Spybot Search & Destroy Anti Spyware Definitions Updated on August 1, 2007
If you have Spybot Search & Destroy installed on your PC and you forgot to run a check for updates recently, new definitions have been released this week. It's time to update your Spybot Search & Destroy anti-spyware definitions, then immunize, then scan for and remove any detected malware. I see from this week's definitions that is was an unusually busy week for new variants and sub-classes of the Zlob Trojans, with a whopping 64 new or updated detections added to the definitions, just for this class of malware! In fact, Trojans dominate the 2007-08-01 malware definitions, making it all the more important that you keep Spybot up to date and scan for threats often.
For those who don't know, Spybot Search & Destroy is one of the best known freeware anti-spyware/malware tools available. I use it and recommend it to PC users everywhere (it is available in many languages). The program works on all versions of Windows and is updated weekly to detect and remove new or altered threats (There are a lot of malware programs that are altered every week or two by the authors, to try to slip past your security defenses, in case you haven't updated your security program definitions recently).
If you see a program listed in these detections by name you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security or privacy. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.
After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.
2007-08-01
Adware
++ CouponBar
Keylogger
+ Ardamax
+ SpyArsenal.Family Keylogger
Malware
+ SpyCrush
+ SpyHeal
++ VirusLocker
+ VirusProtectPro
+ Winfixer
PUPS (Potentially Unwanted Programs)
+ DriveCleaner 2006
+ FunWebProducts
+ Hotbar
+ I-Won
+ MalwareWipe
+ MyWay.MyWebSearch
+ NewDotNet
+ SideStep
Security
+ Microsoft.Windows.AppFirewallBypass
+ Microsoft.Windows.RedirectedHosts
Spyware
+ Comet Cursors
+ Cydoor
+ eZula HotText
+ StarWare
+ Zango
++ Zango.WindUpdates
Trojan
++ ClipRex.DVDCodec
+ CoolWWWSearch.SearchToolbar (2)
+ CurePCSolution
+ Hupigon (2)
++ Ourxin.A
++ Peflog.RP
+ QQ-Pass
+ QQRob
++ Vanbot
+ Virtumonde (2)
++ Win32.Agent.BN
++ Win32.Agent.hjo
++ Win32.Agent.Zz
+ Win32.Banload
+ Win32.Bifrose.LA
++ Win32.Delf.dtm
+ Win32.Delf.zq
++ Win32.FakeClient
++ Win32.Hupigon.pv
++ Win32.Joel
+ Win32.OnLineGames
++ Win32.Silent.ce
++ Win32.Small.ay
++ Win32.SpyBuddy.c
+ Zlob.AdultAccess
+ Zlob.BrainCodec
+ Zlob.DigiPassword
+ Zlob.DirectVideo
++ Zlob.DNSChanger.Rtk
+ Zlob.EliteCodec
+ Zlob.FreeVideo.DVDCodec
+ Zlob.GoldCodec
+ Zlob.HomepageMonitor
+ Zlob.HQCodec
+ Zlob.HQvideo
+ Zlob.iCodecPack
+ Zlob.ImageActiveXAccess
+ Zlob.ImageActiveXObject
+ Zlob.ImageAXObject
+ Zlob.iMediaCodec
+ Zlob.IVideoCodec
+ Zlob.JPEG-Encoder
+ Zlob.KeyCodec
+ Zlob.KeyGenerator
+ Zlob.Mediacodec
+ Zlob.MMediaCodec
+ Zlob.MovieBox
+ Zlob.MovieCommander
+ Zlob.MPVideoCodec
+ Zlob.MyPassGenerator
+ Zlob.NewMediaCodec
+ Zlob.PerfectCodec
+ Zlob.PornMagPass
+ Zlob.PornPassManager
+ Zlob.PowerCodec
+ Zlob.PPlayer
+ Zlob.PrivateVideo
+ Zlob.QualityCodec
++ Zlob.SecurityTools
+ Zlob.SilverCodec
+ Zlob.SiteEntry
+ Zlob.SiteTicket
+ Zlob.SoftCodec
+ Zlob.strCodec
+ Zlob.SuperCodec
+ Zlob.TrueCodec
+ Zlob.VAXCodec
+ Zlob.Vcodec
+ Zlob.VidCodec
+ Zlob.VideoAccess
+ Zlob.VideoAccessActiveXObject
+ Zlob.VideoActiveXAccess
+ Zlob.VideoActiveXObject
+ Zlob.VideoAXObject
+ Zlob.VideoBox
+ Zlob.VideoCodec2007
+ Zlob.VideoCompressionCodec
+ Zlob.VideoKeyCodec
+ Zlob.VideoPlugin
+ Zlob.WinMediaCodec
+ Zlob.XpassGenerator
+ Zlob.XPasswordManager
++ Zlob.XXXAccess
+ Zlob.ZCodec
+ Zlob.ZipCodec
Total: 433225 fingerprints in 80825 rules for 3223 products.
Spybot Search & Destroy is now compatible with Windows Vista, but needs administrator rights to perform it's security functions. A new version, 1.5, will soon be released that will carry the Works With Windows Vista Logo. Stay tuned for more information about version 1.5.
As you can see from the long list of new detections this has grown into a major piece of work for the author and he could sure use some financial assistance to cover the huge amount of time it takes to update these definitions. There is a donation button on this page and I know he will appreciate your contributions!
See links to and more information about using Spybot Search and Destroy in my extended comments...
English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History
See all security program update notices in this catagory
A consequence of acquiring many of the parasites, keyloggers, hijackers and downloaders is that their files and startup settings are usually saved to your System Restore hidden folder, from whence they are automatically restored upon rebooting the computer. To completely remove these threats, and others, you should disable System Restore, then reboot, then clean all threats, then re-start System Restore, setting a new Restore Point, with a clean machine. Many people overlook this and are constantly reinfected after removing threats. There are few, if any security programs that can clean or remove infected files that are backed up in your protected System Restore directory.
To disable System Restore, go to My Computer and right-click on it's icon. From the flyout options select Properties. From the "System Properties" select the "System Restore" tab. There you will find a checkbox labeled "Turn off System Restore." Check it, then click Apply and wait while the System Restore files are deleted (takes some time). After the deletions are finished, click OK to close the Properties box, then reboot.
When you have thoroughly removed all infections follow the same procedure as above, unchecking the box that turned off System Restore.
For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.
Spybot Search and Destroy has a Malware Removal Forum where trained volunteers can help you with spyware removal problems.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.