Wiz's Computer and Website Security Blog

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on March 10, 2010, as listed below. 12 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 25 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 03/10/2010

Adware
++ CNNIC.Searchbar

Dialer
++ Microflat

Malware
++ Fraud.ControlManager
++ Fraud.DrGuard
+ Fraud.MalwareDefender2009
++ Fraud.MySecurityWall
+ Fraud.PersonalSecurity
++ Fraud.PrivacyControl
++ Fraud.SpyTechSpyAgent
++ Fraud.WindowsAntivirus
++ Fraud.WindowsSecurityCenter
++ Fraud.XPMicroAntivirus
++ Win32.Agent.be
+ Win32.FraudLoad

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Trojan
+ Fraud.avi
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.exp
++ Win32.Agent.jar
++ Win32.Agent.wio
++ Win32.Agent.wss
++ Win32.AutoRun.wu
++ Win32.Banload.up
++ Win32.Clicker.afo
++ Win32.Clicker.nqe
++ Win32.FakeAV.cn
+ Win32.FraudLoad.edt
+ Win32.FraudPack
+ Win32.Koobface
+ Win32.OnLineGames.mffm
++ Win32.OnLineGames.uedm
++ Win32.OnLineGames.uhbq
++ Win32.OnLineGames.uhgi
++ Win32.OnLineGames.uhmm
++ Win32.OnLineGames.uhvx
++ Win32.OnLineGames.uiwu
++ Win32.OnLineGames.uvmc
++ Win32.Swisyn
+ Win32.ZBot

Worm
+ Win32.Amburadul
++ Win32.Bzub.buz

Spybot S&D currently has 2153272 fingerprints in 809913 rules for 5228 products.

False Positives Reported This Past Week

One possible false positive was reported for this week, as of the time this article was published.

1: Possible false positive detection of "AzeSearch" in Microsoft Security Essentials. This is being investigated, in German. I will translate the results next week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for March 10, 2010" »

Posted by Wiz at 3:22 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on March 3, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 19 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 03/03/2010

Adware
++ WebPerform

Malware
+ Fraud.AntivirusPro2010
+ Fraud.VolcanoSecuritySuite
+ Lop
++ Municheventos
+ Win32.Bifrost
+ Win32.FraudLoad.edt
++ Win32.Philis

Pups (Potentially Unwanted Software)
+ Live-Player

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
+ Win32.Spynet.a

Trojan
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.mpc
+ Win32.Agent.sys
+ Win32.Allaple.ab
+ Win32.Autorun.mbzt
++ Win32.OnLineGames.mfen
++ Win32.OnLineGames.mfes
++ Win32.OnLineGames.mffd
+ Win32.OnLineGames.mffm
++ Win32.OnLineGames.mfjj
++ Win32.OnLineGames.mfqj
++ Win32.OnLineGames.utza
++ Win32.OnLineGames.uvij
++ Win32.OnLineGames.uxkq
+ Win32.TDSS.vot
+ Win32.ZBot
+ Zlob.Downloader

Spybot S&D currently has 2128838 fingerprints in 801788 rules for 5266 products.

False Positives Reported This Past Week

Thus-far, no false positives were confirmed for this week, as of the time this article was published.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for March 3, 2010" »

Posted by Wiz at 1:45 AM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 24, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 20 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Note: one + sign before a detection indicates an update to an existing malware family for which previous definitions have been released. Two ++ signs indicate a completely new detection of a new or rewritten malware type.

Additions made on 02/24/2010

Adware
+ MeMedia.AdVantage
++ YourSiteBar

Malware
++ Fraud.AntimalwareDoctor
++ Fraud.PCDefender
++ Fraud.PersonalAntiMalwareCenter
++ Fraud.SecureEssentials2010
+ Fraud.Sysguard
+ Lop
+ Win32.Virut.ag

Security Vulnerabilities
+ Microsoft.Windows.RedirectedHosts

Spyware
+ Win32.Spynet.a

Trojan
++ Bredolab.fb
++ Fraud.avi
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.nb
+ Win32.Agent.xwr
+ Win32.Autorun.mbzt
+ Win32.Bifrost
+ Win32.CeeInject
+ Win32.FakeAlert.ttam
++ Win32.OnLineGames.bkrn
++ Win32.OnLineGames.uiwr
++ Win32.OnLineGames.ussu
++ Win32.Prolaco.p
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
++ Win32.vbs
+ Win32.ZBot
+ Win32.ZBot.rtk

Spybot S&D currently has 2111918 fingerprints in 796159 rules for 5250 products.

False Positives Reported This Past Week

Thus-far, no false positives were confirmed for this week, as of the time this article was published.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 24, 2010" »

Posted by Wiz at 4:12 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 17, 2010, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. One updated Internet Worm detection was also added this week.

Additions made on 02/17/2010

Adware
++ DonkeyToolbar

Malware
+ AdRotator
+ Fake.SpywareRemover
++ Fraud.AdvancedDefender
++ Fraud.GuardWWW
+ Fraud.MalwareDefense
++ Fraud.PaladinAntivirus
++ Fraud.SavePcAv
++ Fraud.SecurePcAv
+ Fraud.Sysguard
+ Fraud.SystemSecurity
+ Fraud.VolcanoSecuritySuite
++ Fraud.YourPCProtector
+ Lop
+ Mirar
+ Win32.FraudLoad
+ Win32.TDSS.reg

PUPS (Possibly Unwanted Programs)
++ GameVance.PlaySushi
+ Live-Player

Spyware
++ Win32.Spynet.a

Trojan
+ Supsav.Smss32
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.ado
++ Win32.Agent.svv
++ Win32.Agent.wi
+ Win32.Agent.wu
+ Win32.Autorun.mbzt
+ Win32.FakeAlert.ttam
++ Win32.HareBot.a
++ Win32.OnLineGames.ujug
++ Win32.Rbot.wu
++ Win32.ScreenBlaze
++ Win32.Stinx.h
+ Win32.TDSS.rtk
++ Win32.Virut.w
+ Win32.ZBot

Worm
+ Win32.Allaple.ab

Spybot S&D currently has 2033341 fingerprints in 769409 rules for 5235 products.

False Positives Reported This Past Week

TeaTimer mistakenly detected the "Morpheus Toolbar" in C:\WINDOWS\system32\WBEM\WMIADAP.EXE, during an upgrade of a user's Intel Wireless 3945ABG software from version 10.x to 11.5.x, using the DELL proprietary driver upgrade. Team Spybot offered this solution to the affected user, or others similarly affected by false positives in Teatimer:

If you are running several security software, make sure that only one active protection feature runs at a time. In case you want to deactivate the TeaTimer you can do this in Spybot S&D advanced mode in Tools - Resident.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 17, 2010" »

Posted by Wiz at 4:01 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 10, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 8 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. Two Internet Worm detections were also added this week and another long distance modem dialer.

Additions made on 02/10/2010

Dialer
+ Coulomb Ltd.Content Access Plugin

Malware
++ Fraud.AntimalwareDefender
++ Fraud.KasperskiyAntivir
+ Fraud.PCAntispyware2010
+ Fraud.Sysguard
+ Fraud.XPAntivirus
+ Win32.FraudLoad.edt
++ Win32.Wace.a

PUPS (Possibly Unwanted Programs)
+ Live-Player

Trojan
++ FakeAlert.gx
++ FakeAlert.lv
++ FakeBill.UPS
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Joleee.egx
+ Win32.ZBot

Worm
+ Win32.Allaple.ab
+ Win32.Socks.T

Spybot S&D currently has 1976598 fingerprints in 751278 rules for 5212 products.

False Positives Reported This Past Week

Teatimer had a false positive detection of "DoubleD.DesktopSmiley" in C:\WINDOWS\system32\msiexec.exe. Install the latest definition updates, then stop Teatimer, close it, wait a minute, then restart it. Instructions for restarting Teatimer are in my extended content.

This isn't a false positive, but a business decision that has been reversed. After reviewing the business email practices of VistaPrint, it was removed from HOSTS file IP blocking immunization with the update from the 2010-02-10. People who want to do business with VistaPrint and still use Spybot S&D's full immunization regime can now do so, without manually editing their HOSTS file.

The use of the Windows HOSTS file to block potentially bad IPs and URLS is getting carried to extremes lately. Since Spybot does not alert you when it is responsible for blocking a website via HOSTS entries (to 127.0.0.1), many users are unaware that the program is blocking websites they may wish to visit. If you used to be able to go to some website and after updating Spybot's definitions you find that the page cannot be displayed, it may have been added to the HOSTS blocklist by Spybot updates. You can edit the file manually, in Notepad, or in a HOSTS editor program, or uncheck the option for HOSTS in the Immunization list and reimmunize. That will remove all entries from HOSTS that were added by Spybot S&D.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 10, 2010" »

Posted by Wiz at 1:36 AM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on February 3, 2010, as listed below. 9 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. An Internet Worm detection was also added this week.

Additions made on 02/03/2010

Dialer
+ eGroup.InstantAccess

Malware
+ FakeAlert.gen
++ Fraud.MyPcSecure
++ Fraud.PcSecureNet
++ Fraud.PcsSecure
+ Fraud.WinPCDefender
+ Lop
+ SuperEasySearch
+ Win32.FraudLoad
+ Win32.FraudLoad.edt

Trojan
++ FakeAlert.be
+ FakeAlert.BraveSentry
++ FakeAlert.is
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.wu
++ Win32.DownloaderX.HAV
+ Win32.FakeAlert.ttam
+ Win32.FraudPack
+ Win32.TDSS.clt
+ Win32.Turkojan
++ Win32.Virut.ag
+ Win32.ZBot

Worm
+ Win32.Allaple.ab

Spybot S&D currently has 1948083 fingerprints in 743598 rules for 5207 products.

False Positives Reported This Past Week

No false positives were reported or discussed this past week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Feb 3, 2010" »

Posted by Wiz at 10:50 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 27, 2010, as listed below. 10 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Remarkably, the old threat from ABetterInternet.Aurora has re-entered the Malware and Trojans categories, with new definitions, as their adware is once again being distributed by low-life affiliates.

Additions made on 01/27/2010

Keyloggers
++ Win32.Fung.hi

Malware
+ ABetterInternet.Aurora
++ Fraud.ApcSecure
++ Fraud.ArmorDefender
++ Fraud.DesktopSecurity2010
++ Fraud.ProtectDefender
++ Fraud.ProtectSoldier
++ Fraud.WinSecurity360
+ Smitfraud-C.
+ Win32.FraudLoad
+ Win32.Podnuha.rtk

Trojans
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.cqf
+ Win32.Agent.deot
++ Win32.Agent.dnzl
++ Win32.Agent.msg
++ Win32.Allaple.a1
+ Win32.Allaple.a2
++ Win32.Aurora
+ Win32.CeeInject
+ Win32.FakeAlert.ttam
+ Win32.Turkojan
+ Win32.ZBot

Spybot S&D currently has 1919113 fingerprints in 734138 rules for 5193 products.

False Positives Reported This Past Week

1: Spybot's Teatimer module mistakenly identified today's Java update, to version 6 Update 18, as "Win32.Fraudload." I trust this will be sorted out sometime today or tomorrow. Check for a sudden update to the False Positives definitions until one appears, dated 1/27/2010 or later.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 27, 2010" »

Posted by Wiz at 3:21 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 20 2010, as listed below. 15 new or modified fake security programs (fraudulent anti virus/spyware), and other malware downloads, were added to the "Malware" detections, plus 20 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Additions made on 01/20/2010

Adware
++ Abox
++ Win32.Webdir.c

Malware (contains many fake security programs)
+ AdDestination
++ BPS.PerformanceCenter
+ Fraud.AntiMalwarePro
+ Fraud.AntivirusPro2010
++ Fraud.DefendAPc
++ Fraud.GhostAntivirus
+ Fraud.MalwareDefense
++ Fraud.SysDefender
+ Fraud.Sysguard
+ Fraud.XPPoliceAntivirus
+ Smitfraud-C.
++ Win32.Agent.sw
++ Win32.FakeAlert.ttam
+ Win32.FraudLoad
+ Win32.FraudLoad.edt

Pups (Potentially Unwanted Programs)
+ MyFreezeToolbar

Security
+ Microsoft.Windows.RedirectedHosts

Trojan (These are rootkits, backdoors, Bots and password stealers)
+ Fraud.SystemSecurity
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.alo
++ Win32.Agent.deot
++ Win32.Agent.sys
++ Win32.Agent.Winsts
+ Win32.Agent.ws
++ Win32.Autorun.sd
++ Win32.BHO.ttam
++ Win32.CeeInject
++ Win32.OnLineGames.mfaq
++ Win32.Rbot.ws
++ Win32.Sddrop.A
+ Win32.TDSS.bae
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Win32.ZBot.rtk

Worm
+ Blackmail

Spybot S&D currently has 1868768 fingerprints in 718157 rules for 5183 products.

False Positives Reported

1: TeaTimer identified a MalwareBytes update as Perfect Keylogger and killed the process. This was fixed with today's updates, but, you may have to reinstall Adobe Reader.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 20, 2010" »

Posted by Wiz at 5:47 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 13, 2010, as listed below. 19 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 24 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. And, modem dialers made a reappearance after a long period of inactivity.

Additions made on 01/13/2010

Dialer
+ eGroup.InstantAccess

Malware (contains many fake security programs)
+ BookedSpace
++ FatimaCollage
++ Fraud.AntispywareShield
++ Fraud.AntiVirusPC2009
+ Fraud.AntivirusPlus
+ Fraud.AntivirusXP
++ Fraud.APcDefender
+ Fraud.ControlCenter
++ Fraud.GreatDefender
++ Fraud.GuardPro
++ Fraud.InSysSecure
+ Fraud.MalwareDefense
+ Fraud.MalwareDoctor
+ Fraud.PCAntispyware2010
++ Fraud.PCsProtector
++ Fraud.SecurityCenter
++ Fraud.SpyEraser
++ Fraud.SpySheriff
++ Fraud.SysProtector
++ Fraud.SystemCleanerPro
++ Fraud.TotalPCDefender

PUPS (Potentially Unwanted Programs)
+ DoubleD
++ Softomate.BullseyeToolBar

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator
+ eXact Advertising.BargainsBuddy

Trojan (These are rootkits, backdoors, Bots and password stealers)
+ FakeAlert.cc
+ Supsav.Smss32
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.rar
++ Win32.Agent.rer
+ Win32.Agent.wlo
+ Win32.Bifrost.la
+ Win32.FakeAlert.ttam
++ Win32.FakeAntivir
++ Win32.FraudPack
++ Win32.Livemessn
++ Win32.Multidr-AH
+ Win32.OnLineGames.down
++ Win32.OnLineGames.mfdd
++ Win32.OnLineGames.mfdp
++ Win32.OnLineGames.uveh
+ Win32.Podnuha.rtk
+ Win32.TDSS.bae
+ Win32.TDSS.reg
+ Win32.TDSS.rtk
++ Win32.VB.em
+ Win32.ZBot

Spybot S&D currently has 1842388 fingerprints, in 709074 rules, for 5162 products.

False Positives Reported

In addition to definitions being added there were some false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A Registry Key created by the Group Policy Editor is being detected a malware. The particular change triggering this false positive is enabling "Remove Search From the Start Menu". We await a fix...

2: TeaTimer identified a MalwareBytes update as Perfect Keylogger and killed the process. Standby for more details and a fix.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 13, 2010" »

Posted by Wiz at 12:26 AM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on January 6, 2010, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 12 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:
++ Fraud.APCProtect
++ Fraud.MalwareCrush
+ Fraud.PersonalSecurity
+ Fraud.SecurityTool
+ Fraud.Sysguard
++ Win32.Archivos
++ Win32.Piasolef

PUPS "PUPs" means Potentially Unwanted Programs
++ MyFreezeToolbar
++ MyWay.FrontierBa

Security
+ Microsoft.Windows.RedirectedHosts

Spyware
+ AdRotator

The latest "Trojans" that were added or updated are:
+ Goldun
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.wu
++ Win32.OnLineGames.bgnk
++ Win32.OnLineGames.bkvr
++ Win32.OnLineGames.mfda
++ Win32.OnLineGames.ukzl
++ Win32.OnLineGames.ulfx
+ Win32.ZBot
+ Win32.ZBot.rtk
+ Zlob.Downloader.miu

Spybot S&D currently has 1826889 fingerprints in 703957 rules for 5120 products.

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: "Heuristics" scans detecting various jpg and thumbs.db files as "Fraud.SecurityTool" is a false positive, it was fixed with the detection updates on Jan 6, 2010.

2: A false positive in XYplorer installer, detected as Fraud.SecurityTool, was fixed on 1/6/2010.

3: Spybot S&D, McAfee SiteAdvisor and hpHosts have started to flag http://hazeleger.net and www.hazeleger.net as bad redirected host file entries (in HOSTS immunizations). There may have been a few infected hosts on their services, which seem to have been cleaned up, and one wrongly flagged piece of software called Foxtool. There appears to be no reason to block hazeleger.net, or Foxtool, generally speaking.

4: A false positive detection in the RedCrab calculator, as "Fraud.SecurityTool," was fixed on Jan 6.

5: A false positive detection of 2 files that were flagged as "Fraud.SecurityTool," on a software install CD, in "Dictionary.xml" and "msxml6.msi" was fixed this week.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Jan 6, 2010" »

Posted by Wiz at 5:27 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 30, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections (plus 5 other malware entries), plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:
Fraud.GuardPCs
Fraud.MalwareDefense
Fraud.SecurityTool
Fraud.Sysguard
Fraud.TheDefend
Fraud.VolcanoSecuritySuite
Fraud.XPPoliceAntivirus
Lop, Microsoft.Windows.RedirectedHosts
Win32.Agent.ieu
Win32.Delf.rm
Win32.Fraudload.md
Win32.LisboaAerea

The latest "Trojans" that were added or updated are:
Virtumonde.sci
Virtumonde.sdn
Win32.OnLineGames.bkpf
Win32.OnLineGames.down
Win32.OnLineGames.gjwa
Win32.OnLineGames.mfar
Win32.OnLineGames.mfas
Win32.OnLineGames.mffk
Win32.OnLineGames.mfft
Win32.OnLineGames.ulja
Win32.OnLineGames.ultz
Win32.OnLineGames.ulvo
Win32.OnLineGames.unxp
Win32.ZBot

Spybot S&D currently has 1797852 fingerprints in 694008 rules for 5101 products.

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A false positive detection in the TeaTimer module, flagging "ArcMediaService.exe" as malware, a week ago, was actually fixed on Dec 30, 2009.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Dec 30, 2009" »

Posted by Wiz at 1:47 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 23, 2009, as listed below. 11 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 11 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

The latest new or modified "Malware" category threats are all fake security programs and scans. The names used by Spybot S&D are as follows:

Fraud.AntiTroy, Fraud.MalwareDefense, Fraud.ProtectPCs, Fraud.SafetyAntiSpyware, Fraud.SecurityTool, Fraud.SoftCop, Fraud.SysDefence, Fraud.WindowsEnterpriseDefender, Fraud.XPProtectionCenter, FSonlinescanner and Win32.FraudLoad

The latest "Trojans" that were added or updated are:

Virtumonde.dll, Virtumonde.sci, Virtumonde.sdn, Win32.OnLineGames.mfax, Win32.OnLineGames.mfay, Win32.OnLineGames.mfgb, Win32.OnLineGames.uhbx, Win32.OnLineGames.unal, Win32.OnLineGames.urwo, Win32.ZBot and Zlob.Downloader.anz

False Positives Reported

In addition to definitions being added there were some adjustments that were made to fix false positive detections that can break harmless programs. This week's false positive reports and fixes are as follows:

1: A false positive detection of "Fraud.MalwareDefense" in the video drivers located at "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" and in the Registry key - "HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}" - was fixed on Dec 23, 2009, with a second release of the definition updates.

2: A false positive detection in the TeaTimer module, flagging "ArcMediaService.exe" as malware, was fixed on Dec 23, 2009.

3: A user reported that when performing a right-click scan, using "Heuristics," on a folder containing all images, they were falsely flagged as "Virtumonde.dll" or "Virtumonde.sdn." This is being investigated as a false positive.

For details about how to apply updates correctly and download links for Spybot Search & Destroy, please read my extended content.

Continue reading "Spybot Search & Destroy updates for Dec 23, 2009" »

Posted by Wiz at 1:56 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 16, 2009, as listed below. 14 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 6 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 16, 2009" »

Posted by Wiz at 1:43 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 9, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 3 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are Zbot and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 9, 2009" »

Posted by Wiz at 11:37 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on December 2, 2009, as listed below. 7 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 9 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot Search & Destroy is free for personal use. No subscriptions, no download fees, but, donations are gladly accepted.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Dec 2, 2009" »

Posted by Wiz at 3:59 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 25, 2009, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 15 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans are mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 25, 2009" »

Posted by Wiz at 5:04 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 18, 2009, as listed below. 15 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 18, 2009" »

Posted by Wiz at 3:10 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 11, 2009, as listed below. 16 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 18 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde, Botnet agents and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 11, 2009" »

Posted by Wiz at 3:46 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on November 4, 2009, as listed below. 2 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 14 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list. The new Trojans were mostly of the types Virtumonde and OnlineGames.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Nov 4, 2009" »

Posted by Wiz at 2:13 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on October 28, 2009, as listed below. 14 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 10 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Oct 28, 2009" »

Posted by Wiz at 4:13 PM | Permalink

Spybot Search & Destroy is a free (for personal non-business use) anti-spyware/spyware removal program used by millions of people around the World, to protect their computers from spyware, adware, Trojans and other types of malware. Spybot updates for malware detections are released every Wednesday and this week's updates were released on schedule. If you are using Spybot S&D to protect your computer you should check for updates every Wednesday afternoon and apply all that are available.

Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. The last two week's updates were released on schedule on October 21, 2009, as listed below. 19 new or modified fake security programs (fraudulent anti virus/spyware) were added to the "Malware" detections, plus 30 new or modified Trojans, rootkits and spam bots were added to the "Trojan" list.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

You can also download the latest definition includes file from a clean PC and save them to a removable disk or drive, then install them into the Spybot S&D program while the infected PC is offline. This helps you disinfect a PC that cannot presently get online, or cannot access security websites for updates (because of the Conficker or similar malware), or due to other networking problems. The downloaded definition includes will look for a typical Spybot installation location and will update it instantly, as long as the program is closed during the updating process.

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments.

Continue reading "Spybot Search & Destroy updates for Oct 21, 2009" »

Posted by Wiz at 4:52 PM | Permalink