February 2006 - Posts
Ad-aware Definition File Update [SE1R94] 28.02.06
Please use the online webupdating engine within Ad-aware to obtain the latest update.
New Definitions:
========================
Starware Toolbar
Updated Definitions:
========================
ActivShopper
Adware.Searchforit
CoolWebSearch
Malware.ErrorSafe +2
Malware.SpyAxe
Softomate Toolbar
SpyFalcon
SpySpotter
SpywareNo +3
The Spy Guard
Win32.Trojan.Dialer.ay
Win32.Trojan.Downloader +5
Win32.Trojan.Keylogger +2
WinAntiSpyware
VX2
The MD5 checksum for the defs.ref file is:
0d65d95f9c4cb97ab86fb57b8474c823
Advanced Users *may* manually update using the below file:
http://download.lavasoft.de.edgesuite.net/public/defs.zip
Extract and ensure that it is dated todays date before use!
*******************************************************
NOTE - Due to a reported False-Positive , Lavasoft re-released the same Definition File - please see this
screenshot to verify it is the same as what you have installed.
SpyBot Definition File Update 24.02.06
Updated Definitions = 1.3 MB!
Updated ~Beta Definitions = 4 KB. ADVANCED USERS ONLY.
Highlights of the new/added detections:
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL + CoolWWWSearch + MaxSearch ++ Hyperlinker ++ SecureServicePack.BadBHO
Malware
++ ADWareBazooka ++ HitVirus + Command Service ++ Smitfraud-C. (2) + Mailbot ++ SpyFalcon + MagicControl.Agent ++ Win32.Agent.acf ++ Win32.Agent.acr
PUPS
++ SpyiBlock
Spyware
+ Targetsaver ++ NiceSpy
Trojan
+ PestTrap ++ Teslaplus.com
Total: 306694 fingerprints in 37055 rules for 1844 products.
NOTE: Choose the download mirror site closest to you!
If you receive error messages such as "bad checksum" it is due to heavy server traffic. Wait until later or tomorrow to avoid disappointment.
Don't forget to re-immunize SpyBot once the new definitions are applied!
SpyBot Updates History -
http://www.spybotupdates.com/index.php?page=updatehistory
NOTE:
Installation of the IE-Spyad list may disable some protections in SpyBot and SpywareBlaster.Please check them and re-enable protections!
MS Anti-Spyware Beta1 Definitions "5811" are available.
Seems that continued support for Beta1 will be around some an undetermined period.
Update via the application.
No downloads for Beta1 are available.
Ad-aware Definition file Update [SE1R93] 22.2.06
Please use the online webupdating engine within Ad-aware to obtain the latest update.
New Definitions:
========================
Adware.Crystalys
Adware.Winadiscount
AdwareSheriff
AlfaCleaner
Malware.ErrorSafe
SpyFalcon
Spyspotter
SpywareStormer +2
Win32.Trojan.Gamania
WinAntispyware
Updated Definitions:
========================
ClickSpring
CoolWebSearch
istbar
Lop
Malware.SpyAxe +2
Malware.SpywareStrike
SpywareNo
Surfaccuracy +2
Win32.Trojan.Crypt +6
Win32.Trojan.Downloader +8
Win32.Trojan.Keylogger
WindUpdates
YourSiteBar
The MD5 checksum for the defs.ref file is:
b31854d7c7f43caf992d88ea783bfc34
Lavasoft also writes:
Note: Crawler Toolbar is coming out of a period of probation and will be removed from detection.
As with all removals, we will continue to monitor the status of this application and take appropriate measures, should the need arise.
Advanced users *may* manually update using the below zip file.
Ensure that is dated todays date before use!
http://download.lavasoft.de.edgesuite.net/public/defs.zip
Spyware Blaster Update 20.02.06
SpywareBlaster 3.5.1 Database:
Latest: 02/20/06
*Last: 02/04/06
Items: 5512
*Last: 5460
Change: 52 Entries
52-IE ActiveX CLSIDs
0-IE Resticted Sites
0-Mozilla/Firefox
Update using the Webupdate feature within the application to obtain the latest updates.
Fully enabled the new updates once applied.
SpyBot Definition File Update 17.02.06
Updated Detections: 1 MB.
English Help File: 184 KB.
Updated ~Beta Detections: 6 KB. ADVANCED USERS ONLY!
Highlights of the new/added detections:
Dialer
+ Carima Enterprises (3218)
Hijacker
++ BHO-Seed + Hyperlinker + CoolWWWSearch.HomeSearch + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
++ AdCom ++ VideoCodec + SpyGuard + SpywareNo ++ SearchEssistantBar + Nat + Spy Sheriff + Smitfraud-C. + Mailbot + CoolWWWSearch
PUPS
+ PestTrap + MalwareWipe + Registry Cleaner
Spyware
+ ShopAtHome ++ Locksky + UCmore
Trojan
++ ScanAndRepairUtilities2006 ++ Innovagest2000.1stAntiVirus ++ Innovagest2000.XSRemover ++ Jupilites + Goldun
Total: 304937 fingerprints in 36678 rules for 1834 products.
NOTE: Choose the download mirror site closest to you!
If you receive error messages such as "bad checksum" it is due to heavy server traffic. Wait until later or tomorrow to avoid disappointment.
Don't forget to re-immunize SpyBot once the new definitions are applied!
SpyBot Updates History -
http://www.spybotupdates.com/index.php?page=updatehistory
Note:
Installation of the IE-Spyad list may disable some protections in SpyBot
and SpywareBlaster. Please check them and re-enable protections!
MVPS HOSTS Update [02-16-06]
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hosts.zip (103 kb)
http://www.mvps.org/winhelp2002/hosts.txt (413 kb)
How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm
HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm
Note: the "text" version also make a good reference for determining culprit URLs.
Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/hosts.htm#contribute
Ad-aware Definition File Update [SE1R92] 14.2.06
Please use the online webupdating engine within Ad-aware to obtain the latest update.
New Definitions:
========================
Malware.Azesearch
The Spy Guard
Win32.Trojan.Downloader +53
Win32.Trojan.Keylogger
Updated Definitions:
========================
Adware.CasinoClient
Adware.DollarRevenue +75
Adware.FreeProd Toolbar
BargainBuddy
IstBar
Lop +15
SpywareNo
SurfSideKickBHO
Win32.Backdoor.Agent +2
Win32.Trojan.StartPage
Win32.TrojanClicker
Winfixer
VX2 +56
YourSiteBar
The MD5 checksum for the defs.ref file is:
8a0f407fd8b23b94822bd2917d06188d
Advanced Users *may* manually update using this file;
http://download.lavasoft.de.edgesuite.net/public/defs.zip
Before use - unzip it and ensure that it is dated today!
Definitions "5807" released to address a false-positive detection some essential components of several Symantec Corporate Antivirus versions are being identified as PWS.Banco.A
SpyBot Definition File Update 10.02.06
Updated Detections: 1.3 MB
Updated ~Beta Detections: 9 KB. ADVANCED USERS ONLY.
Highlights of the new/added detections:
Dialer
+ Sfonditalia + XXXDownloader
Hijacker
+ CoolWWWSearch.XPlugin + CoolWWWSearch.Yexe + KeywordHijacker + CoolWWWSearch.Feat2DLL
Malware
+ SpyGuard + WinFixer2005 + Smitfraud-C. (2) + CashDeluxe + MITBand(CrytalsMedia)
PUPS
+ AdwarePunisher + SpyiBlock
Spyware
+ RealSpyMonitor
Trojan
+ UVU-Channel + Hachimitsu-Lemon ++ Jupilites
Total: 302298 fingerprints in 35881 rules for 1814 products.
NOTE: Choose the download mirror site closest to you!
If you receive error messages such as "bad checksum" it is due to heavy server traffic. Wait until later or tomorrow to avoid disappointment.
Don't forget to re-immunize SpyBot once the new definitions are applied!
SpyBot Updates History -
http://www.spybotupdates.com/index.php?page=updatehistory
Installation of the IE-Spyad list may disable some protections in SpyBot
and SpywareBlaster. Please check them and re-enable protections!
Ad-aware Definition File Update [SE1R91] 08/02/06
Please obtain the latest defintion using the webupdate feature within the application.
New Definitions:
========================
Adware.GAIN.WebSecureAlert
Adware.Z-Quest
Updated Definitions:
========================
Adware.CasinoClient
Adware.DollarRevenue +3
Adware.GAIN.Dashbar +2
Adware.SystemProcess
BargainBuddy
CmdServices +2
CoolWebSearch +3
Cydoor
IBIS Toolbar
istbar
Lop +2
Malware.Psguard.ref
Malware.SpywareStrike
SpywareNo +3
SurfSidekickBHO
Targetsavers
VacPro
Win32.Trojan.Agent +2
Win32.TrojanSpy.Small
WindUpdates
Winfixer +4
VX2 +2
ZToolbar
The MD5 checksum for the defs.ref file is:
3b4eb5508450a6d78448799247d6b700
Advanced users *may* manually update using the below zip file:
http://download.lavasoft.de.edgesuite.net/public/defs.zip
Spyware Blaster Update Feb.3 /06
5460 Total Items in the database; 20 new.
Enable all protection once the new database is loaded using the internal
updating engine within: Spyware Blaster
McAfee AVERT Stinger [v2.6.0]
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
NOTE: The file has been renamed to circumvent anti-stinger tactics used by Sober@MM!M681
This version of Stinger includes detection for all known variants, as of November 22, 2005:
BackDoor-AQJ BackDoor-ALI BackDoor-CEB
BackDoor-JZ Bat/Mumu.worm Downloader-DN.a
Exploit-DcomRpc Exploit-LSASS Exploit-MS04-011
HideWindow IPCScan IRC/Flood.ap.dr
IRC/Flood.bi.dr IRC/Flood.cd NTServiceLoader
ProcKill PWS-Narod PWS-Sincom.dll
W32/Anig.worm W32/Bagle@MM W32/Blaster.worm (Lovsan)
W32/Bropia.worm W32/Bugbear@MM W32/Deborm.worm.gen
W32/Doomjuice.worm W32/Dumaru W32/Elkern.cav
W32/Fizzer.gen@MM W32/FunLove W32/IRCbot.worm
W32/Klez W32/Korgo.worm W32/Lirva
W32/Lovgate W32/Mimail W32/MoFei.worm
W32/Mumu.b.worm W32/MyDoom W32/Nachi.worm
W32/Netsky W32/Nimda W32/Pate
W32/Polybot W32/Sasser.worm W32/Sdbot.worm.gen
W32/SirCam@MM W32/Sober W32/Sobig
W32/SQLSlammer.worm W32/Swen@MM W32/Yaha@MM
W32/Zafi W32/Zindos.worm W32/Zotob.worm
Download and full instructions of use here;
http://vil.nai.com/vil/stinger/
Ad-aware Definition File Update [SE1R90] Feb.03/06
Please update using the internal updating engine within Ad-aware.
Note: In this release, we are adding a special family which potential new variants of existing content will be detected under.
New family:- "0 Possible New Malware 0″
Objects of type "File" detected as this family, should be submitted to our Research department for further investigation.
This can be done at http://www.lavasoftresearch.com/submit.php
New Definitions:
========================
Win32.Trojan.Spy +2
Updated Definitions:
========================
Adware.Alibaba
Adware.CasinoClient
Adware.DollarRevenue +2
Adware.Freeprod Toolbar
Dialer +2
e2give
Malware.SpyAxe +4
Malware.SpywareStrike +3
Malware.TopAntiSpyware
Prutect
SpywareNo +9
Targetsavers
Win32.Backdoor.SDBot
Win32.Dialer.Trojan
Win32.Sober.A
Win32.Trojan.Agent +2
Win32.Trojan.Crypt
Win32.Trojan.Dialer.ay +3
Win32.TrojanDownloader.Agent.am
Win32.TrojanDownloader.Small +2
Win32.TrojanDownloader.VB
Win32.Trojan-PSW.Lineage
Win32.TrojanSpy.Goldun
WindUpdates
Winfixer +8
Zango
The MD5 checksum for the defs.ref file is:
417229bb2ace8ba8382b452d805e66a2
Advanced users *may* manually update using the below zip file;
http://download.lavasoft.de.edgesuite.net/public/defs.zip
SpyBot Definition File Update Feb.03/06
Updated Detections: 1.3 MB!
Updated ~Beta Detections: 4 KB. ADVANCED USERS ONLY.
Highlights of the improved - added detections:
Hijacker
+ ISearchTech.ISTbar + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Keylogger
+ Perfect Keylogger
Malware
+ Backdoor.Win32.SDBot + Vcodec + SpywareStrike + Smitfraud-C.
PUPS
+ MalwareWipe - Download Accelerator Plus
Spyware
+ XP-Logon-Password Logger
Trojan
+ Innovagest2000.AlfaCleaner + Innovagest2000.SpyDeface + Zlob.Downloader
Total: 301773 fingerprints in 35776 rules for 1807 products.
NOTE: Choose the download mirror site closest to you!
Specific Mirrors are not always available to you in your area!
If you receive error messages such as "bad checksum" it is due to heavy server traffic. Wait until later or tomorrow to avoid disappointment.
Don't forget to re-immunize SpyBot once the new definitions are applied!
SpyBot Updates History -
http://www.spybotupdates.com/index.php?page=updatehistory
Installation of the IE-Spyad list may disable some protections in SpyBot
and SpywareBlaster. Please check them and re-enable protections!
MVPS HOSTS Update
[01-31-06]
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hosts.zip (102 kb)
http://www.mvps.org/winhelp2002/hosts.txt (408 kb)
How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm
HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm
Note: the "text" version also make a good reference for determining culprit URLs.
Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/hosts.htm#contribute
Microsoft AntiSpyware Definitions "5803"
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Verify the updates: open MSAS > Help > About > Diagnostics. You should see the following information:
Definitions Increment Version: 156/156
Definitions ThreatAuditThreatData: 1346169
Definitions ThreatAuditScanData: 3077137
Definitions DeterminationData: 806433