blocking immunization with the update from the 2010-02-10. People who want to do business with VistaPrint and still use Spybot S&D's full immunization regime can now do so, without manually editing their HOSTS file.

The use of the Windows HOSTS file to block potentially bad IPs and URLS is getting carried to extremes lately. Since Spybot does not alert you when it is responsible for blocking a website via HOSTS entries (to 127.0.0.1), many users are unaware that the program is blocking websites they may wish to visit. If you used to be able to go to some website and after updating Spybot's definitions you find that the page cannot be displayed, it may have been added to the HOSTS blocklist by Spybot updates. You can edit the file manually, in Notepad, or in a HOSTS editor program, or uncheck the option for HOSTS in the Immunization list and reimmunize. That will remove all entries from HOSTS that were added by Spybot S&D.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 10, 2010" »

Posted by Wiz at 1:36 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 3, 2010, as listed below. 9 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. An Internet Worm detection was also added this week.

Additions made on 02/03/2010

Dialer
+ eGroup.InstantAccess

Malware
+ FakeAlert.gen
++ Fraud.MyPcSecure
++ Fraud.PcSecureNet
++ Fraud.PcsSecure
+ Fraud.WinPCDefender
+ Lop
+ SuperEasySearch
+ Win32.FraudLoad
+ Win32.FraudLoad.edt

Trojan
++ FakeAlert.be
+ FakeAlert.BraveSentry
++ FakeAlert.is
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.wu
++ Win32.DownloaderX.HAV
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
+ Win32.TDSS.clt
+ Win32.Turkojan
++ Win32.Virut.ag
+ Win32.ZBot

Worm
+ Win32.Allaple.ab

Spybot S&D currently has 1948083 fingerprints in 743598 rules for 5207 products.

False Positives Reported This Past Week

No false positives were reported or discussed this past week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 3, 2010" »

Posted by Wiz at 10:50 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 27, 2010, as listed below. 10 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Remarkably, the old threat from ABetterInternet.Aurora has re-entered the Malware and Trojans categories, with new definitions, as their adware is once again being distributed by low-life affiliates.

Additions made on 01/27/2010

Keyloggers
++ Win32.Fung.hi

Malware
+ ABetterInternet.Aurora
++ Fraud.ApcSecure
++ Fraud.ArmorDefender
++ Fraud.DesktopSecurity2010
++ Fraud.ProtectDefender
++ Fraud.ProtectSoldier
++ Fraud.WinSecurity360
+ Smitfraud-C.
+ Win32.FraudLoad
+ Win32.Podnuha.rtk

Trojans
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.cqf
+ Win32.Agent.deot
++ Win32.Agent.dnzl
++ Win32.Agent.msg
++ Win32.Allaple.a1
+ Win32.Allaple.a2
++ Win32.Aurora
+ Win32.CeeInject
+ Win32.FakeAlert.ttam
+ Win32.Turkojan
+ Win32.ZBot

Spybot S&D currently has 1919113 fingerprints in 734138 rules for 5193 products.

False Positives Reported This Past Week

1: Spybot's Teatimer module mistakenly identified today's Java update, to version 6 Update 18, as "Win32.Fraudload." I trust this will be sorted out sometime today or tomorrow. Check for a sudden update to the False Positives definitions until one appears, dated 1/27/2010 or later.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 27, 2010" »

Posted by Wiz at 3:21 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 20 2010, as listed below. 15 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 20 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Additions made on 01/20/2010

Adware
++ Abox
++ Win32.Webdir.c

Malware (contains many fake security programs)
+ AdDestination
++ BPS.PerformanceCenter
+ Fraud.AntiMalwarePro
+ Fraud.AntivirusPro2010
++ Fraud.DefendAPc
++ Fraud.GhostAntivirus
+ Fraud.MalwareDefense
++ Fraud.SysDefender
+ Fraud.Sysguard
+ Fraud.XPPoliceAntivirus
+ Smitfraud-C.
++ Win32.Agent.sw
++ Win32.FakeAlert.ttam
+ Win32.FraudLoad
+ Win32.FraudLoad.edt

Pups (Potentially Unwanted Programs)
+ MyFreezeToolbar

Security
+ Microsoft.Windows.RedirectedHosts

Trojan (These are rootkits, backdoors, Bots and password stealers)
+ Fraud.SystemSecurity
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.alo
++ Win32.Agent.deot
++ Win32.Agent.sys
++ Win32.Agent.Winsts
+ Win32.Agent.ws
++ Win32.Autorun.sd
++ Win32.BHO.ttam
++ Win32.CeeInject
++ Win32.OnLineGames.mfaq
++ Win32.Rbot.ws
++ Win32.Sddrop.A
+ Win32.TDSS.bae
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk

Worm
+ Blackmail

Spybot S&D currently has 1868768 fingerprints in 718157 rules for 5183 products.

False Positives Reported

1: TeaTimer identified a MalwareBytes update as Perfect Keylogger and killed the process. This was fixed with today's updates, but, you may have to reinstall Adobe Reader.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 20, 2010" »

Posted by Wiz at 5:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 13, 2010, as listed below. 19 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 24 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. And, modem dialers made a reappearance after a long period of inactivity.

Additions made on 01/13/2010

Dialer
+ eGroup.InstantAccess

Malware (contains many fake security programs)
+ BookedSpace
++ FatimaCollage
++ Fraud.AntispywareShield
++ Fraud.AntiVirusPC2009
+ Fraud.AntivirusPlus
+ Fraud.AntivirusXP
++ Fraud.APcDefender
+ Fraud.ControlCenter
++ Fraud.GreatDefender
++ Fraud.GuardPro
++ Fraud.InSysSecure
+ Fraud.MalwareDefense
+ Fraud.MalwareDoctor
+ Fraud.PCAntispyware2010
++ Fraud.PCsProtector
++ Fraud.SecurityCenter
++ Fraud.SpyEraser
++ Fraud.SpySheriff
++ Fraud.SysProtector
++ Fraud.SystemCleanerPro
++ Fraud.TotalPCDefender

PUPS (Potentially Unwanted Programs)
+ DoubleD
++ Softomate.BullseyeToolBar

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
+ eXact Advertising.BargainsBuddy

Trojan (These are rootkits, backdoors, Bots and password stealers)
+ FakeAlert.cc
+ Supsav.Smss32
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.rar
++ Win32.Agent.rer
+ Win32.Agent.wlo
+ Win32.Bifrost.la
+ Win32.FakeAlert.ttam
++ Win32.FakeAntivir
++ Win32.FraudPack
++ Win32.Livemessn
++ Win32.Multidr-AH
+ Win32.OnLineGames.down
++ Win32.OnLineGames.mfdd
++ Win32.OnLineGames.mfdp
++ Win32.OnLineGames.uveh
+ Win32.Podnuha.rtk
+ Win32.TDSS.bae
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
++ Win32.VB.em
+ Win32.ZBot

Spybot S&D currently has 1842388 fingerprints, in 709074 rules, for 5162 products.

False Positives Reported

In addition to definitions being added there were some false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A Registry Key created by the Group Policy Editor is being detected a malware. The particular change triggering this false positive is enabling "Remove Search From the Start Menu". We await a fix...

2: TeaTimer identified a MalwareBytes update as Perfect Keylogger and killed the process. Standby for more details and a fix.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 13, 2010" »

Posted by Wiz at 12:26 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 6, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 12 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:
++ Fraud.APCProtect
++ Fraud.MalwareCrush
+ Fraud.PersonalSecurity
+ Fraud.SecurityTool
+ Fraud.Sysguard
++ Win32.Archivos
++ Win32.Piasolef

PUPS "PUPs" means Potentially Unwanted Programs
++ MyFreezeToolbar
++ MyWay.FrontierBa

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator

The latest "Trojans" that were added or updated are:
+ Goldun
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.wu
++ Win32.OnLineGames.bgnk
++ Win32.OnLineGames.bkvr
++ Win32.OnLineGames.mfda
++ Win32.OnLineGames.ukzl
++ Win32.OnLineGames.ulfx
+ Win32.ZBot
+ Win32.ZBot.rtk
+ Zlob.Downloader.miu

Spybot S&D currently has 1826889 fingerprints in 703957 rules for 5120 products.

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: "Heuristics" scans detecting various jpg and thumbs.db files as "Fraud.SecurityTool" is a false positive, it was fixed with the detection updates on Jan 6, 2010.

2: A false positive in XYplorer installer, detected as Fraud.SecurityTool, was fixed on 1/6/2010.

3: Spybot S&D, McAfee SiteAdvisor and hpHosts have started to flag http://hazeleger.net and www.hazeleger.net as bad redirected host file entries (in HOSTS immunizations). There may have been a few infected hosts on their services, which seem to have been cleaned up, and one wrongly flagged piece of software called Foxtool. There appears to be no reason to block hazeleger.net, or Foxtool, generally speaking.

4: A false positive detection in the RedCrab calculator, as "Fraud.SecurityTool," was fixed on Jan 6.

5: A false positive detection of 2 files that were flagged as "Fraud.SecurityTool," on a software install CD, in "Dictionary.xml" and "msxml6.msi" was fixed this week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 6, 2010" »

Posted by Wiz at 5:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 30, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections (plus 5 other malware entries), plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:
Fraud.GuardPCs
Fraud.MalwareDefense
Fraud.SecurityTool
Fraud.Sysguard
Fraud.TheDefend
Fraud.VolcanoSecuritySuite
Fraud.XPPoliceAntivirus
Lop, Microsoft.Windows.RedirectedHosts
Win32.Agent.ieu
Win32.Delf.rm
Win32.Fraudload.md
Win32.LisboaAerea

The latest "Trojans" that were added or updated are:
Virtumonde.sci
Virtumonde.sdn
Win32.OnLineGames.bkpf
Win32.OnLineGames.down
Win32.OnLineGames.gjwa
Win32.OnLineGames.mfar
Win32.OnLineGames.mfas
Win32.OnLineGames.mffk
Win32.OnLineGames.mfft
Win32.OnLineGames.ulja
Win32.OnLineGames.ultz
Win32.OnLineGames.ulvo
Win32.OnLineGames.unxp
Win32.ZBot

Spybot S&D currently has 1797852 fingerprints in 694008 rules for 5101 products.

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A false positive detection in the TeaTimer module, flagging "ArcMediaService.exe" as malware, a week ago, was actually fixed on Dec 30, 2009.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Dec 30, 2009" »

Posted by Wiz at 1:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 23, 2009, as listed below. 11 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 11 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:

Fraud.AntiTroy, Fraud.MalwareDefense, Fraud.ProtectPCs, Fraud.SafetyAntiSpyware, Fraud.SecurityTool, Fraud.SoftCop, Fraud.SysDefence, Fraud.WindowsEnterpriseDefender, Fraud.XPProtectionCenter, FSonlinescanner and Win32.FraudLoad

The latest "Trojans" that were added or updated are:

Virtumonde.dll, Virtumonde.sci, Virtumonde.sdn, Win32.OnLineGames.mfax, Win32.OnLineGames.mfay, Win32.OnLineGames.mfgb, Win32.OnLineGames.uhbx, Win32.OnLineGames.unal, Win32.OnLineGames.urwo, Win32.ZBot and Zlob.Downloader.anz

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A false positive detection of "Fraud.MalwareDefense" in the video drivers located at "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" and in the Registry key - "HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}" - was fixed on Dec 23, 2009, with a second release of the definition updates.

2: A false positive detection in the TeaTimer module, flagging "ArcMediaService.exe" as malware, was fixed on Dec 23, 2009.

3: A user reported that when performing a right-click scan, using "Heuristics," on a folder containing all images, they were falsely flagged as "Virtumonde.dll" or "Virtumonde.sdn." This is being investigated as a false positive.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Dec 23, 2009" »

Posted by Wiz at 1:56 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 16, 2009, as listed below. 14 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 6 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 16, 2009" »

Posted by Wiz at 1:43 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 9, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 3 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are Zbot and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 9, 2009" »

Posted by Wiz at 11:37 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 2, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 9 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 2, 2009" »

Posted by Wiz at 3:59 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 25, 2009, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 15 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 25, 2009" »

Posted by Wiz at 5:04 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 18, 2009, as listed below. 15 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 18, 2009" »

Posted by Wiz at 3:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 11, 2009, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 11, 2009" »

Posted by Wiz at 3:46 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 4, 2009, as listed below. 2 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 4, 2009" »

Posted by Wiz at 2:13 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on October 28, 2009, as listed below. 14 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 10 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Oct 28, 2009" »

Posted by Wiz at 4:13 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on October 21, 2009, as listed below. 19 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 30 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Oct 21, 2009" »

Posted by Wiz at 4:52 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.