Wiz's Computer and Website Security Blog

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on July 1, 2009, as listed below. Some new and altered fake security programs were added to the detections, plus several new Trojans, rootkits and modified spam bots.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

Continue reading "Spybot Search and Destroy Definitions Updated on July 1, 2009" »

Posted by Wiz at 9:36 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 24, 2009, as listed below. Lots of new and altered fake security programs were added to the detections, plus several new Virtumonde Trojans and new or modified spam bots.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

Continue reading "Spybot Search and Destroy Definitions Updated on June 24, 2009" »

Posted by Wiz at 10:57 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 17, 2009, as listed below. Some new fake security programs, new Virtumonde Trojans and new or modified bots and rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

Continue reading "Spybot Search and Destroy Definitions Updated on June 17, 2009" »

Posted by Wiz at 1:31 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 10, 2009, as listed below. Some fake security programs, new Virtumonde Trojans and new or modified rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my article titled "How to use Spybot Search & Destroy to fight malware".

The description of the latest definition updates and false positive fixes are in my extended comments below.

Continue reading "Spybot Search and Destroy Definitions Updated on June 10, 2009" »

Posted by Wiz at 2:32 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware and malware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on June 3, 2009, as listed below. Some fake security programs, Botnet executables and rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

Before you update Spybot Search and Destroy make sure you have the latest official version. Older versions are no longer supported and will cause you a lot of grief when you immunize and scan for problems. Only download Spybot S&D from the official website, at: spybot.info, or from its alternate domain: Safer-Networking.org. Fake versions with similar names will rip you off for payment to remove threats, whereas the real Spybot S&D is free (donations gladly accepted).

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my extended comments, along with the description of the latest definition updates and false positive fixes.

Continue reading "Spybot Search and Destroy Definitions Updated on June 3, 2009" »

Posted by Wiz at 11:16 AM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on May 27, 2009, as listed below. Somef fake security programs and rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my extended comments, along with the description of the latest definition updates and false positive fixes.

Continue reading "Spybot Search and Destroy Definitions Updated on May 27, 2009" »

Posted by Wiz at 4:45 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on May 20, 2009, as listed below. A slew of fake security programs and rootkits were added to the latest definitions.

Updating Spybot Search and Destroy

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers. When all updates have succeeded, click on "Exit."

Download links and more instructions about using Spybot Search and Destroy are in my extended comments, along with the description of the latest definition updates and false positive fixes.

Continue reading "Spybot Search and Destroy Definitions Updated on May 20, 2009" »

Posted by Wiz at 1:22 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on May 13, 2009, as listed below. A slew of fake security programs and rootkits were added to the latest definitions.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

Download links and more instructions about using Spybot Search and Destroy are in my extended comments, along with the description of the latest definition updates and false positive fixes.

Continue reading "Spybot Search and Destroy Definitions Updated on May 13, 2009" »

Posted by Wiz at 12:02 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. Malware writers are constantly modifying their programs to evade detection, so anti-malware vendors have to issue regular updates to keep up with the bad guys. New definitions and false positive fixes for Spybot Search and Destroy are usually released every Wednesday. This week's updates were released on schedule on May 6, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. Sometimes, Spybot immunizes against cookies and domains that you may actually want to visit. If you suddenly find you cannot login, or cookies are missing, you can undo the most recent Immunizations, then uncheck the desired items and re-immunize. Websites added to your Windows HOSTS file during immunization will be blocked completely, so you may need to edit that file in Notepad, saving as HOSTS, without any extension, or uncheck it from immunization if your preferred websites are blocked by Spybot S&D.

Download links and more instructions about using Spybot Search and Destroy are in my extended comments, along with the description of the latest definition updates and false positive fixes.

Continue reading "Spybot Search and Destroy Definitions Updated on May 6, 2009" »

Posted by Wiz at 12:58 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on April 22, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. Sometimes, Spybot immunizes against cookies and domains that you may actually want to visit. If you suddenly find you cannot login, or cookies are missing, you can undo the most recent Immunizations, then uncheck the desired items and re-immunize. Websites added to your Windows HOSTS file during immunization will be blocked completely, so you may need to edit that file in Notepad, saving as HOSTS, without any extension, or uncheck it from immunization if your preferred websites are blocked by Spybot S&D.

After immunizing against unwanted items you should click on the Search & Destroy icon, on the left, then click "Check for problems," on the right side. It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also, the TeaTimer module was recently updated to version 1.6.6. If you use the Spybot Tea Timer you may want install this update (as an administrator) (Or maybe not! See notes below concerning false positives in TeaTimer.).

Additions made on April 22, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ CMVideo
+ Fraud.PCHealth
+ Win32.Alman.a

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Bifrost.LA
+ Virtumonde.Dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.TDSS.bae
+ Win32.TDSS.cl
+ Win32.TDSS.dt
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Zlob.DNSChanger
+ Zlob.Downloader
+ Zlob.Downloader.rid

Total: 1594677 fingerprints in 507675 rules for 4619 products.

False positive detections reported or fixed this week:

A false positive detection of Spambot.mib, in Keepass's Plugin KeeForm, has been fixed with this week's updates.

A false positive detection of "Fraud Virus Doctor," by the updated TeaTimer module, has been reported by several people in various files and folders, all of which are confirmed false positives.

I recommend NOT installing the TeaTimer module at this time, unless you are an advanced user! There are just too many false positives since the updated version was released. If you are unsure about the validity of a TeaTimer pop-up alert regarding a process having been terminated, do not select the option to delete the file.

You should send feedback about TeaTimer false positives to Team Spybot, after registering with the Safer-Networiking forum.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the TeaTimer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 4/22/09" »

Posted by Wiz at 4:53 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on April 15, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. Sometimes, Spybot immunizes against cookies and domains that you may actually want to visit. If you suddenly find you cannot login, or cookies are missing, you can undo the most recent Immunizations, then uncheck the desired items and re-immunize. Websites added to your Windows HOSTS file during immunization will be blocked completely, so you may need to edit that file in Notepad, saving as HOSTS, without any extension, or uncheck it from immunization if your preferred websites are blocked by Spybot S&D.

After immunizing against unwanted items you should click on the Search & Destroy icon, on the left, then click "Check for problems," on the right side. It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also, the TeaTimer module was recently updated to version 1.6.6. If you use the Spybot Tea Timer you may want install this update (as an administrator) (Or maybe not! See notes below concerning false positives in TeaTimer.).

Additions made on April 15, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.MalwareDefender2009
+ Fraud.PrivacyCenter
+ Fraud.SpywareRemover2009
+ Fraud.SystemGuard2009
+ Fraud.VirusDoctor
+ Win32.Agent.lta
+ Win32.Buzus.amit

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde.atr
+ Virtumonde.Dll
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.bhi
+ Win32.Agent.boym
+ Win32.Agent.yjl
+ Win32.Dialer.bkm
+ Win32.Parsi.z
+ Win32.PcClient.afun
+ Win32.TDSS.dt
+ Win32.TDSS.gen
+ Win32.TDSS.pe
+ Win32.TDSS.rtk
+ Win32.TDSS.vot
+ Win32.ZBot
+ Zlob.Downloader

Total: 1588012 fingerprints in 505617 rules for 4614 products.

False positive detections reported or fixed this week:

Last week's updates included both Immunization and HOSTS file entries that blocked AdultFriendFinder.com and Cams.com. Both additions were made in error and will be corrected with an upcoming update.

A confirmed false positive detection of Virtumonde.sdn, in the file C:\WINDOWS\system32\toyhide.bmp, was fixed today.

A false positive detection of "Fraud Virus Doctor," by the updated TeaTimer module, has been reported by several people in various files and folders, all of which are confirmed false positives.

I recommend NOT installing the TeaTimer module at this time! There are just too many false positives since the updated version was released. If you are unsure about the validity of a TeaTimer pop-up alert regarding a process having been terminated, do not select the option to delete the file.

You should send feedback about TeaTimer false positives to Team Spybot, after registering with the Safer-Networiking forum.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the TeaTimer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 4/15/09" »

Posted by Wiz at 1:01 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on April 8, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also, the TeaTimer module was recently updated to version 1.6.6. If you use the Spybot Tea Timer you may want install this update (as an administrator) (Or maybe not! See notes below concerning false positives in TeaTimer.).

Additions made on April 8, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ DNSFlush.cws
+ Fraud.AntiSpywarePro
+ Fraud.AntivirusPlus
+ Fraud.SysCleanerPro
+ Fraud.SystemGuard2009
+ Fraud.SystemSecurity
+ Fraud.XPAntivirus
+ Goldun
+ Smitfraud-C.
+ Spambot.mib

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)Spyware
+ Win32.Iksmas.ai

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde.atr
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.pa
+ Win32.Bredolab.B
+ Win32.Buzus
+ Win32.KillAV-KQ
+ Win32.Rbot.fx
+ Win32.TDSS.pe
+ Win32.TDSS.qa
+ Win32.TDSS.rtk
+ Win32.ZBot
+ Zlob.VideoBox

Total: 1560284 fingerprints in 496663 rules for 4610 products

False positive detections reported or fixed this week:

Team Spybot has yet to respond to a reported possible false positive detection of "Royal.Dice.Casino.PT" in C:\Program Files\Java\jre6\bin\jqs.exe.

A false positive detection of "Fraud Virus Doctor," by the updated TeaTimer module, has been reported by several people in various files and folders, all of which are confirmed false positives.

A false positive detection of "PerfectKeylogger," in WD Drive Manager Setup, was confirmed and will be fixed.

There was a confirmed false positive detection of "Italian Frameless" in Microsoft Office OutlookConnector.exe. Disregard this alert and don't let it delete the file.

I recommend NOT installing the TeaTimer module at this time! There are just too many false positives since the updated version was released. If you are unsure about the validity of a TeaTimer pop-up alert regarding a process having been terminated, do not select the option to delete the file.

You should send feedback about TeaTimer false positives to Team Spybot, after registering with the Safer-Networiking forum.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the TeaTimer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 4/8/09" »

Posted by Wiz at 12:17 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on April 1, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also today, the TeaTimer module was updated to version 1.6.6. If you use the Spybot Tea Timer you should install this update (as an administrator) (or maybe not! see notes below.).

Additions made on April 1, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ CMVideo
+ Fraud.Antivirus360
+ Fraud.AntivirusXP
+ Fraud.GeneralAntivirus
+ Fraud.PCHealth
+ Fraud.VirusDoctor
+ Fraud.XPAntivirus
+ WMVideoPlugin
+ Win32.Delf.oc

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ WindowsPerformance

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde.atr
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Tofsee.f
+ Win32.ZBot
+ Zlob.Downloader

Total: 1537030 fingerprints in 488763 rules for 4592 products.

False positive detections reported or fixed this week:

Team Spybot has yet to respond to a reported possible false positive detection of "Royal.Dice.Casino.PT" in C:\Program Files\Java\jre6\bin\jqs.exe.

A false positive detection of "Fraud Virus Doctor" - in c:\hp\kbd\kbd.exe - was confirmed in TeaTimer.

TeaTimer again! False Positive confirmed with Keepass's Plugin KeeForm, labeled as Spambot.mib by TeaTimer

Again, TeaTimer: A false positive was confirmed and fixed for mIRC 6.0.3 reported as IRC.Zapchast.

Another false positive detection by TeaTimer. TSCash in C:\Garmin\Spanner.exe. Fixed with today's updates.

Here's another one: A false positive was reported of "PerfectKeylogger" in C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe.

I recommend NOT installing the TeaTimer module at this time!

There was a confirmed false positive detection of "Italian Frameless" in Microsoft Office OutlookConnector.exe. It is being investigated but cannot be reproduced by Team Spybot.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the TeaTimer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 4/1/09" »

Posted by Wiz at 3:11 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on March 25, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also today, the Tea Timer module was updated to version 1.6.6. If you use the Spybot Tea Timer you should install this update (as an administrator).

Additions made on March 25, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ CMVideo
+ Fraud.Downloader.gen
+ Fraud.MalwareDefender2009
+ Fraud.SystemGuard2009
+ Fraud.TotalAntispyware
+ Spambot.mib

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ GameVance

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Fraud.VirusRemover2009
+ SpambotLoad.cn (Botnet)
+ Virtumonde.sci
+ Virtumonde.sdn
+ Waledac.cn (Botnet)
+ Win32.Koutodoor.aik
+ Win32.Poison.pg
+ Win32.Small.ajbq
+ Win32.Small.NCA
+ Win32.TDSS.rtk (Rootkit)
+ Win32.Virut.bg

Total: 1525689 fingerprints in 484951 rules for 4580 products.

False positive detections reported or fixed this week:

A false positive detection was reported in Tea Timer, of Ardamax, in the Windows System file Cleanmgr.exe. It is being investigated.

There was a confirmed false positive detection of "Italian Frameless" in Microsoft Office OutlookConnector.exe. It is being investigated.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 3/25/09" »

Posted by Wiz at 2:16 AM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. This week's updates were released on schedule on March 18, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also today, the Tea Timer module was updated to version 1.6.6. If you use the Spybot Tea Timer you should install this update (as an administrator).

Additions made on March 18, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.Antivirus2008
+ Fraud.Sysguard
+ Fraud.SystemGuard2009
+ Fraud.SystemSecurity
+ Win32.WiniGuard

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Banload
+ Fraud.AntiSpyware2008XP
+ Fraud.XPShield
+ Virtumonde.atr
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.bm
+ Win32.CPEX.f
+ Win32.Delf.acv
+ Win32.Gobot.y (Botnet)
+ Win32.TDSS.rtk (rootkit)
+ Win32.ZBot (Botnet)

Total: 1478612 fingerprints in 468339 rules for 4570 products.

False positive detections reported or fixed this week:

A false positive detection of Cydoor and Virtumonde has been reported in the updated (1.6.6) Tea Timer module, for the recently updated Adobe Reader 9.1 installer for Adobe Air. The actual file wrongly flagged is Airshareinstaller.exe. It is still being investigated to find out why this happened.

There was a confirmed false positive detection of "MalwareC" in a ComboFix file named swxcacls.exe. ComboFix is a specialized tool used in malware removal forums. It removes malware. This has been fixed with today's F/P updates.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 3/18/09" »

Posted by Wiz at 11:29 AM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. Today's updates were released on schedule on March 11, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Also today, the Tea Timer module was updated to version 1.6.6. If you use the Spybot Tea Timer you should install this update (as an administrator).

Additions made on March 11, 2009:
Adware
+ eZula HotText

Keyloggers
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ CMVideo
+ Fraud.Antivirus2010
+ Fraud.MSAntispyware2009
+ Fraud.SpywareGuard2008
+ Fraud.SystemGuard2009
+ MalwareRemovalBot
+ TotalVirusProtection
+ Vrl32software
+ Win32.Autoit.D
+ WinSpywareProtect
+ XPPoliceAntivirus

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Bredolab.B
+ Win32.Brontok.q
+ Win32.Lost.jau
+ Win32.Mudrop.kt
+ Win32.TDSS.bae
+ Win32.TDSS.rtk (TDSS is a Rootkit)
+ Win32.VB.cb

Total: 1453845 fingerprints in 460163 rules for 4584 products.

False positive detections reported or fixed this week:

Confirmed false positive detection of Mizuphone classed as a casino dialer This was fixed with today's updates.

A confirmed wrong detection of Virtumonde detected in C:\windows\system32\zipfdr.dll is due to users having older versions of Spybot S&D. Please upgrade to the current version, 1.6.2, download the newest definitions and F/F updates, then scan your system. These false positives should be gone (unless you really are infected!).

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 3/11/09" »

Posted by Wiz at 1:22 PM | Permalink

If you use Spybot Search and Destroy to protect your computer against spyware, it is time again to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. Today's updates were released on schedule on March 4, 2009, as listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Additions made on March 4, 2009:

Hijackers
+ Hyperlinker

Keyloggers
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.SystemAntivirus
+ RegistryFox
+ Win32.Agent.pn
+ Win32.Beloy.a

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ QuadRegistryCleaner

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Bagle.dlj
+ Virtumonde.atr
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.fox
+ Win32.Agent.lpb
+ Win32.Agent.mds
+ Win32.Agent.sd
+ Win32.Banload.aoo
+ Win32.Brontok.q
+ Win32.IRCBot.bkr
+ Win32.TDSS.bae (TDSS is a nasty rootkit!)
+ Win32.TDSS.clt
+ Win32.TDSS.dy
+ Win32.TDSS.mlt
+ Win32.TDSS.rtk
+ Win32.TDSS.tit
+ Win32.TDSS.vot
+ Win32.VB.fnk

Total: 1438055 fingerprints in 454664 rules for 4587 products.

False positive detections reported or fixed this week:

Confirmed false positive detection of "Win32.Agent.wls" is being reported as hiding in the registry under PGP encryption software's keys This was fixed with today's updates.

A confirmed wrong detection of Virtumonde detected in C:\windows\system32\zipfdr.dll is due to users having older versions of Spybot S&D. Please upgrade to the current version, 1.6.2, download the newest definitions and F/F updates, then scan your system. These false positives should be gone (unless you really are infected!).

Oh boy! Here we go; get on your hard hats!

Spybot S&D is now flagging installations of McAfee and Trend Micro security software as "PUPs, or Potentially Unwanted Programs (see this forum thread). This was done in retaliation against those companies for requiring their customers to uninstall Spybot while installing their products. Team Spybot has tested its program with both of these security suites, and others, and finds no evidence of any incompatibilities or struggles between them.

If you have purchased McAfee, Symantec, or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 3/4/09" »

Posted by Wiz at 2:38 PM | Permalink

Hey, you! If you use Spybot Search and Destroy to protect your computer against spyware, it is time to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. Today's updates were released on schedule and are listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Additions made on February 25, 2009:

Keyloggers
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.MSAntispyware2009
+ Win32.TDSS.cls
+ Win32.TDSS.rtk

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ MyRegistryCleaner
+ OriginalSolitaire

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ BraveSentry
+ InternetAntivirusPro
+ Virtumonde.atr
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.ark
+ Win32.Agent.fbx
+ Win32.Agent.sd
+ Win32.Anel
+ Win32.Delf.axb
+ Win32.TDSS.alt
+ Win32.TDSS.clt
+ Win32.TDSS.eit
+ Win32.TDSS.flt
+ Win32.TDSS.rtk
+ Win32.TDSS.vlt
+ Win32.VB.qq

Total: 1406313 fingerprints in 444173 rules for 4561 products.

False positive detections reported or fixed this week:

Confirmed false positive detection of "Brontok.Ab" in a user's desktop ini file. This was fixed with today's updates.

A confirmed wrong detection of Virtumonde detected in C:\windows\system32\zipfdr.dll is due to users having older versions of Spybot S&D. Please upgrade to the current version, 1.6.2, download the newest definitions and F/F updates, then scan your system. These false positives should be gone (unless you really are infected!).

Oh boy! Here we go; get on your hard hats!

Spybot S&D is now flagging installations of McAfee and Trend Micro security software as "PUPs, or Potentially Unwanted Programs (see this forum thread). This was done in retaliation against those companies for requiring their customers to uninstall Spybot while installing their products. Team Spybot has tested its program with both of these security suites, and others, and finds no evidence of any incompatibilities or struggles between them.

If you have purchased McAfee or Trend Micro security suites (which are very good products) and they ask you to uninstall Spybot, or do so without your option to refuse, simply reinstall Spybot afterward. But, I recommend not activating the Tea Timer module in Spybot S&D, as this will cause a struggle over which program monitors the system for realtime changes.

Continue reading "Spybot Search and Destroy Definitions Updated on 2/25/2009" »

Posted by Wiz at 3:10 PM | Permalink

Hey, you! If you use Spybot Search and Destroy to protect your computer against spyware, it is time to run your manual updates. New definitions and false positive fixes are usually released every Wednesday. Today's updates were released on schedule and are listed below.

In case you are new to Spybot S&D, there are two ways to update the program and malware definitions. The preferred method (For Windows PCs) is to go to Start > (All) Programs > Spybot - Search & Destroy > Update Spybot - S&D. The independent update box will open. Leave the default options as is, unless you need all languages or want beta definitions, and click on "Search." Another box will open with "mirror" locations around the world where you can download updates. Select a location nearest to you from the list and click on "Continue." Make sure all updates are checked, then click on "Download." If all definitions are verified as being correct the check marks will disappear from the check boxes and be replaced with green arrow graphics. However, sometimes one or more mirror locations have not updated all of the definitions and you will get a red X for those definitions. Click on Go Back, select a different mirror, and try again. I have consistent success using Giganet or the Safer-Networking servers.

When all updates have succeeded, click on "Exit." With the program updated it is time to open the main program interface, using either the Start Menu link, or a desktop icon, to launch Spybot Search and Destroy. The next item to take care of is to apply Immunization. Click on the Immunize button in the left sidebar, select everything you want, or uncheck things like cookies, or Hosts, or Domains, as you see fit, then click on Immunize button over the right panel, that has a green cross. After immunizing against unwanted items you should click on the Search &Destroy icon, on the left, then click "Check for problems," on the right side.

It will take several minutes, or longer to scan all your files for known threats, and possible threats, using heuristics, unless you disable heuristics in the program's main Advanced Mode > Settings. When the scan completes anything listed in the definition databases will be listed in the results window, with check boxes in front of each main item group. If you find the program has listed some cookies or other programs you use and trust, uncheck them, click on the item name and the right click and select "Exclude this product from further searches." Finally, click on "Fix (selected) Problems."

Spybot Search and Destroy 1.6.2 was released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Additions made on February 18, 2009:

Keyloggers
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ Smitfraud-C.
+ Win32.Bomka.r
+ Win32.Constructor.DOS.Vkit
+ Win32.Flooder


Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.fox
+ Win32.Agent.frl
+ Win32.Agent.ju
+ Win32.Asprox (Botnet)
+ Win32.TDSS.rtk
+ Win32.VB.qu
+ Zlob.Downloader.suo
+ Zlob.Downloader.vet
+ Zlob.Downloader.vot
+ Zlob.VideoCompressionCodec

Total: 1343105 fingerprints in 384000 rules for 4559 products.

False positive detections reported or fixed this week:

Nothing new to report at this time, except that after ongoing dialogs, SpywareCease still remains classified as malware, by Spybot S&D. This may change in the future, but for now that program is treated as unwanted software.

Read my extended comments for more details about using Spybot S&D and for program development announcements.

Continue reading "Spybot Search and Destroy Definitions Updated on 2/18/2009" »

Posted by Wiz at 6:00 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6.2 was just released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. A preview of Spybot 2.0 will also be available as soon as servers have adjusted to the additional 1.6.2 release load. Version updates are discussed in my extended comments.

Additions made on February 11, 2009:

Hijackers
+ MyPoints

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ RapidAntivirus
+ Smitfraud-C.
+ Win32.TDSS.rtk
+ WinSpywareProtect
+ XPPoliceAntivirus

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ Live-Player
+ MyWay.MyWebSearch

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ KillAV
+ Speedrunner
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
+ Webshow
+ Win32.Agent.aiae
+ Win32.Agent.bakf
+ Win32.Agent.fbx
+ Win32.Bagle.av
+ Win32.Clicker.vp
+ Win32.Rbot.fx
+ Win32.Renos.ik
+ Zlob.Downloader.miu
+ Zlob.Downloader.ned
+ Zlob.Downloader.pit

Total: 1332704 fingerprints in 381260 rules for 4550 products.

The domain "Spywareinfo.com" was recently added to the HOSTS file updates (for redirection to 127.0.0.1), because the domain name expired and was purchased by spammers or malware distributers, in December 2008. It is now advertising a fake Spybot Search & Destroy, fake security scans and various malware downloads. The new Spywareinfo malware removal forum is located at: http://www.spywareinfoforum.com/

Note for Firefox users who saved links to the old spywareinfo website:
It has recently (Feb/09) been reported that in some versions of Spybot S&D, on some operating systems, if you have a link to the old spywareinfo website, now owned by purveyors of fake anti spyware products and scanners, "fixing" it will erase your entire Bookmarks.html file. This is being looked into right now and hopefully will be fixed real soon. In the meantime, if you use Firefox as your browser (which stores Favorite places as "Bookmarks") and after running a scan Spybot lists an infected bookmark with Spywareinfo as the culprit, uncheck that entry before fixing any other problems. You can manually edit your Firefox Bookmarks to remove the link to that website, or any similar compromised website.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July 2008. Older versions of Spybot are no longer being updated and cannot deal with many of the new malware definitions and removal routines.

False positive detections reported or fixed this week:

A confirmed false positive was reported and fixed this week regarding the blocked domain myvnc.com. It was removed from the Restricted Sites Zone on Feb 11, 2009, in the optional "F/P" update.

A HOSTS file DSN block on the domain redtube.com was removed on September 17, 2008, but some users have not re-immunized their Spybot databases and that website is still blocked for them. Update your definitions, including new "immunizations," then use the "Immunize" button to apply the changes. Immunizing both adds and removes entries, as new threats are discovered or old threats are resolved (bad sites sometimes turn into good sites, or remove questionable downloads or links to malware).

Friendly advice:
Stop using Heuristics scans for now. There are too many false positives with this type of scan. You can rely upon the definitions scans a lot more than Heuristics.

"The default scan with Spybot S&D is more accurate and recommended over the single file scanner. Especially the heuristics part of the single file scanner is prone to false positives."

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 2/11/2009" »

Posted by Wiz at 1:47 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6.2 was just released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. A preview of Spybot 2.0 will also be available as soon as servers have adjusted to the additional 1.6.2 release load. Version updates are discussed in my extended comments.

Additions made on February 4, 2009:

Keyloggers
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Banload
+ CMVideo
+ MalwareBot
+ RegSweep
+ Smitfraud-C.gp
+ TotalProtect2009
+ Win32.AutoRun.ey

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ Go-Astro

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ NeoControlRed
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.bhcs
+ Win32.Agent.fbx
+ Win32.Bitar.a
+ Win32.ControlTotal.l
+ Win32.FraudLoad.cxj
+ Win32.Tibia.ci
+ Zlob.DNSChanger.Rtk
+ Zlob.Downloader.bit
+ Zlob.Downloader.ger

Total: 1317330 fingerprints in 376606 rules for 4544 products.

The domain "Spywareinfo.com" was recently added to the HOSTS file updates (for redirection to 127.0.0.1), because the domain name expired and was purchased by spammers or malware distributers, in December 2008. It is now advertising a fake Spybot Search & Destroy, fake security scans and various malware downloads. The new Spywareinfo malware removal forum is located at: http://www.spywareinfoforum.com/

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July 2008. Older versions of Spybot are no longer being updated and cannot deal with many of the new malware definitions and removal routines.

False positive detections reported or fixed this week:

Confirmed False heuristics hit on Symantec file nppbho.dll showing virtumonde. Fixed with today's updates.

Confirmed F/P Virtumonde.SCI detected on NAV Helper BHO. Fixed with today's updates.

Brontok.Ab in a Windows desktop ini file is under investigation right now, but is probably a F/P.

Stop using Heuristics scans for now. There are too many false positives with this type of scan. You can rely upon the definitions scans a lot more than Heuristics.

"The default scan with Spybot S&D is more accurate and recommended over the single file scanner. Especially the heuristics part of the single file scanner is prone to false positives."

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 2/4/2009" »

Posted by Wiz at 5:39 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6.2 was just released on January 26, 2009. This is probably going to be the last "maintenance release" before version 2.0 is released. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6.2. The newest Virtumonde and Zlob threats require the anti malware engine in Spybot 1.6+ to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on January 28, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
++ Fraud.ISafeAntivirus
++ Fraud.MyFasterPC
+ Fraud.SpyProtector
+ Fraud.SpywareGuard2008
+ Rogue.IEAntivirus
++ Rogue.WinAntivir2008
+ SpywareQuake
++ Win32.Agent.zbr
+ Win32.Banker
+ WinWebSecurity

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
++ HotTV

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde
+ Virtumonde.Dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.cyt
+ Win32.Agent.fbx
++ Win32.Agent.wls
++ Win32.Iksmas.ai
++ Win32.Lager.bi
++ Win32.SdBot.ays
+ Zlob.DNSChanger
+ Zlob.Downloader
+ Zlob.Downloader.jot
++ Zlob.Downloader.rut
+ Zlob.Downloader.tfr
++ Zlob.RouterChanger

Total: 1307319 fingerprints in 373362 rules for 4544 products.

The domain "Spywareinfo.com" was recently added to the HOSTS file updates (for redirection to 127.0.0.1), because the domain name expired and was purchased by spammers or malware distributers, in December 2008. It is now advertising a fake Spybot Search & Destroy, fake security scans and various malware downloads. The new Spywareinfo malware removal forum is located at: http://www.spywareinfoforum.com/

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July 2008. Older versions of Spybot are no longer being updated and cannot deal with many of the new malware definitions and removal routines.

False positive detections reported or fixed this week:

There were no new false positives confirmed or fixed this week.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 1/28/2009" »

Posted by Wiz at 10:51 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on January 21, 2009:

Adware
+ Win32.TrafficSol.c

Keyloggers
+ SCKeylogger
++ Win32.Keylogger.s

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ AntiSpamBastion
++ AstrumAntivirusPro
++ Fraud.eAntiSpy
+ Fraud.XPAntivirus
+ Win32.AOLPass.i

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ EuroGrand.Casino.PT

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.agent.jr
++ Win32.Banbra.hp
+ Win32.Iksmas.ai
+ Win32.Small.ay
++ Win32.Tibia.ci
++ Win32.VB.df
++ Win32.Xorer.dr
+ Zlob.DNSChanger
+ Zlob.Downloader
+ Zlob.Downloader.vet
+ Zlob.Downloader.wot
+ Zlob.VideoActiveXObject
+ Zlob.VideoCodec2007
+ Zlob.VideoKeyCodec

Total: 1278173 fingerprints in 365193 rules for 4531 products.

My entry for last week's definitions update went to the bitbucket due to the failure of my server, which had to be restored from a backup from a previous date. So, here are the Spybot S&D updates from January 14, 2009:

Malware
+ AdDestination + Fraud.AntiVirusTrigger + Fraud.PCHealth ++ Fraud.UltraAntivirus2009 ++ InternetAntivirusPro + RapidAntivirus ++ SpywareCease + Vcodec

Trojan
+ Virtumonde + Virtumonde.sci + Virtumonde.sdn ++ Win32.Banker.xe + Zlob.Downloader.miu

The domain "Spywareinfo.com" was recently added to the HOSTS file updates (for redirection to 127.0.0.1), because the domain name expired and was purchased by spammers or malware distributers, in December 2008. It is now advertising a fake Spybot Search & Destroy, fake security scans and various malware downloads. The new Spywareinfo malware removal forum is located at: http://www.spywareinfoforum.com/

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July 2008. Older versions of Spybot are no longer being updated and cannot deal with many of the new malware definitions and removal routines.

False positive detections reported or fixed this week:

There was a confirmed false positive heuristic detection of virtumonde.sdn in c:\windows\system32\ackpbsc.dll. This was first fixed on Jan 14, 2009, then again on January 21, 2009. The file is legitimate and is used by the built in camera on some HP laptop computers.

A confirmed false positive in Avira Premium Security Suite Firewall detected as Win32.Delf.qmw was fixed on Jan 14, 2009.

Finally, two confirmed false positives detected on the E-Sword CD were fixed with today's updates.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 1/21/2009" »

Posted by Wiz at 9:50 AM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on January 7, 2009:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.SpywareGuard2008
+ Smitfraud-C.
+ Win32.Bomka.r

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ MyWay.MyWebSearch

Spyware
+ WebCompass.Searchbar

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ IRC.crt
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Delf.qmw
+ Zlob.Downloader

Total: 1320313 fingerprints in 372884 rules for 4518 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July 2008. Older versions of Spybot are no longer being updated and cannot deal with many of the new malware definitions and removal routines.

False positive detections reported or fixed this week:

There is a confirmed false positive heuristic detection of "Win32.Sober" in the "conhost.exe" in beta versions of Windows 7. It will be fixed soon.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 1/7/2009" »

Posted by Wiz at 10:38 AM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on December 30, 2008:

Adware
++ IThink.SideSearch

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
++ Avrlabs
++ Fraud.Antivirus360
++ Fraud.WinDefender2009
+ IEDefender
+ SpywareBot.SpywareStop
+ Smitfraud-C.
+ Win32.TDSS.rtk
++ WinWebSecurity
+ WinSpywareProtect
++ WMVideoPlugin

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
++ Fraud.AntiVirusTrigger
++ ISearchTechnology.WinButler
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.IEMon
+ Win32.Delf.oko
++ Win32.Agent.pi
++ Win32.Agent.sp
++ Win32.Agent.adb
++ Win32.Agent.fkl
++ Win32.Bankobao.b
+ Win32.Rungbu.a

Total: 1306995 fingerprints in 369046 rules for 4518 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July this year, to 369046 detection patterns in this weeks update!

False positive detections reported or fixed this week:

There is a confirmed false positive heuristic detection of "Darkonia" in zlib1.dll. This file is part of the external libraries required for Notepad++'s XML Tools. It has been fixed in the latest updates.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 12/30/2008" »

Posted by Wiz at 3:48 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on December 23, 2008:

Adware
++ Win32.Toolbar.World2

Hijackers
+ PrimeSoft.SafeSearch

Keyloggers (Keyloggers steal your typed logins and passwords)
+ PerfectKeylogger (2)
++ Redneck

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ BPS.Gen
++ BPSAntiSpywareGuard
++ BPSMalwareGuard
++ ExtraAntivir
+ FakeAlert.cc
+ FakeBill.CourtCologne
+ Fraud.AntivirusTrigger
++ Fraud.PerfectDefender
+ Fraud.VirusTrigger
++ NanoAntivirus
+ SaferSurfing
+ Smitfraud-C.
++ Win32.Agent.hc
+ Win32.Renos

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
++ Fake.HTML.BHO
+ Fraud.AntiVirusTrigger
++ GFailure.Girlfriend135
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.arnx
+ Win32.Brontok.q
++ Win32.Delf.cof
++ Win32.Hider.i
+ Win32.Rays
+ Win32.TDSS.rtk
++ Win32.Tibia.dd
+ Zlob.Downloader
+ Zlob.Downloader.ol
+ Zlob.Downloader.vot
+ Zlob.Downloader.wot
+ Zlob.MovieCommander

Total: 1298391 fingerprints in 366315 rules for 4505 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July this year, to 347101 detection patterns in this weeks update!

False positive detections reported or fixed this week:

None reported this week!

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 12/23/2008" »

Posted by Wiz at 12:36 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on December 17, 2008:

Hijackers
+ ISearchToolbar

Keyloggers (Keyloggers steal your typed logins and passwords)
+ ActMon-Pro
+ Ardamax

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AntiSpywareMaster
+ Fraud.PCProtectionCenter2008
+ FakeAlert.CC
+ Fraud.AntiVirusLab2009
+ Win32.PoisonIvy.j

Security
+ Microsoft.Windows.AppFirewallBypass
+ Microsoft.Windows.RedirectedHosts

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
++ PartnerBHO
++ RKdrv.rtk
+ Smitfraud-C.gp
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.amwr
+ Win32.Agent.bxh
+ Win32.Agent.pz
+ Win32.Agent.sd
++ Win32.Banload.ihm
++ Win32.CeeInject.Ik
++ Win32.Ciadoor.cj
++ Win32.Delf.oko
++ Win32.Poison.cpb
+ Win32.RAdmin
+ Zlob.Downloader
+ Zlob.Downloader.apl

Worm
++ VBS.LoveLetter.aq2 (2)

Total: 1212991 fingerprints in 347101 rules for 4491 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July this year, to 347101 detection patterns in this weeks update!

False positive detections reported or fixed this week:

There was a false positive report "WMDrive.sys" with Smitfraud-C, in c:\windows\system32\drivers\WMDrive.sys (189,952 bytes). This was fixed in today's F/P update.

There was a false positive detection of Smitfraud.C confirmed in a Zoom Modem file named "country.exe." This was fixed in today's F/P update.

There is a confirmed False Positive "Heuristic" detection of "Accoona" in several unwise.exe uninstaller files. It was fixed with today's F/P update.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 12/17/2008" »

Posted by Wiz at 8:20 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on December 10, 2008:

Adware
+ Win32.TrafficSol.c

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ AlphaWipe2008
+ AntiSpywareMaster
++ Fraud.AntiMalwareGuard
++ Fraud.AntiVirusSentry
++ Fraud.PersonalDefender
++ Fraud.SpyProtector
++ Fraud.SpywareGuard2008
++ Fraud.VirusTrigger (4)
++ Fraud.WinDefender (5)
+ IEDefender
+ Smitfraud-C.
+ Smitfraud-C.MSVPS
++ TracksFree
++ Win32.Adload.db
+ Win32.VB.ck
+ Zlob.Downloader

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
++ AdAtoms.MyCentria
+ MyWay.MySearch

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ MegaUploadToolbar

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
++ Dropper.Agent.apfv
+ Refpron
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.amwr
+ Win32.Agent.ark
++ Win32.Agent.clk
+ Win32.Agent.xv
+ Win32.Autoit
++ Win32.AutoRun.dfs
++ Win32.AutoRun.va
+ Win32.Bagle.A
+ Win32.Bagle.E
+ Win32.Bagle.F
+ Win32.Bagle.G
+ Win32.Bagle.H
+ Win32.Brontok (2)
+ Win32.Delf.rtk
++ Win32.GrayBird.aj
++ Win32.Hidden.RTK
+ Win32.TDSS.rtk
+ Zlob.Downloader.sit

Total: 1208743 fingerprints in 345764 rules for 4472 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July this year, to 345,764 detection patterns in this weeks update!

False positive detections reported or fixed this week:

There was a confirmed false positive heuristic only detection of "Win32.ActiveKeyLogger" in a common, legitimate uninstaller file named, "Unwise.exe." Normal scans show the file is clean. This was fixed in today's updates.

A False Positive detection of Beast False Positive in the file extension .bst was fixed today.

A False positive detection of Sumom.a was fixed today. The file containing it was the AltNet adware component of Kazaa.

There is a confirmed False Positive "Heuristic" detection of "Accoona" in several unwise.exe uninstaller files. It will be fixed with later updates.

A False Positive has been confirmed in the following: Win32.Agent.bzs: C:\WINDOWS\system32\userinit.exe. It has been fixed in today's F/P update.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 12/10/2008" »

Posted by Wiz at 1:05 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced. Version updates are discussed in my extended comments.

Additions made on December 3, 2008:

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ FakeAlert.cc
+ Fraud.VirusResponseLab2009
+ Fraud.AntiVirusLab2009
+ Fraud.XPAntivirus
+ Fraud.Antivirus2008
+ IEDefender
+ Smitfraud-C.
++ SpywareGuard2008
+ WinSpywareProtect

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
++ Keenfinder
+ MyWay.MySearch
++ StaffCop

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ GSearchTB.QuickAccessToolbar

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm! Many of these Trojans are Botnet infections, backdoors and Rootkits.)
+ BackOrifice2k
++ NVideoSupport
+ Pigeon
+ Smitfraud-C.MSVPS
++ Tsearch.msn
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.amwr
+ Win32.Agent.ll
++ Win32.Agent.bzs (2)
++ Win32.Agent.cid
++ Win32.Agent.cso
+ Win32.Agent.sd
++ Win32.AutoRun.abt (2)
+ Win32.Bandok
+ Win32.Brontok
++ Win32.Brontok.ab
++ Win32.Drefir.a
+ Win32.Exchanger.ch
++ Win32.Hidden.RTK
++ Win32.KeySave
+ Win32.TDSS.rtk
+ Win32.Webdir.b
++ Wot32

Total: 1199581 fingerprints in 343003 rules for 4445 products.

In case you have noticed a slowdown in the scan times over the past few months, it's because the number of detection patterns used to detect malware has doubled since the release of Spybot S&D v1.6, in July this year, to 343,003 detection patterns in this weeks update!

False positive detections reported or fixed this week:

There was a confirmed false positive heuristic only detection of "Win32.ActiveKeyLogger" in a common, legitimate uninstaller file named, "Unwise.exe." Normal scans show the file is clean. This will fixed in later updates, possibly tomorrow, or next week. In the meantime, if you run a heuristic scan of a folder and Spybot flags unwise.exe - it may be a false positive, so don't quarantine the file. Do scan the director or file with your anti virus scanner, or an online virus scanner. If you allow files with this name to be deleted and they were not in fact hostile, you will be unable to uninstall that program later on.

Several other possible false positives are currently under review. Sometimes a F/P update is released out of cycle, so check back over the next few days for additional definition updates for Spybot S&D.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 12/3/2008" »

Posted by Wiz at 5:35 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced.

Additions made on November 26, 2008:

Adware
++ Win32.BHO.hxp

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ Fraud.AntiSpywareXP
+ Smitfraud-C.

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ FunWebProducts + MyWay.MyWebSearch + WildTangent

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Beast
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.amwr
++ Win32.Agent.amyy
++ Win32.Agent.ddl
++ Win32.Agent.gpr
++ Win32.Agent.ik
++ Win32.AutoRun.AW
++ Win32.AutoRun.im
++ Win32.AutoRun.Malas
+ Win32.Bagle.A
+ Win32.Bagle.C
+ Win32.Bagle.F
+ Win32.Bagle.G
+ Win32.Bagle.H
+ Win32.Brontok.q
+ Win32.Exchanger.ch
++ Win32.HermanAgent
++ Win32.Omega.aik
++ Win32.RA.51122
+ Zlob.DNSChanger
+ Zlob.Downloader
++ ZombieRat

Total: 1193059 fingerprints in 340806 rules for 4414 products.

There is a big increase in the number of Trojans added to the detections database, with the November 26 updates. These programs do not come in peace and they do mean you harm! Please update your definitions, then apply all immunizations to all of your user accounts on your PC.

False positive detections reported or fixed this week:

There was a confirmed false positive detection of "MailSkinner.rtk" in 4 Registry keys (OutlookAddin.Addin), plus files in some BlueTooth program folders, and in the Kaspersky anti spam toolbar for Microsoft Outlook. This was fixed in today's updates.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 11/26/2008" »

Posted by Wiz at 2:25 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced.

Additions made on November 19, 2008:

Adware
+ Win32.TrafficSol.c

Hijackers
++ Win32.Startpage.nil

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax
+ SCKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ CarpeDiem Vars
+ Fraud.XPAntivirus
++ Gool
++ MadInjection.rtk
+ PornBHO.ru
+ Smitfraud-C.
+ Win32.Renos
+ Win32.Small.buy

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Facegame
++ Fake.Javacore
+ IRC.Zapchast
+ PWS.Small.bs
++ Speedrunner
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Webtools.tCPV6
++ Win32.Agent.di
++ Win32.Agent.hk
++ Win32.Agent.ll
++ Win32.Agent.sd
++ Win32.Agent.yvr
++ Win32.AutoRun.SilentSoftech
+ Win32.Bagle.AV
++ Win32.Delf.hj
++ Win32.Delf.kp
+ Win32.Exchanger.ch
++ Win32.LdPinch.adk
++ Win32.Mailbot.dc
++ Win32.Renos.au
+ Win32.Small.rc
+ Zlob.Downloader
++ Zlob.Downloader.eit
++ Zlob.Downloader.ger
++ Zlob.Downloader.miu
++ Zlob.Downloader.rot
++ Zlob.Downloader.sit
++ Zlob.Downloader.swo

Total: 1187003 fingerprints in 338944 rules for 4407 products.

There is a big increase in the number of Trojans added to the detections database, with the November 19 updates. These programs do not come in peace and they do mean you harm! Please update your definitions, then apply all immunizations to all of your user accounts on your PC.

False positive detections reported or fixed this week:

There was a confirmed false positive detection of "Spybouncer" in empty zip files. This was fixed in today's updates.

There was a confirmed false positive detection of "win32.anilogo.i" in a file named Domino.exe, which is a legit file used by a usb camera. This was fixed in today's updates.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 11/19/2008" »

Posted by Wiz at 11:14 AM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced.

Additions made on November 12, 2008:

Adware
++ PlayMP3z

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Keylogger-Pro
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ ErrorClean
+ Fraud.XPAntivirus
+ Smitfraud-C.
++ Win32.KillFiles.ip
+ ZenoSearch

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
+ FunWebProducts
+ MyWay.MyWebSearch

Spyware
++ SuperYahooMessengerArchiveDecoder
++ Win32.Outlooker

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Smitfraud-C.MSVPS
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Brontok
++ Win32.Delf.NKB
++ Win32.OnLineGames.dr
++ Win32.TDSS.rtk
+ Zlob.Downloader
+ Zlob.Downloader.ger

Total: 1096518 fingerprints in 293830 rules for 4396 products.

False positive detections reported or fixed this week:

Confirmed false positive detection of "Spyware Cease" as "Malware." This was fixed in today's updates. The program is not a threat at all.

There were reported false positives of a Vitumonde.sdn infection within C:\Windows\system32\ptipbmf.dll and also in c:\windows\system32\psqlpwd.dll. These were fixed with today's F/P optional updates.

If you wish to report or discuss a possible false positive detection by Spybot S&D, please read this first.

Continue reading "Spybot Search and Destroy Definitions Updated on 11/12/2008" »

Posted by Wiz at 6:12 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced.

Additions made on November 5, 2008:

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AntiSpyCheck
+ AntiSpywareMaster
+ Fake.MSAntivirus
+ FakeAlert.cc
++ FakeBill.CourtCologne
+ Fraud.Antivirus2008
++ Fraud.AntiVirusLab2009
+ Fraud.PC-Antispy
+ Fraud.PCHealth
++ Fraud.PCProtectionCenter2008
++ Fraud.PowerAntivirus
+ Fraud.SystemAntivirus
++ Fraud.VirusResponseLab2009
+ Fraud.XPAntivirus
+ MicroAntivirus
+ PCCleanPro
++ RapidAntivirus
+ Smitfraud-C.
+ Smitfraud-C.gp
+ SpywareBOT
++ SpywareCease
+ UltimateAntivirus2008
+ VistaAntivirus2008
++ Win32.mIRC.603
++ Win32.VB.dn
+ Win32.Renos
+ XPSecurityCenter
+ YourWebSafe

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
++ Joke.Password
++ MSNFlood
+ FunWebProducts
+ MyWay.MyWebSearch
+ WildTangent

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ Facegame
+ Hupigon
+ Netbus
++ PoisonIvy
++ Rbot.XXY
+ RS32UPS.ru
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.aec
++ Win32.Agent.aiae
++ Win32.Agent.jg
+ Win32.Agent.alo
++ Win32.Agent.nmy
++ Win32.Agent.wf
++ Win32.Anilogo.i
+ Win32.Autoit.p
++ Win32.BHO.gok
+ Win32.BHO.je
++ Win32.Delf.phh
++ Win32.DNSChanger.axi
++ Win32.Drefir.e
++ Win32.Pakes.kso
++ Win32.Rbot.vd
++ Win32.Rbot.viy
+ Win32.SdBot.aad
++ Win32.VB.bco
+ Zlob.Downloader
+ Zlob.Downloader.bit

Total: 861687 fingerprints in 264737 rules for 4396 products.

False positive detections reported or fixed this week:

There is a confirmed false positive detection of Virtumonde.sdn: [SBI $68FD4395] Library (File, nothing done), in C:\WINDOWS\system32\tphklock.dll. This was fixed with this week's F/P optional updates.

A customer ran the "right-click Spybot scan" in explorer over Symantec Ghost Solution Suite v2.5 and SpybotSD 1.6.0.30 with detection updates from October 15 through 29, 2008 reported that one file "gdiplus.dll" contained "Caishow" under the "Heuristics" section. This is a false positive that is fixed with this week's F/P updates.

There is a discussion underway between Frank Bauer, Co-owner of ViralURL.com, and Team Spybot, regarding the blacklisting of his website, which is in Spybot's HOSTS file immunizations. At this point the URL remains blacklisted. If this changes I will so inform you. If you have business with that website, and use Spybot S&D, you will have to manually remove its entry from your HOSTS file.

Continue reading "Spybot Search and Destroy Definitions Updated on 11/5/2008" »

Posted by Wiz at 1:49 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Work is progressing rapidly on the upcoming version 2.0, of Spybot Search and Destroy. Stay tuned for more details as they are announced.

Additions made on October 29, 2008:

Hijackers
+ MT-Dials

Keyloggers (Keyloggers steal your typed logins and passwords)
++ LightLogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AdDestination
+ AntispywareProXP
+ Fraud.PCHealth
++ Fraud.SystemAntivirus
+ Fraud.XPAntivirus
+ MicroAntivirus
+ Smitfraud-C.
+ Win32.Agent.cmn

PUPS (Possibly UnPopular Software or Potentially Unwanted Program)
++ WGDTEAM.GoldCashHack

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Network Essentials.Hopper
+ RS32UPS.ru
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.agee
+ Win32.Agent.frl
+ Win32.Brontok.q
++ Win32.Delf.gycn
+ Win32.Exchanger.ch
++ Win32.Small.Ybe
++ Win32.VB.ayo
++ Win32.VB.bg
++ Win32.VB.bj
+ Zlob.Downloader
+ Zlob.Downloader.wet

Total: 944259 fingerprints in 242323 rules for 4324 products.

False positive detections reported or fixed this week:

There were no false positives reported this week.

Continue reading "Spybot Search and Destroy Definitions Updated on 10/29/2008" »

Posted by Wiz at 1:30 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on October 22, 2008:

Adware
+ AdDestination
++ Win32.SmartPops.c

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Command Service
+ MicroAntivirus
++ PornBHO.ru
+ Smitfraud-C.
+ SpywareBOT.SpywareStop
++ TotalSecure2009
+ Win32.Renos
++ UltimateSpyKiller

PUPS (Possibly Unpopular Software or Unwanted Programs)
++ Joke.BadGame
++ Joke.Train
+ MyWay.MyWebSearch
+ Network Monitor
++ Sleepy

Security
+ Microsoft.Windows.AppFirewallBypass
++ Microsoft.Windows.Comfile.HideExtension

Spyware
+ webHancer
++ Spy-net

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ IRC.crt
++ OIN.Analytics
++ RS32UPS.ru
++ SysVenFakP
+ Virtumonde
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.aach
+ Win32.Agent.ark
++ Win32.AutoRun.dcw
++ Win32.AutoRun.diq
++ Win32.Delf.aam
++ Win32.Delf.ake
++ Win32.Delf.yj
+ Win32.Delf.zq
+ Win32.Exchanger.ch
++ Win32.MSN.Autoruner
+ Win32.Mutant.yf
++ Win32.Qhost.aei
++ Win32.SDBot.wus
+ Win32.Small.buy
++ Win32.VB.as
++ Win32.XPACK.Gen
+ Zlob.Downloader
+ Zlob.HQCodec

Total: 1152094 fingerprints in 286970 rules for 4336 products.

False positive detections reported or fixed this week:

One reader reported a false positive detection of "Caishow" in the Windows system file "gdiplus.dll," under the "Heuristics" section. This is a confirmed FP that has been fixed this week.

Again, some users of version 1.4 of Spybot S&D are reporting various false positives. Those folks have been advised to upgrade to the current version, 1.6.0.30, which eliminates those false positives. If you have any version older then 1.6 you should remove all immunizations and uninstall the product, then download the current version and install/update it.

Continue reading "Spybot Search and Destroy Definitions Updated on 10/22/2008" »

Posted by Wiz at 12:24 AM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on October 15, 2008:

Adware
+ AdDestination
+ Winzix

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax (2)

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.SmartAntiVirus2009 (2)
+ Smitfraud-C.
+ Swizzor
++ TotalSecure2009 (2)

PUPS (Possibly Unpopular Software or Unwanted Programs)
++ SniffPass

Spyware
+ CommonName

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Bifrose.LA
+ Refpron (2)
+ Virtumonde.sdn
+ Win32.Agent.cmn
+ Win32.Agent.wo
++ Win32.Bifrose.zxe
+ Win32.Exchanger.ch
+ Win32.Small.axy
+ Win32.Sohanad.as
++ Win32.VB.atg
++ Win32.VB.bda
++ Win32.WPA_Kill.AK
+ Zlob.Downloader
+ Zlob.Downloader.vdt
+ Zlob.Downloader.wet

Total: 1148843 fingerprints in 286076 rules for 4310 products.

False positive detections reported or fixed this week:
None reported as of today.

Continue reading "Spybot Search and Destroy Definitions Updated on 10/15/2008" »

Posted by Wiz at 1:26 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on October 8, 2008:

Adware
++ InternetGameBox

Hijackers
+ MediaTickets

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Fraud.PCHealth
++ MicroAntivirus
+ Smitfraud-C.

PUPS (Possibly Unpopular Software or Unwanted Programs)
++ FuckMailBomber

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ Refpron
+ Virtumonde
+ Virtumonde.sdn
++ Win32.Agent.fbx
+ Win32.Agent.JH
++ Win32.Bifrose.boa
+ Win32.Buzus.jqw
++ Win32.Buzus.ytg
++ Win32.Delf.abk
++ Win32.Ikmet.c
++ Win32.MataAVG
+ Win32.Small.fb
+ Win32.Sohanad.as
++ Win32.Virut.q
+ Zlob.DNSChanger
+ Zlob.DNSChanger.rtk
++ Zlob.Downloader.bit

Total: 1147480 fingerprints in 285772 rules for 4296 products.

False positive detections reported or fixed this week:

abyssmedia.com has been removed from the HOSTS blocklist, with this today's updates.

Continue reading "Spybot Search and Destroy Definitions Updated on 10/08/2008" »

Posted by Wiz at 4:10 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on October 1, 2008:

Keyloggers (Keyloggers steal your typed logins and passwords)
+ PerfectKeylogger
+ SCKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ AdRotate
++ AntispywareProXP
++ MicroAntivirus
++ MySideSearch
+ Smitfraud-C.
+ SpywareBOT.SpywareStop
++ Win32.VB.ij


Security
++ Microsoft.Windows.Disabled.DispSettings

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ Refpron
++ Stration.dtp
++ Virtumonde.atr
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Autoit
++ Win32.AutoRun.ET
++ Win32.AutoRun.HomeVideo
+ Win32.Delf.rtk
++ Win32.Small.axh
++ WinDestroyerGolden
++ Zlob.ARg

Total: 1141725 fingerprints in 284288 rules for 4285 products.

False positive detections reported or fixed this week:

There is a confirmed false positive detection of Troyan Win32.Small.fb in Wine, which is a Windows translation layer used on Linux computers, to allow (some) Windows programs to be run on Linux. The displayed report was: "Win32.Small.fb: [SBI $3B3DD39E] <$WINSOCK>" This false positive has been fixed in this week's updates.

There is still an as yet unconfirmed, possible false positive of "FakeAlert" in the Windows System file "msvideo.dll." According to the user who reported this, "the description SpyBot gives indicates that FakeAlert creates an autorun entry but I don't see anything that arouses my suspicion." If it is a FP it will be corrected in next week's updates. If Spybot flags this file on your computer use caution and check with the Spybot False Positives Forum before allowing it to be deleted.

Continue reading "Spybot Search and Destroy Definitions Updated on 10/01/2008" »

Posted by Wiz at 10:43 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on September 24, 2008:

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ ActiveToolBand
+ AntiSpywareMaster
++ AntispywareProXP
+ BookedSpace
++ Cleaner2009
+ Fake.MSAntivirus
+ Fraud.AntiMalwares
+ Fraud.AntiSpyware2008XP
+ Fraud.Antivirus2008
+ Fraud.PC-Antispy
++ Fraud.SmartAntiVirus2009
++ InternetSpeedMonitor
++ PCCleanPro
+ Smitfraud-C.
+ Virantix (8)
+ Win32.Agent.pz
++ Win32.Hangame
+ Win32.Renos
+ Win32.VB.lu
+ WinSpyKiller
+ WinXDefender
+ Worldsecurityonline.FakeAlert

Spyware
++ EBlaster

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
+ Adclicker
+ Command Service
+ Fake.IKEA-Bill
++ Popguide
++ ProGroup.ProRat
+ Vanbot
++ Virtumonde.atr
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ WebBuyingAssistant
++ Win32.Agent.hz
+ Win32.Agent.msgr
++ Win32.Antilam.20
++ Win32.AutoRun.dmh
+ Win32.BabyDel
++ Win32.BHO.fdj
+ Win32.BHO.df
+ Win32.ConHook.ah
++ Win32.Delf.gxz
++ Win32.Rays
+ Win32.Small.buy
++ Win32.VB.aoo
+ Zlob.Downloader.apl
+ Zlob.Downloader.mot
+ Zlob.Downloader.vdt
+ Zlob.Vcodec
+ Zlob.XPasswordManager

Total: 1137868 fingerprints in 283533 rules for 4288 products.

False positive detections reported or fixed this week:

There is an as yet unconfirmed, but reported false positive of "FakeAlert" in the Windows System file "msvideo.dll." According to the user who reported this, "the description SpyBot gives indicates that FakeAlert creates an autorun entry but I don't see anything that arouses my suspicion." If it is a FP it will be corrected in next week's updates. If Spybot flags this file on your computer use caution and check with the Spybot False Positives Forum before allowing it to be deleted.

RegCleaner by Jouni Vuorio is a confirmed false positive and was fixed with the updates last Wednesday.

Continue reading "Spybot Search and Destroy Definitions Updated on 9/24/2008" »

Posted by Wiz at 2:47 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on September 17, 2008:

Dialer (Dialers silently try to use your modem to call pay per minute numbers in foreign countries)
+ EGDAccess

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ AntiSpywareMaster
+ CoolWWWSearch.OleHelp
++ Fraud.PCHealth
+ DyFuCa.InternetOptimizer
+ ISearchTech.ISTsvc
+ MagicControl.Agent
+ Smitfraud-C.
+ SpywareBOT.SpywareStop
+ Win32.Agent.pz
+ WinSpywareProtect
+ ZenoSearch

Spyware
+ 180Solutions.SearchAssistant
+ TargetSaver

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ Agent.Clicker
+ CoolWWWSearch.GonnaSearch
+ Fraud.AntiMalwares
++ IRCBot.svchost
++ ProGroup.ProRat
++ Win32.Agent.hnk
+ Win32.Agent.hz
++ Win32.Delf.jl
++ Win32.Delf.gkw
++ Win32.Delf.rtk
+ Win32.Flux.fm
++ Win32.Joleee.K
+ WebBuyingAssistant
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Virtumonde.Crack

Total: 1219618 fingerprints in 292344 rules for 4237 products.

False positive detections reported or fixed this week:

RegCleaner by Jouni Vuorio is a false positive and was fixed with the updates this Wednesday.

Continue reading "Spybot Search and Destroy Definitions Updated on 9/17/2008" »

Posted by Wiz at 5:02 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

Spybot Search and Destroy 1.6 was released on July 8, 2008. It scans for threats about 4 times faster than previous versions and has an redesigned spyware removal engine. Upgrade now to Spybot S&D 1.6. The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on September 10, 2008:

Adware
++ Give4Free.BHO
++ zztoolbar

Dialer (Dialers silently try to use your modem to call pay per minute numbers in foreign countries)
+ eGroup.InstantAccess

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ ActiveToolBand
+ AdwareAlert
+ AdwarePro
+ AntiSpyCheck
+ ErrorSmart
+ ErrorSweeper
++ Fake.MSAntivirus
+ Fraud.AntiMalwares
++ MalwarePro
++ Redtube
+ RegClean
+ Smitfraud-C.
+ Spyhunter
++ Win32.Agent.ys
+ Win32.BHO.je
+ Win32.Renos

PUPS (Possibly Unpopular Software or Unwanted Programs)
+ FunWebProducts
+ MyWay.MyWebSearch
++ RegCleanr

Spyware
++ SolutionClass.pws

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ Fake.PCTools
++ RightMedia
++ StormCodec
+ Virtumonde
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ VisualBreeze
+ Win32.Autoit
++ Win32.AutoRun.buv
++ Win32.BHO.kv
++ Win32.Hupigon.eez
++ Win32.LdPinch.fzw
++ Win32.Small.ba
++ Win32.VB.bbd
+ Zlob.Downloader.apl

Total: 1215016 fingerprints in 291150 rules for 4227 products.

Continue reading "Spybot Search and Destroy Definitions Updated on 9/10/2008" »

Posted by Wiz at 8:04 PM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! The newest Virtumonde threats require the anti malware engine in Spybot 1.6 to effectively remove them.

Additions made on September 3, 2008:

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax
++ Win32.KeyLogger.ap

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ 1ClickPCFix
+ ErrorSafe
+ Fraud.AntiMalwares
++ Fraud.AntiSpyXP
++ Fraud.Antivirus
++ Fraud.XPAntivirus.gen
+ Power-Antivirus-2009
+ Smitfraud-C.bs
++ Smitfraud-C.ul
++ Virantix (7)
++ WinReanimator
++ XPSecurityCenter

PUPS (Possibly Unpopular Software or Unwanted Programs)
+ FunWebProducts
+ MyWay.MyWebSearch
++ Win32.HackTool.Aid (652)

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ CashBar

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ CSR.tr
++ Fake.HostProcess
+ Hupigon
+ Maran.J
++ Nebuler.BHO
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.ark
++ Win32.Agent.ayo
++ Win32.Agent.es
++ Win32.Banker.egt
++ Win32.BHO.bc
++ Win32.Bzub.fh (579)
++ Win32.Delf.if
++ Win32.Disabler.i
++ Win32.Fujack.b
++ Win32.Nosok.b
++ Win32.Pigeon.DLA
++ Win32.VBS.Generic.23
+ Win32.Webdir.b
++ Zlob.Downloader.got
+ Zlob.Downloader.vdt
+ Zlob.Downloader.wet

Hosts file additions to note
SweetIM is a fancy smiley program used by a lot of people addicted to instant messenger conversations. SweetIM.com has been blocked in the latest Hosts file update. It is regarded as Adware and is virtually impossible to remove by normal procedures. Attempting to remove it is known to cause a barrage of popups protesting your decision. Treat is as possible spyware, as it tracks the websites you visit to throw targeted ads at you.

Total: 1209640 fingerprints in 290002 rules for 4232 products.

False positive detections reported or fixed this week:

A couple more false positive heuristic detections were fixed with today's Spybot updates. These include "FixPolicies.exe" and "DCProSetup.exe." This is an ongoing problem where a normal scan using definitions shows nothing wrong, but a heuristic manual scan shows all kinds of infections. When in doubt, believe the definitions scan, rather than any heuristic scan. The same thing applies to your anti virus scanner. Mine gives occasional false positives with generic names, using heuristics, when in fact no infection exists in those files.

Continue reading "Spybot Search and Destroy Definitions Updated on 9/03/2008" »

Posted by Wiz at 9:42 AM | Permalink

If you are using "Spybot Search and Destroy" to protect your PC against spyware infections and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on August 27, 2008:

Adware
++ BannerStyles.Optimizer
++ RXToolbar
+ SmartShopper
+ Zango
+ Zango.ShoppingReport
++ MorpheusToolbar

Hijackers
++ CoolWWWSearch.Aff.Madfinder

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ Fakealert.gen
+ Fraud.XPAntivirus
+ Fraud.Antivirus2008
+ IEDefender
+ MalwareProtector2008
++ WinDefender
+ WinSpywareProtect
++ XPSecurityCenter

PUPS (Possibly Unpopular Software or Unwanted Programs)
++ Joke.FakeFormat
++ WildTangent

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
+ ShopAtHome

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ CSR.tr
++ Fraud.AntiSpyware2008XP
++ Fraud.Installer.as
+ Hupigon13
+ Smitfraud-C.MSVPS
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
+ Win32.Agent.bm
++ Win32.Agent.cui
++ Win32.Agent.dj.rtk
++ Win32.Agent.rso
++ Win32.Agent.uzf
++ Win32.AutoRun.bck
+ Win32.BHO.je
++ Win32.Brontok.q
++ Win32.Bzub.fh
++ Win32.Delf.vb
++ Win32.Disabler.i
+ Win32.Exchanger.ch
++ Win32.Injecter.adv
++ Win32.Mutant.yf
+ Win32.Poison.k
++ Win32.ShowPass
++ Win32.Small.aafc
++ Win32.VB.el
++ Wukill.B
+ Zlob.Downloader.Gen
++ Zlob.Downloader.mot
++ Zlob.rtk

Worms
+ Win32.Socks.T (1471)

Total: 1188431 fingerprints in 286605 rules for 4213 products.

If you are still using Spybot S&D 1.3, or 1.4, update support is about to end and your computer will be at greater risk because of having out-dated definitions.

If you are using any version older than 1.6 please upgrade to the current version of Spybot S&D, which is now 1.6.0.30, as soon as possible. New definitions for malware like the Virtumonde family of Trojans need the newer processing technologies introduced in version 6.0.

If your computer gets stuck in a logon/logoff loop, after updating and scanning with the older versions of Spybot, visit this forum page for a solution, from Team Spybot.

Posted by Wiz at 1:07 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on August 20, 2008:

Adware
+ Zango.ShoppingReport

Hijackers
++ FM.Toolbar (2800)
++ SearchPixieBar
++ Win32.Control.pg

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
++ AdvancedXPFixer
+ AntiSpyCheck
+ BrowserAid
+ Fraud.Antivirus2008
+ Fraud.XPAntivirus
++ Power-Antivirus-2009
+ RegistrySmart
+ Smitfraud-C.
+ SpyShredder
++ UltimateAntivirus2008
+ VistaAntivirus2008
+ Win32.Agent.pz
+ Win32.BHO.je
++ Win32.FraudLoad
+ Win32.Renos
++ Win32.Stud.a
+ Win32.VB.ck

PUPS (Possibly Unpopular Software or Unwanted Programs)
+ CasinoRoyal.PT

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ Win32.FirefoxPSW.k

Trojans (Trojans come to you disguised as something useful, or as a missing codec required to view a spammed video, but, like the Trojan Horse of antiquity, they hold dangerous contents that cause great harm!)
++ AntiLamerBackDoor
++ Fake.AntiSpywareCheck
++ Pigeon
+ Smitfraud-C.MSVPS
++ TargetedBanner.Optimizer
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Archivarius.a
++ Win32.Autoit.E
++ Win32.Beastdoor
++ Win32.Delf.ajx
++ Win32.LdPinch.r
++ Win32.Poison.aem
++ Win32.ScarMorph
++ Win32.Tibia.cn
++ Win32.VB.afa
++ Win32.VB.drc
++ Zlob.Downloader.apl
+ Zlob.Downloader.vdt

Worms
++ Win32.Socks.T (7559)

Total: 1172617 fingerprints in 283863 rules for 4186 products.

False positive detections reported or fixed this week:

Confirmed False Positive:

For reasons unknown, tinyurl.com is inserted into the hosts file and redirected to 127.0.0.1 and bookmarks to the website are labeled as malware. This is a false positive that will be rectified next week, but you should disregard this detection if you use the TinyUrl toolbar, or have links to the tinyurl.com website.

If you are still using Spybot S&D 1.3, or 1.4, please read this!

I have read several false positive reports regarding CoolWWWSearch.hjg and HellzLittleSpy from people still using the old versions 1.3 and 1.4 of Spybot Search and Destroy. I must stress that you cannot trust these versions to be 100% accurate when updated with current definitions. In fact, the opposite appears to be true; they are producing false positive detections with recent updates.

These are false positive which occur because Spybot 1.3 is outdated and does not understand the more complex rules made for 1.6 and newer.

Apply the main update that shows up within the internal updater to upgrade to (1.6.x).

If your computer gets stuck in a logon/logoff loop, after updating and scanning with these older versions of Spybot, visit this forum page for a solution, from Team Spybot.

If you are using any version older than 1.6 please upgrade to the current version of Spybot S&D, which is now 1.6.0.30. New definitions for malware like the Virtumonde family of Trojans need the newer processing technologies introduced in version 6.0.

If you get an alert about that detection for a file you think is legitimate you should submit it to Team Spybot for analysis.

Continue reading "Spybot Search and Destroy Definitions Updated on 8/20/2008" »

Posted by Wiz at 8:33 PM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on August 13, 2008:

Adware
+ 2Search
++ Eroca
+ Zango

Hijackers
+ LoudMarketing.WinFavorites

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Goldeneye
+ SC KeyLog Pro
+ SCKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts, plus other nasty programs)
+ Krepper-G
+ PPCHook
+ SpyAxe
+ SyperCrypt.Overwriter
+ Win32.Agent.pz
+ Win32.VanBot.ax
+ WinFixer2005
+ Smitfraud-C.
+ AntiSpyCheck
+ Win32.BHO.je
++ Softland.Antivirus2008XP
++ Power-Antivirus-2009

PUPS (Possibly Unpopular Software or Unwanted Programs)
+ DriveCleaner 2006

Security
+ Microsoft.Windows.AppFirewallBypass

Trojans
+ AdSpy.TTC
+ BackOrifice2k
+ Banker.PorSMTP
+ Crypt.Spambot.qk
++ CTFmona
+ Dropper.Mondo
+ HotKeysHook
+ Irc.Agobot
+ KBui32.SMTP
++ Nurech
++ PSCMain
+ Psyme
+ Smitfraud-C.MSVPS
++ TargetBanner
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.abv
+ Win32.Agent.ac
++ Win32.Agent.agb
++ Win32.Agent.JH
++ Win32.Agent.o
+ Win32.Autoit
++ Win32.AutoRun.acs
+ Win32.ConHook.ah
+ Win32.IRCBOT.cmn
+ Win32.mIRC
+ Win32.Rbot.aeu
+ Win32.SdBot.bkx
++ Win32.SDBot.iuf
++ Win32.VB.v
++ Win32.VB.vw
+ Zlob.Downloader.ol
++ Zlob.Downloader.apl
+ Zlob.Downloader.tfr
+ Zlob.Downloader.vdt
+ Zlob.ImageActiveXAccess
+ Zlob.VideoActiveXAccess
+ Zlob.VideoAXObject

Worms
++ Win32.Bnuff (7296)
+ Win32.Socks.T

Total: 1162519 fingerprints in 282447 rules for 4157 products.

False positive detections reported or fixed this week:

Confirmed False Positive:

CoolWWWSearch.Aff.Madfinder: [SBI $5C09119C] Executable (File, nothing done)
C:\WINDOWS\system32\svc.exe.

This file belongs to SrvStart, a program to run command or programs as a service. SVC.EXE is a simple Windows NT command-line program to manage NT services.

An "Alexa Related" false positive in Google searches was fixed in this week's updates.

If you are still using Spybot S&D 1.3, or 1.4, please read this!

I have read several false positive reports regarding CoolWWWSearch.hjg and HellzLittleSpy from people still using the old versions 1.3 and 1.4 of Spybot Search and Destroy. I must stress that you cannot trust these versions to be 100% accurate when updated with current definitions. In fact, the opposite appears to be true; they are producing false positive detections with recent updates.

These are false positive which occur because Spybot 1.3 is outdated and does not understand the more complex rules made for 1.6 and newer.

Apply the main update that shows up within the internal updater to upgrade to (1.6.x).

If your computer gets stuck in a logon/logoff loop, after updating and scanning with these older versions of Spybot, visit this forum page for a solution, from Team Spybot.

If you are using any version older than 1.6 please upgrade to the current version of Spybot S&D, which is now 1.6.0.30. New definitions for malware like the Virtumonde family of Trojans need the newer processing technologies introduced in version 6.0.

If you get an alert about that detection for a file you think is legitimate you should submit it to Team Spybot for analysis.

Continue reading "Spybot Search and Destroy Definitions Updated on 8/13/2008" »

Posted by Wiz at 11:38 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on August 6, 2008:

Adware
++ Downloader.Trymedia (55397)

Dialer (Dialers silently try to use your modem to call pay per minute numbers in foreign countries)
+ CarpeDiem Vars (177988)

Keyloggers (Keyloggers steal your typed logins and passwords)
++ DigitalKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts)
+ BannerRotator
+ Fraud.Antivirus2008 (2)
++ Fraud.PC-Antispy
++ PrivacyGuarantor
+ Win32.BHO.je

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ AlexaToolbar

Trojans
++ Gooochi.BHO
+ PWS.Small.bs
+ Smitfraud-C.MSVPS
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ VirusExterminator
++ Win32.Agent.alo
+ Win32.Agent.ark
+ Win32.Bancos.zm
++ Win32.Crackpai.A
++ Win32.Delf.arv
++ Win32.JunkPoly
++ Win32.Klone.ao
++ Win32.OnLineGames.anyz
++ Win32.QQPass.aom
+ Win32.Sohanad.as
++ Win32.VB.sp
+ Zlob.Downloader.rid
+ Zlob.Downloader.tfr
+ Zlob.Downloader.wet
++ Zlob.ur

Total: 1147318 fingerprints in 280413 rules for 4112 products.

False positive detections reported or fixed this week:

False positive registry entry detections of "TacOnlyOne" and "WinSpywareProtect" that have been reported were fixed in this week's F/P updates.

"Alexa related" may be a false positive detection for a Google toolbar search function.

Zlib.dll, in GuardianMonitor, detected when scanning manually, under the Heuristic section only, is a false positive.

If you are still using Spybot S&D 1.3, or 1.4, please read this!

I have read several false positive reports regarding CoolWWWSearch.hjg and HellzLittleSpy from people still using the old versions 1.3 and 1.4 of Spybot Search and Destroy. I must stress that you cannot trust these versions to be 100% accurate when updated with current definitions. In fact, the opposite appears to be true; they are producing false positive detections with recent updates.

These are false positive which occur because Spybot 1.3 is outdated and does not understand the more complex rules made for 1.6 and newer.

Apply the main update that shows up within the internal updater to upgrade to (1.6.x).

If your computer gets stuck in a logon/logoff loop, after updating and scanning with these older versions of Spybot, visit this forum page for a solution, from Team Spybot.

If you are using any version older than 1.6 please upgrade to the current version of Spybot S&D, which is now 1.6.0.30. New definitions for malware like the Virtumonde family of Trojans need the newer processing technologies introduced in version 6.0.

If you get an alert about that detection for a file you think is legitimate you should submit it to Team Spybot for analysis.

Continue reading "Spybot Search and Destroy Definitions Updated on 8/6/2008" »

Posted by Wiz at 12:19 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on July 30, 2008:

Dialer (Dialers silently try to use your modem to call pay per minute numbers in foreign countries)
+ Carima Enterprises
+ Coulomb Ltd.Content Access Plugin

Keyloggers (Keyloggers steal your typed logins and passwords)
+ Ardamax
+ PerfectKeylogger

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners and fake security alerts)
+ FakeAlert.cc
+ Fraud.XPAntivirus (2)
+ Smitfraud-C.
++ Smitfraud-C.bs
+ Smitfraud-C.gp
++ SpyGuarder
+ Vcodec.eMedia
+ Win32.BHO.je
++ Win32.Delf.ayz (2)
++ Win32.Small.mz
+ WinSpywareProtect

PUPS (Possibly Unpopular Software or Unwanted Programs)
++ LuckyToolBar

Security
+ Microsoft.Windows.AppFirewallBypass

Spyware
++ SpyArsenal.HomeKeyLogger

Trojans
++ Backdoor.Catfriend
++ FakeUPSInvoice
++ Haxdoor.hm
+ Hupigon13
+ IRC.Zapchast
+ Smitfraud-C.MSVPS
++ Synatix.Peppi
+ Virtumonde.dll
+ Virtumonde.prx
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.Agent.sxi
++ Win32.AutoRun.beh
++ Win32.Brontok
+ Win32.Exchanger.ch
++ Win32.GipWizard
++ Win32.Papras.en
++ Win32.VB.lu
++ Win32.VB.PW
+ Zlob.Downloader.wet
+ Zlob.Downloader.vdt
++ Zlob.Downloader.tfr
+ Zlob.HomepageMonitor

Total: 1049809 fingerprints in 270679 rules for 4101 products.

False positive detections reported or fixed this week:

False positive registry entry detections of "TacOnlyOne" and "WinSpywareProtect" that have been reported were fixed in this week's F/P updates.

Spybot 1.6.0.30 with updates of 2008.07.23 on an XP Pro SP2 machine gives a false positive for c:\windows\pkzipc.exe (command line zip utility, version 4.00) as Win32.Agent.aou. It was fixed in the July 30 updates.

The website securitylab.ru was removed from the HOSTS file blocklist with this week's updates.

A false heuristic scanning infection indication within the Mozilla Firefox v3.0.1 installer package was fixed this week.

If you are still using Spybot S&D 1.3, or 1.4, please read this!

I have read several false positive reports regarding CoolWWWSearch.hjg and HellzLittleSpy from people still using the old versions 1.3 and 1.4 of Spybot Search and Destroy. I must stress that you cannot trust these versions to be 100% accurate when updated with current definitions. In fact, the opposite appears to be true; they are producing false positive detections with recent updates.

These are false positive which occur because Spybot 1.3 is outdated and does not understand the more complex rules made for 1.5.2 and newer.

Apply the main update that shows up within the internal updater to upgrade to (1.6.x).

If your computer gets stuck in a logon/logoff loop, after updating and scanning with these older versions of Spybot, visit this forum page for a solution, from Team Spybot.

If you are using any version older than 1.5.2, please upgrade to the current version of Spybot S&D, which is now 1.6.0.

If you get an alert about that detection for a file you think is legitimate you should submit it to Team Spybot for analysis.

Continue reading "Spybot Search and Destroy Definitions Updated on 7/30/2008" »

Posted by Wiz at 10:27 AM | Permalink

If you arrived here by searching for the name of some malware that may be on your computer and you are not currently using Spybot Search and Destroy, you can download the latest version from the Spybot Search and Destroy Multi-Lingual Landing Page. Choose your language, then use the link in the left sidebar to go to the downloads page. Download the program from your closest mirror server, install it, update it (Updates button), then follow the instructions below to detect and remove any malware that is on your PC.

If you already are using "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released on schedule, on Wednesday this week, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.

If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a single + sign are updated detections, while a double ++ in front of it's name indicates a brand new detection. A number in parenthesis, following a malware name, indicates the number of variants included in that detection. These programs are dangerous to your computer, and/or personal security or privacy.

* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied. After immunizing with any new detections, run a scan for malware by clicking on the "Spybot Search & Destroy" button, on the left panel, then on the button with the magnifying glass icon, labeled: "Check For Problems."

Spybot Updates - published every Wednesday

News Flash!
Spybot Search and Destroy 1.6 was released on July 8, 2008. Upgrade now! Read more about it in my extended comments.

Additions made on July 23, 2008:

Adware
+ WhenU.DAEMONTools.SearchBar
+ WhenU.Search

Malware (Includes rogue or fake anti-virus and anti-spyware programs and fake registry cleaners)
++ AdwareDelete
++ AntiSpywareMaster
++ AntivirusGold
+ Fraud.XPAntivirus
+ IEDefender
++ PCPrivacyCleaner
+ PSGuard
+ Smitfraud-C.gp
+ SpySheriff
+ SpywareIsolator
+ Win32.BHO.je
++ Win32.Delf.aph
+ Win32.ServU
+ WinSpywareProtect
++ YourWebSafe
PUPS (Possibly Unpopular Software or Unwanted Programs)>\+ WPA_Reset5

Trojans
+ Autorunreplacer
+ Nuclearwinter
+ Smitfraud-C.MSVPS
+ SystemDoctor2006
+ Virtumonde
+ Virtumonde.dll
+ Virtumonde.sci
+ Virtumonde.sdn
++ Win32.AutoIt.co
++ Win32.Fujacks.AB
++ Win32.Hupigon.ack
++ Win32.GGDoor
++ Win32.Reload.m
++ Win32.Sramler.c
+ Zlob.Downloader.rid
++ Zlob.Downloader.tfr

Total: 1038867 fingerprints in 267952 rules for 4080 products./strong>