Spybot Search & Destroy Malware Definitions Updated on September 26, 2007
If you use the famed, freeware, anti-spyware program "Spybot Search and Destroy" and haven't updated it this week, be aware that updates to the definition files were released today, as listed below. Spyware and other classes of malicious programs are altered constantly to avoid detection by anti-spyware programs. Since Spybot S&D updates are only released on a weekly schedule (on Wednesdays) it is imperative that you make it a point to check for and download updates every week, preferably on Wednesday evenings. After downloading all available updates (from the best responding download server in the list of server locations), immunize*, then scan for and remove any detected malware. If Spybot is unable to remove an active threat it will ask for permission to run before Windows starts during the next reboot. Spybot will then run a complete scan before your Windows desktop loads, removing malware that has not yet loaded into memory.
If you see a program listed in the detections below, by name, you should assume that is is malware (with the possible exception of the PUP group, which is up to user discretion). All of the programs listed with a + sign are additions, or updated detections, with multiple additions indicated by a number in parenthesis or a double ++ in front of it's name. These programs are dangerous to your computer, and/or personal security or privacy.
* After updating your Spybot S&D definitions, if they include new "immunization" definitions you need to click on the "Immunize" button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in a button. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.
2007-09-26
Hijacker
+ TNS-Search
Keylogger
+ Ardamax
+ SpyAgent
Malware
+ AntiSpyWare2007
+ AntiVirGear
+ FlashDollars.AntiVirusProtection
+ Nous-Tech.UCleaner
+ Performance Optimizer
+ Smitfraud-C.
+ SurfSideKick
+ Win32.Renos
PUPS (Potentially Unwanted Programs)
+ DriveCleaner 2006
Trojan
+ 1und1_Haxdoor
+ Bifrose.LA
+ Cassava
+ Haxdoor-H
+ MailSkinner.rtk
+ MessengerSkinner.rtk
+ Win32.BHO.df
+ Win32.LoadAdv.h
+ Win32.Murlo.ff
+ Win32.Poison.k
+ Zlob.ImageActiveXAccess
+ Zlob.VideoActiveXAccess
+ Zlob.XXXPlugin
Total: 449837 fingerprints in 87792 rules for 3296 products.
English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History
See all security program update notices in this catagory
A consequence of acquiring many of the parasites, keyloggers, hijackers and downloaders is that their files and startup settings are usually saved to your System Restore hidden folder, from whence they are automatically restored upon rebooting the computer. To completely remove these threats, and others, you should disable System Restore, then reboot, then clean all threats, then re-start System Restore, setting a new Restore Point, with a clean machine. Many people overlook this and are constantly reinfected after removing threats. There are few, if any security programs that can clean or remove infected files that are backed up in your protected System Restore directory.
To disable System Restore, go to My Computer and right-click on it's icon. From the flyout options select Properties. From the "System Properties" select the "System Restore" tab. There you will find a checkbox labeled "Turn off System Restore." Check it, then click Apply and wait while the System Restore files are deleted (takes some time). After the deletions are finished, click OK to close the Properties box, then reboot.
When you have thoroughly removed all infections follow the same procedure as above, unchecking the box that turned off System Restore.
For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.
Spybot Search and Destroy has a Malware Removal Forum where trained volunteers can help you with spyware removal problems.
If you haven't already upgraded to the new version, Spybot S&D version 1.5 is now available on the downloads page.
As you can see from the long list of new detections this has grown into a major piece of work for the author and he could sure use some financial assistance to cover the huge amount of time it takes to update these definitions. There is a donation button on this page and I know he will appreciate your contributions!
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.