Wiz's Computer and Website Security Blog

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on May 14, 2008:

Adware
++ CliprexDivXPlayer
++ CliprexDVDRipper

Hijackers
+ Inet Delivery

Keyloggers (Keyloggers steal your logins and passwords)
+ KGBKeylogger

Malware Includes fake anti-virus and anti-spyware programs, like VirusHeat
++ BPS.Gen
++ Fraud.Antivirus2008
+ ISearchTech
+ MagicControl.Agent
+ Rogue.IEAntivirus
++ Rogue.ScanAndRepair2007
+ Smitfraud-C.
+ SpyShredder
++ Themida.Bot.tsj
+ Vario.AntiVirus
+ VirusHeat
++ Win32.Agent.kmf
+ Win32.BHO.je

PUPS Possibly Un(popular|wanted) Software
+ CliprexDVDPro

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans Includes 1 new Zlob* Trojan detections
+ Banker.PorSMTP
+ ShudderLtd.AntiVirusPro
+ Smitfraud-C.MSVPS
++ Win32.Agent.cn
++ Win32.Agent.esq
++ Win32.Agent.qwq
+ Win32.Delf.eq
++ Win32.Konik
++ Win32.SlhClient
++ Win32.Small.dv
++ Win32.Small.imu (2)
++ Win32.Systembin
+ Zlob.Downloader.vdt

Total: 607566 fingerprints in 158897 rules for 3918 products!

False positive detections fixed this week:
SpyBossPro detected in ijl11.dll false positive fixed.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Definitions Updated on 5/14/2008" »

Posted by Wiz at 7:36 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on May 7, 2008:

Hijackers
+ SearchALot

Keyloggers (Keyloggers steal your logins and passwords)
+ SpyBossPro

Malware Includes fake anti-virus and anti-spyware programs
++ Delf.12.an (2)
++ Fake.SecurityAlert
+ MalwareBell
++ MalwareCore
++ Win32.Agent.cs
+ Win32.BHO.je (3)
+ Win32.Renos
++ WinIFixer

PUPS Possibly Un(popular|wanted) Software
+ Enter.Casino.PT

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
+ Conducent.TimeSink

Trojans Includes 5 new Zlob* Trojan detections
++ CNNIC.cn
+ Smitfraud-C.MSVPS
+ Virtumonde.dll
++ Win32.Agobot.aoi
++ Win32.Tibia.de
++ Win32.VB.bks
++ Win32.VB.me
+ Win32.Zhelatin.ah (a.k.a: Storm Trojan)
++ Zlob.Downloader.fvn
++ Zlob.Downloader.jau
++ Zlob.Downloader.vat
+ Zlob.Downloader.vdt
+ Zlob.ZipCodec

Total: 595073 fingerprints in 154556 rules for 3893 products!

False positive detections fixed this week:
False Positive for "ContraVirus" and "VirusBlast" has been fixed with this week's definition updates. Also removed from the immunizations list is Hotlinkfiles.com. This was done after they implemented anti malware scanning of all uploaded files.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Definitions Updated on 5/7/2008" »

Posted by Wiz at 9:36 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on April 30, 2008:

Adware
+ Wintouch

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax
++ KeyloggerDouglas
++ KeyloggerSpy

Malware Includes fake anti-virus and anti-spyware programs
+ MalwareBell
++ AntiVirProtect
+ IEDefender
++ Killsoft.V2008
+ Win32.BHO.je

PUPS Possibly Un(popular|wanted) Software
+ EuroGrand.Casino.PT
++ Monaco.Gold.Casino.PT

Trojans Includes 4 new Zlob* Trojan detections
++ BachKhoaAntivirus
++ BaiduBar.HostsRep
++ Delf.Inject
+ Prorat-D
+ Smitfraud-C.MSVPS
+ Virtumonde.dll
++ Win32.Agent.aou
++ Win32.Agent.ay
++ Win32.Mutant.jz.rtk
++ Win32.Shark.ae
+ Zlob.Downloader.bs
+ Zlob.Downloader.se
+ Zlob.Downloader.vet
+ Zlob.Downloader.vdt
++ YMCam

Total: 593837 fingerprints in 154855 rules for 3880 products!

False positive detections fixed this week:
No false positives to report at this time.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Definitions Updated on 4/30/2008" »

Posted by Wiz at 12:54 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released a day later than usual, on Thursday, April 24, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are normally released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings, or in this instance, on Thursday. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

While immunizing your computer is generally a good security measure, there may be occasions where the immunization detections break a program you want to use, or block access to a website you choose to visit. If this happens to you after you immunize with new definitions, go to the Immunize tab and run UNDO, to remove the last immunizations. You can also use the checkboxes to selectively undo or redo immunizations. Right-clicking on the immunization list gives you the option to select all or select none, which helps with mass immunizations or undoing mass immunizations. Also, if you are going to uninstall Spybot S&D, always select all immunizations, then click on Undo. This will unblock everything before you delete the program.

Spybot Updates - published every Wednesday, except this week

Additions made on April 24, 2008:

Adware
+ BaiduBar

Keyloggers (Keyloggers steal your logins and passwords)
+ Winsession Logger
++ XPCSpyPro

Malware Includes fake anti-virus and anti-spyware programs
+ ContraVirus
++ Fake.Antispyware.TheSpybot2007
+ MalwareCrush
+ PestTrap
+ Smitfraud-C.
+ SpywareQuake
+ Swizzor
+ TitanShield
+ TrustCleaner
+ VirusBlast
+ VirusBurst
+ VirusProtectPro

PUPS Possibly UnPopular Software
+ 32Vegas.PT (4)
+ Deskbar
+ Europa.Casino.PT (13)
+ Vegas.Red.Casino.PT (20)

Security
+ Microsoft.Windows.AppFirewallBypass
++ Microsoft.Windows.Exefile.HideExtension

Trojans Includes new or updated Zlob* Trojan detections
+ BraveSentry
+ Fraud.ProtectionBar
+ Hupigon (11)
++ Hupigon.evc
++ Hupigon.Gen
+ Nuclearwinter
+ SafetyBar
+ Virtumonde.dll
++ Warpcom
++ Win32.Agent.af
++ Win32.Agent.ip
++ Win32.Agent.vye
+ Win32.Autorun
++ Win32.Backdoor.ajhb
++ Win32.Bifrose.blr
++ Win32.Delf.asz
++ Win32.mIRC
++ Win32.Pakes.cgn
+ Win32.Qhost.ake
++ Win32.Settec
++ Win32.Soundmix
++ Win32.VB.tr
+ Zlob.Downloader.bs (2)

Total: 575727 fingerprints in 137545 rules for 3893 products!

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Malware Definitions Updated on April 24, 2008" »

Posted by Wiz at 5:20 PM | Permalink

After people began applying the Spybot Search and Destroy definition updates of April 16, 2008, then immunizing their computers through the Immunize function, those with both Firefox and SpywareBlaster installed began experiencing sudden terminations when trying to open SpywareBlaster. It turns out that one of the definitions in the Spybot immunization database was causing a memory conflict with SpywareBlaster, directly related to a Firefox immunization update. There was a heated discussion about this on the Spybot S & D forum and on April 17, 2008, a second update was released to fix the problem. If you use Spybot S & D, SpywareBlaster and Firefox, and you applied the April 16 updates, you need to download the patched definitions. Use the Spybot Search and Destroy Updater from your Start Menu > Programs to fetch the newest updates, then apply them, then open Spybot's user interface and re-apply immunization for Firefox.

Details
After immunizing Firefox, with the updates from 17/4/08, upon attempting to open SpywareBlaster this error message popped up:

Error: Access violation at 0x005F71FC (tried to read from 0x04F3032C), Program termminated

Some users performed an immunization "Undo" on the Firefox protection only and it worked,
just using SpywareBlaster to immunize Firefox. Normally, these programs get along quite well, but this time there was a glitch. I applaud Team Spybot for rushing out a sudden patch to correct this problem, as I also use SpywareBlaster and Firefox on some of my computers and was similarly affected.

For those who don't know the details about these programs, both Spybot Search and Destroy, by Patrick M. Kolla, and SpywareBlaster, by Javacool Software, are well known freeware security programs that have a feature they call "Immunization," which is a proactive form of protection against known hostile ActiveX controls, dangerous domains, browser hijackers and even advertiser's cookies, placed by websites you visit. By "Immunizing" after updating you protect against exploits from the controls, files, websites and other items in the definitions. If these unwanted items are on your computer already they get nullified by the immunization. Otherwise, once immunized, these applications cannot install themselves unless you knowingly override your already applied protection. This is done by unchecking a particular immunization rule, or by undoing all immunizations, en-masse.

Both programs require users to perform manual checking for updates, although SpywareBlaster does offer automatic updates for a small fee. Spybot S & D is always updated on Wednesdays and users must run a manual check for updates. I usually do this on Wednesday evenings, or on Thursday afternoon, just in case a faulty definition was released then patched, like just happened here. SpywareBlaster's latest definitions were released on 4/6/2008, so their update schedule is less regular than Spybot's.

Posted by Wiz at 12:06 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on April 16, 2008:

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax (2 variants)

Malware Includes fake anti-virus and anti-spyware programs
++ AntiSpywareDeluxe
++ AntiSpywareShield
+ Awola.Anti-Spyware
+ FakeAlert.cc
+ Smitfraud-C.gp
+ VirusHeat
+ Win32.BHO.je (2)
++ Win32.Agent.bk (2)
++ Win32.Agent.xg (2)

PUPS Possibly Un(popular|wanted) Software
++ 24kt.Gold.Casino.PT
++ 32Vegas.PT
++ 50.Stars.Casino.PT
++ African.Palace.Casino.PT
++ Bakara.Casino.PT
++ Cameo.Casino.PT
++ Carnival.Casino.PT
++ Casino.Bellini.PT
++ Casino.Del.Rio.PT
++ Casino.Las.Vegas.PT
++ Casino.Tropez.PT
++ Casino365.PT
++ CasinoKing.PT
+ CasinoRoyal.PT (100)
++ City.Club.Casino.PT
++ Club.Dice.Casino.PT
++ Craps.com.PT
++ Diamond.Club.Casino.PT
++ Enter.Casino.PT
++ EuroGrand.Casino.PT
++ Europa.Casino.PT
++ Flamingo.Casino.PT
++ Golden.Palace.Casino.PT
++ Grand.Online.Casino.PT
++ Hotel.Casino.Network.PT
++ Indio.Casino.PT
++ Joyland.Casino.PT
++ Kiwi.Casino.PT
++ Magic.Box.Casino.PT
++ Mansion.Casino.PT
++ Mega.Sport.Casino.PT
++ New.York.Casino.PT
++ Playgate.Casino.PT
++ Prestige.Casino.PT
++ Royal.Dice.Casino.PT
++ SIA.Casino.PT
++ Sierra.Star.Casino.PT
++ Sky.Kings.Casino.PT
++ Slots.PT
++ Swiss.Casino.PT
++ USA.Casino.PT
++ Vegas.Red.Casino.PT

Security
+ Microsoft.Windows.AppFirewallBypass
+ Microsoft.Windows.RedirectedHosts

Trojans Includes 4 new or updated Zlob* Trojan detections
+ Hupigon
+ Smitfraud-C.MSVPS
++ Win32.Agent.frl (2)
++ Win32.Banbra.anp
+ Win32.BHO.acw
+ Win32.Bifrose.aci
+ Win32.Delf.zq
++ Win32.Qhost.ake
++ Win32.Shark.if
++ Win32.Small.tnt
++ Win32.Small.vy
++ Win32.VB.bmr
+ Win32.Zhelatin.ah (Storm Trojan)
+ Zlob.DNSChanger
+ Zlob.Downloader.vdt
+ Zlob.VideoAccess
++ Zlob.Downloader.vet

Total: 573372 fingerprints in 136752 rules for 3857 products!

False positive detections fixed this week:
http://www.accessorygeeks.com and .accessorygeeks.com is a false positive, blocked by the HOSTS file additions made when you immunize with the HOSTS file option selected. This has been removed in the current updates for the HOSTS file.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Malware Definitions Updated on April 16, 2008" »

Posted by Wiz at 8:15 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on April 9, 2008:

+ CnsMin
+ CoolWWWSearch.OleHelp

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax
+ FreeKeylogger
+ Perfect Keylogger

Malware Includes fake anti-virus and anti-spyware programs
++ AntiSpyKit
+ AntiVerminsPro
+ FakeAlert.cc
++ Fake.PC-Antispyware
++ PCCleaner
++ PlatinumPartner
+ Smitfraud-C.
++ Win32.Agent.pn
+ Win32.BHO.je
++ Win32.Krotten.ex
+ Win32.Renos
++ Win32.VB.bpv

Trojans Includes 67 new or updated Zlob* Trojan detections!
+ BackOrifice2k
+ Hupigon
++ Hupigon.dsx
+ Smitfraud-C.MSVPS
++ Win32.Agent.agx
++ Win32.Agent.AQ
++ Win32.Agent.bno
++ Win32.IRCBot.auf
++ Win32.Poison.pg
++ Win32.VB.aqt
++ Win32.Webmoner.co
+ Zlob.AdultAccess
+ Zlob.BrainCodec
+ Zlob.DigiPassword
+ Zlob.DirectVideo
+ Zlob.DNSChanger.rtk
+ Zlob.Downloader.bs
++ Zlob.Downloader.idt
+ Zlob.Downloader.mld
+ Zlob.Downloader.se
+ Zlob.Downloader.sg
+ Zlob.Downloader.vdt
++ Zlob.Downloader.vot
+ Zlob.EliteCodec
+ Zlob.FreeVideo.DVDCodec
+ Zlob.GoldCodec
+ Zlob.HomepageMonitor
+ Zlob.HQCodec
+ Zlob.HQvideo
+ Zlob.iCodecPack
+ Zlob.ImageActiveXAccess
+ Zlob.ImageActiveXObject
+ Zlob.ImageAXObject
+ Zlob.iMediaCodec
+ Zlob.IVideoCodec
+ Zlob.JPEG-Encoder
+ Zlob.KeyCodec
+ Zlob.KeyGenerator
+ Zlob.Mediacodec
+ Zlob.MMediaCodec
+ Zlob.MovieBox
+ Zlob.MovieCommander
+ Zlob.MPVideoCodec
+ Zlob.MyPassGenerator
+ Zlob.NewMediaCodec
+ Zlob.PerfectCodec
+ Zlob.PornMagPass
+ Zlob.PornPassManager
+ Zlob.PowerCodec
+ Zlob.PPlayer
+ Zlob.PrivateVideo
+ Zlob.QualityCodec
+ Zlob.SilverCodec
+ Zlob.SiteEntry
+ Zlob.SiteTicket
+ Zlob.SoftCodec
+ Zlob.strCodec
+ Zlob.SuperCodec
+ Zlob.TrueCodec
+ Zlob.VAXCodec
+ Zlob.Vcodec
+ Zlob.VidCodec
+ Zlob.VideoAccess
+ Zlob.VideoAccessActiveXObject
+ Zlob.VideoActiveXAccess
+ Zlob.VideoActiveXObject
+ Zlob.VideoAXObject
+ Zlob.VideoBox
+ Zlob.VideoCodec2007
+ Zlob.VideoCompressionCodec
+ Zlob.VideoKeyCodec
+ Zlob.VideoPlugin
+ Zlob.WinMediaCodec
+ Zlob.XpassGenerator
+ Zlob.XPasswordManager
+ Zlob.ZCodec
+ Zlob.ZipCodec

Total: 578031 fingerprints in 129018 rules for 3855 products!

False positive detections fixed this week:
http://www.accessorygeeks.com and .accessorygeeks.com is a false positive, blocked by the HOSTS file additions made when you immunize with the HOSTS file option selected. This will be removed in the next update cycle, or you can manually edit your HOSTS file and remove this domain from being redirected to 127.0.0.1 (your local machine IP).

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Malware Definitions Updated on April 9, 2008" »

Posted by Wiz at 11:19 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on April 2, 2008:

Malware Includes fake anti-virus and anti-spyware programs
+ MalwareWipe
++ Win32.Alman
++ ZlobDownloader.vdt

Security
++ Microsoft.Windows.FileExecution

Trojans
+ Bifrose.LA (2)
+ CoolWWWSearch.SearchToolbar (2)
+ Hupigon
++ Hupigon.cbs
++ Injector.u
+ PremiumSearch (1574)
++ RysioLogger
+ SubSeven
++ Wannnadoo
++ Win32.BKClient
++ Win32.GBDialer.j
+ Win32.Nakuru.a
++ Win32.OnLineGame.jun
++ Win32.VB.sj

Total: 563708 fingerprints in 125654 rules for 3757 products!

False positive detections fixed this week:
False positive on vxSystem.dll from the Vigilix remote monitoring product. It was being incorrectly reported as VX2.b.BDS

Continue reading "Spybot Search and Destroy Malware Definitions Updated on April 2, 2008" »

Posted by Wiz at 1:25 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on March 26, 2008:

Keyloggers (Keyloggers steal your logins and passwords)
+ SpyKeylogger
+ SpyMyPC
+ StaticX

Malware Includes fake anti-virus and anti-spyware programs
+ AlfaCleaner
+ AntiSpywareSoldier
+ AzeSearch
+ Cleanator
+ FakeAlert.cc
+ Fraud.XPAntivirus
+ MalwareWipe
+ Performance Optimizer
+ Smitfraud-C.gp
+ SpyCrush
+ SpyDawn
+ SpyHeal
+ SpyShredder
+ SpywareIsolator
+ TrustCleaner
+ Vcodec.Intcodec
+ Virtumonde.dll (incl: 5955 variants)
+ VirusBurst
+ Win32.BHO.je
+ Win32.Renos
+ WinXDefender

Trojans Featuring 12 updated detections of Zlob* Trojans
+ Smitfraud-C.
+ Smitfraud-C.MSVPS
+ Win32.Dropper.Agent.byv
+ Win32.EESbinder
+ Zlob.DirectVideo
+ Zlob.Downloader.se
+ Zlob.Downloader.sg
+ Zlob.GoldCodec
+ Zlob.HQVideoCodec
+ Zlob.ImageActiveXObject
+ Zlob.KeyGenerator
+ Zlob.MMediaCodec
+ Zlob.QualityCodec
+ Zlob.SiteTicket
+ Zlob.VideoAccess
+ Zlob.VideoKeyCodec

Total: 565762 fingerprints in 126261 rules for 3758 products!

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Malware Definitions Updated on March 26, 2008" »

Posted by Wiz at 11:34 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on March 19, 2008:

Dialer
+ Aconti

Keyloggers (Keyloggers steal your logins and passwords)
++ SpyBuddy
+ SWAgent

Malware Includes fake anti-virus and anti-spyware programs
+ AntiVirGear
+ FakeAlert
++ FakeAlert.mhg
++ MalWarrior
+ Smitfraud-C.gp
+ SpyLocked
++ SpywareLocked
++ SpywareRemover
+ Vario.RogueAntiSpy
+ Vcodec.eMedia
+ Virtumonde.dll (24)
++ Virtumonde.mhg (2911)
+ Win32.BHO.je
+ Win32.Renos
++ WinPerformance
PUPS Possibly Unpopular Software
+ Accoona

Spyware
+ AdBreak

Trojans Featuring 20 new or updated detections of Zlob* Trojans!
++ Banker
+ CnsMin
+ Smitfraud-C.MSVPS
++ Win32.Gamec.cq
++ Win32.Zhelatin.vg
+ Zlob.DNSChanger.rtk (12)
+ Zlob.Downloader
++ Zlob.Downloader.bs
+ Zlob.Downloader.iec
+ Zlob.Downloader.oid
+ Zlob.Downloader.rid
+ Zlob.Downloader.se
+ Zlob.Downloader.sot
+ Zlob.Downloader.vdt
+ Zlob.Downloader.xot
+ Zlob.MovieBox
+ Zlob.MovieCommander
+ Zlob.PPlayer
+ Zlob.SecurityTools
+ Zlob.VideoAccessActiveXObject
+ Zlob.VideoActiveXAccess
+ Zlob.VideoAXObject
+ Zlob.VideoBox
+ Zlob.XXXAccess
+ Zlock.uc

Total: 554199 fingerprints in 123295 rules for 3731 products.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search and Destroy Malware Definitions Updated on March 19, 2008" »

Posted by Wiz at 10:02 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on March 12, 2008:

Dialer
+ Win32.Dialer.aeh

Keyloggers (Keyloggers steal your logins and passwords)
+ XPAdvancedKeylogger

Malware Includes fake anti-virus and anti-spyware programs
+ AntiSpyWare2007
+ NousTech.SysCleaner
+ NousTech.SystemDefender
+ RegClean
+ SpywareBOT.SpywareStop
+ Win32.BHO.je
+ Win32.VB.ck
+ WinSpyKiller

Trojans 6 new classes of Zlob* Trojans and 141 variants!
+ FakeAlert (273)
+ Smitfraud-C.MSVPS (28)
+ Win32.Agent.ahj
+ Win32.Agent.jmh
+ Zlob.DNSChanger.Rtk (13)
+ Zlob.Downloader.mld
+ Zlob.Downloader.se (115)
+ Zlob.Downloader.sg (5)
+ Zlob.Downloader.sot (8)
+ Zlob.Downloader.vdt

Total: 554374 fingerprints in 122623 rules for 3701 products.

* The "Zlob Trojan" is a common infection that has been in the wild since 2005. It is often downloaded intentionally by people who are tricked into thinking that they are installing some missing ActiveX Video Codec, or other (Java) application, needed to view a presentation, or pornographic movie. Once installed on the target computer the Zlob Trojan allows hackers to deliver all manner of downloaders, adware, fake anti-spyware and backdoor components to it. The Zlob family of Trojans are constantly modified by it's maintainers to try to avoid detection by anti-malware applications. These criminals earn commissions for every computer they infect with the Zlob and its companion products. Spybot Search and Destroy can detect and remove most known variants of the Zlob Trojans, with new definitions being released every Wednesday to detect the latest incarnations of Zlob.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on March 12, 2008" »

Posted by Wiz at 11:29 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on March 5, 2008: and false positive removals

Hijacker
+ CoolWWWSearch.Leftovers

Malware
+ Clickspring.Outerinfo
++ Fake.SpywareRemover
++ Marketflip.FakeSearchAndDestroy
++ RegistryClear
+ RegSweep
+ Smitfraud-C.
++ SpySnipe
+ SpywareBOT
+ Vario.AntiVirus
+ VirusHeat
+ Win32.BHO.je
+ Win32.Renos

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans
++ DL.Small.ddp
+ NousTech.UDefender
++ ShudderLtd.AntiVirusPro
+ Smitfraud-C.MSVPS
++ Spambot.kf
+ Virtumonde
++ Win32.Agent.icb
++ Win32.BHO.abo
+ Zlob.Downloader.se
++ Zlob.Downloader.sot
+ Zlob.Downloader.vdt

Total: 545636 fingerprints in 119654 rules for 3673 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on March 5, 2008" »

Posted by Wiz at 12:57 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on Feb 27, 2008: and false positive removals

Malware
+ AdwareAlert
+ AdwareBot
+ AntiSpyware2007
+ AntiSpyWare2007
+ AntiSpywareBOT
+ CoolWWWSearch.am
+ ErrorKiller
+ ErrorSmart
+ EvidenceEraser
+ Fake.SpywareRemover
+ MacroVirus
+ MalwareBOT
+ PrivacyControl
+ PWS.OnLineGames
+ RegClean
+ RegistryBot
+ RegistrySmart
+ RegRecall
+ Smitfraud-C.
+ Spyware-Secure
+ VirusHeat
+ Win32.Agent.bpb
+ Win32.BHO.je
+ Win32.Renos

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
+ PassStealer

Trojans
+ Hupigon
+ IE-Improver
+ Smitfraud-C.MSVPS
+ Win32.Banker.gen
+ Win32.Delf.dgb
+ Win32.Rungbu.a
+ Win32.Small.azl
+ Win32.Tibia.aj
+ Zlob.Downloader
+ Zlob.Downloader.anz
+ Zlob.Downloader.se
+ Zlob.Downloader.vdt
+ Zlob.VideoActiveXObject

Total: 542580 fingerprints in 119017 rules for 3652 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on February 27, 2008" »

Posted by Wiz at 12:50 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on Feb 20, 2008: and false positive removals

Keyloggers (Keyloggers steal your logins and passwords)
+ Goldeneye
++ SolidKeylogger
++ WinKey.StealthKeylogger

Malware
+ PWS.OnLineGames
+ Win32.BHO.je
+ Win32.Renos

Trojans
+ Hupigon
+ IE-Improver
+ Smitfraud-C.MSVPS
+ Virtumonde.generic
++ Win32.Agent.dlo
+ Win32.Delf.s
+ Win32.PolyCrypt.d
+ Win32.VNC.a
+ Zlob.Downloader
+ Zlob.Downloader.se
+ Zlob.Downloader.vdt
+ Zlob.Downloader.xot

Total: 530848 fingerprints in 116890 rules for 3632 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on February 20, 2008" »

Posted by Wiz at 1:41 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on Feb 13, 2008: and false positive removals

Dialer
+ Maxadult

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax
+ HellzLittleSpy
+ SpyLantern

Malware
+ Clickspring.Outerinfo
+ ErrorSweeper
+ Win32.Alphabet.ap

Spyware
+ SpyMail

Trojans
+ Hupigon
+ QQ-Pass
+ Smitfraud-C.MSVPS
+ Tibiabot.pk
+ Win32.Bifrose.LA
+ Win32.Delf.aoa
+ Win32.Delf.dch
+ Win32.Expiro
+ Win32.RJump.c
+ Win32.Small.azl
+ Win32.Sohanad.t
+ Zlob.Downloader.se

Total: 526414 fingerprints in 113946 rules for 3611 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on February 13, 2008" »

Posted by Wiz at 1:25 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on Feb 6, 2008:

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax
+ Elite Keylogger
+ Perfect Keylogger

Malware
+ AdvancedCleaner
+ Fraud.XPAntivirus
+ Smitfraud-C.
+ Win32.Agent.oh
+ Win32.Renos

Trojans (6 new Zlob variants)
+ CoolWWWSearch.SearchToolbar (They're baaack!)
+ Firehole
+ Hupigon
+ MalwareAlarm
+ Smitfraud-C.MSVPS
+ Zlob.Downloader.eaw
+ Zlob.Downloader.gen
+ Zlob.Downloader.oid
+ Zlob.Downloader.se
+ Zlob.Downloader.tnd
+ Zlob.Downloader.vdt
+ Win32.Agent.aga
+ Win32.Agent.bid
+ Win32.Agent.ea
+ Win32.Bandok.av
+ Win32.Delf.dsf
+ Win32.Delf.zq
+ Win32.Harnig.bn
+ Win32.Lineage.bus
+ Win32.Small.ih

Total: 525864 fingerprints in 113680 rules for 3602 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on February 6, 2008" »

Posted by Wiz at 5:35 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Additions made on Jan 30, 2008: (and false positive removals)

Malware
+ AdwareAlert
+ Win32.Renos

Trojans (3 new Zlob variants)
+ Smitfraud-C.MSVPS
+ Win32.Agent.hjo
++ Win32.Delf.uv
+ Win32.Delf.zq
++ Win32.SDBot.BHLK
++ Win32.Small.BB
+ Zlob.Downloader.dcc
+ Zlob.Downloader.vdt
+ Zlob.Downloader.xot

Total: 524620 fingerprints in 113219 rules for 3578 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on January 30, 2008" »

Posted by Wiz at 4:35 PM | Permalink

If you use the famed, freeware, anti-spyware program "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Additions made on Jan 23, 2008 (and false positive removals)

Keyloggers (Keyloggers steal your logins and passwords)
+ Ardamax
+ NiceSpy.Keylogger
+ NiceSpy.XPKeylogger

Malware
+ Fraud.XPAntivirus
+ Safestrip
+ VirusProtect
+ Win32.Renos


Spyware
+ WebWatcher

Trojans (4 new Zlob variants)
+ Hupigon
+ Smitfraud-C.MSVPS
+ Win32.Agent.bkd
+ Win32.Alphabet.ap (670)
+ Win32.Autorun (10)
+ Win32.Bagle.hi (2)
+ Win32.Small.hk
+ Win32.VB.ke
+ Zlob.Downloader.dcc
+ Zlob.Downloader.oid
+ Zlob.Downloader.vdt
+ Zlob.Downloader.xot

Total: 522840 fingerprints in 112714 rules for 3569 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on January 23, 2008" »

Posted by Wiz at 1:12 PM | Permalink

If you use the famed, freeware, anti-spyware program "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4 and 1.5. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Additions made on Jan 16, 2008 (and false positive removals)

Malware
+ LocusSoftware.PCPrivacyTool
++ MalwareCrush
+ Vario.AntiVirus


Spyware
++ Dozorce.Spy
+ eZula HotText **See my note in the extended comments

Trojans (Including banking password-stealing trojans)
+ Ardamax
++ Backdoor.Nok-Nok
+ Smitfraud-C.MSVPS
+ Virtumonde
++ Win32.Agent.oc
++ Win32.Agent.p
+ Win32.Agent.qt
+ Win32.Banker.anv
++ Win32.Banker.BCN
++ Win32.Banker.ekn
++ Win32.Banker.gen
++ Win32.IRCBot.chz
+ Win32.VB
+ Zlob.Downloader.vdt
++ Zlob.Downloader.wot
+ Zlob.VideoActiveXObject

Total: 520902 fingerprints in 112350 rules for 3580 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on January 16, 2008" »

Posted by Wiz at 11:53 PM | Permalink

If you use the famed, freeware, anti-spyware program "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4 and 1.5. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Additions made on Jan 2 and 9, 2008 (and false positive removals)

Keyloggers
+ Ardamax

Malware
+ AntiSpywareBOT
++ Clickspring.OuterInfo
+ Nous-Tech.UCleaner
+ Win32.BHO.je
+ WinXDefender

Trojan
+ Fotomoto
+ MalwareAlarm
+ Search2Find
+ Smitfraud-C.MSVPS
++ Virtumonde
+ Win32.Agent.gs
+ Win32.Agent.gvu
+ Win32.Banker.anv
+ Win32.Delf.bvz
+ Win32.Delf.xo
++ Win32.Qhost.abh
+ Win32.ProAgent.21
++ Win32.Small.ih
++ Win32.Sohanad.as
+ Win32.Tiny.abk
+ Zlob.Downloader
+ Zlob.Downloader.oid
+ Zlob.Downloader.ol
+ Zlock.uc

Total: 523901 fingerprints in 113066 rules for 3559 products.

Continue reading "Spybot Search & Destroy Malware Definitions Updated on January 9, 2008" »

Posted by Wiz at 2:32 PM | Permalink

With New Years Eve fast approaching it is no surprise that malware authors are ramping up their efforts to infect as many computers as possible, either to draft them into zombie Botnets, or to cause unwanted popup advertisements, or to install hidden keyloggers, to steal your logins to online banks and other personal information. If you operate a Windows based computer you are the primary target of these criminals and you must protect your computer from these spyware threats. Many people use commercial anti-malware applications, which are updated daily against new threats, while others rely upon the freely available Spybot Search & Destroy - to handle their security against spyware, keyloggers, adware and Trojans. As free anti-spyware programs go it is one of the best, although it is only updated once a week.

If you use the famed, freeware, anti-spyware program "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on Wednesday, this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4 and 1.5. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Additions made on 12/26/2007 (and false positive removals)