General discussion

UPDATES - February 16, 2005

HJT 1.99.1(HijackThis)
new version of HJT 1.99.1 just released it will be available from usual sources just give it a few hours to distribute

Changes:
* Fixed crash bug on O23 method on certain systems.
* Improved O15 method, fixed some bugs.
* Improved O23 method, fixed some bugs.
* Fixed infinite loop on 'scan and save log' task.
* Fixed a heaping spoonful of 'Input past end of file' bugs.
* Fixed MD5 hashing not working.
* Fixed a lot of possible crashes on systems using file compression on NTFS.
* Itty Bitty Process Manager now shows Process IDs.
* Added 'Uninstall Manager' to list, change or remove entries in the Add/Remove Software list.
* Added info on command-line parameters in help text.
* Added enumeration of Winlogon Notify items to O20 method.
* Files in O4 items are now killed (if running) before being fixed.
* Lots of small bugfixes.

Discussion is locked

Follow
Reply to: UPDATES - February 16, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: UPDATES - February 16, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
AntiVir PE vdf-6.29.0.128 02/16/2005
- Collapse -
F-Prot Antivirus update 02/15/2005
- Collapse -
avast! update 02/16/2005 {0507-1, 7.70-9218}
- Collapse -
Ad-AwareSE1R28 16.02.2005

SE1R28 16.02.2005

New definitions:
========================
SuperDialer +2

Updated definitions:
========================
CoolWebSearch +15
PowerScan
TopMoxie
ClickSpring

The MD5 checksum for the defs.ref file is 46c85663df0da16ac65a5687a29f353a

Additional Information
============================================
A new VX2 cleaner is coming up. Stay patient.

You can use Webupdate to install the new reference file, or download it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip

- Collapse -
More Info from Merijn for the newest HJT 1.99.1

News from Merijn:

Quote:
February 16, 2005:
Well, it took a bit longer to finish, but finally HijackThis 1.99.1 is available! This version has a boatload of improvements and fixes a lot of bugs, the most important being the crash bug on the O23 method ('HijackThis has generated errors and needs to be closed') on certain systems.

In other news, several big antispyware companies have dropped detection of WhenU's Save! program, without notifying anyone. After WhenU partnering with Aluria it seems WhenU is up to something. Read more about it here.

[Update] It seems McAfee is detecting the new HijackThis version as W32/Generic.worm!p2p. It is not the first time this happened and probably not the last time either. There is no virus in HijackThis. McAfee incorrectly detects the PE compression method I use on all of my programs as a generic Kazaa worm. I will try to contact McAfee about this and see if the incorrect detection can be removed in their next update.

Download at: http://www.spywareinfo.com/~merijn/downloads.html

- Collapse -
Roddy, McAfee Has Fixed The Problem With HJT

McAfee's release of the 4429 virus defintions today eliminated the false positive on the new HijackThis. All uses should update their virus definitions to the most recent version.

Hope this helps.

Grif

- Collapse -
Thanks for the update Grif, Merijn was hoping

they would do that soon.

- Collapse -
(NT) (NT) Thanks for the info Grif.
- Collapse -
Roddy & Donna, Glad It Helped! I Was ....

...able to pass the info along to the McAfee "powers that be".

Hope this helps.

Grif

- Collapse -
Spybot S&D Updates 2/16/2005

Specifics have not been released on the website yet but they are available through the update function on the interface.

Detection Rules-552KB

- Collapse -
Error?

When I try to update Spybot ... I get the update rules box - but when I try to download, I get an error that says:
!!! Bad checksum!!!
Anybody know what this is about.

- Collapse -
That is fairly common Jake when

the updates first come out. I got the same thing 3 times in a row and then went back 30 minutes later and they downloaded and installed fine. Just try it again later.

- Collapse -
This link for the Spybot S&D forum explains
- Collapse -
Specifics for yesterdays Spybot updates were

finally posted on the website and are as follows.
2005-02-16
Dialer
+ PPremiumInternacional
++ Autodialer
+ PDialerWeb
+ Mainpean
++ Coulomb (12744)
Hijacker
++ Iwantsearch
+ CommanderNet
++ WonWebLauncherControl
++ Copiloto
+ CoolWWWSearch (3)
++ CoolWWWSearch.AllCyberSearch
+ ISearchTech.Sidefind
Malware
++ OTX-Media
+ ISearchTech.IstDownloader
+ ISearchTech.ISTrecover
+ Look2Me.Topconverting (Cool
Spyware
++ Targetsaver (154)
+ DyFuCA.InternetOptimizer
+ WildMedia
++ IBIS Toolbar
+ Download Accelerator Plus
+ AdRoarPlugin
Trojan
++ Unisearch (2)
++ Sobit.C
++ Amitis (6)
++ NetShadow
++ Rana
++ Wintrim
++ ISearchTech.Javainstaller
+ CoolWWWSearch.XPlugin
+ Rex Services.Adtrojan
++ Lop.IE_ads

- Collapse -
The Cleaner Database v3757 2-16-2005
- Collapse -
NAV Live Update and Intelligent Updater

Intelligent Updater:
Virus Definitions created February 16
Virus Definitions released February 16
Norton AntiVirus Corp. Edition:
Defs Version: 70216g
Sequence Number: 41190
Extended Version: 2/16/2005 rev. 7
Total Viruses Detected: 69028

LiveUpdate:
Virus Definitions created February 16
Virus Definitions released February 16
Norton AntiVirus Corp. Edition:
Defs Version: 70216g
Sequence Number: 41190
Extended Version: 2/16/2005 rev. 7
Total Viruses Detected: 69028
New detections added for this release (Cool:
Threat Severity Type Discovered
Backdoor.Wortbot Category 1 Trojan Horse 02-16-2005
Bloodhound.Exploit.27 Category 1 - -
Trojan.Anicmoo Category 1 Trojan Horse 02-16-2005
Trojan.Goldun.B Category 1 - -
W32.Ahker.D@mm Category 2 Worm 02-16-2005
W32.Aimdes.B Category 1 - -
W32.Aimdes.C@mm Category 1 - -
W32.Mash Category 1 - -
http://www.symantec.com/avcenter/defs.download.html

- Collapse -
New iAVS update (VPS 507-2) for avast!

Note: Detection of Win32:Mydoom variant added

- Collapse -
SpySweeper Update 2.16.05
- Collapse -
NAV Live Update and IU (2nd one today)

This is an extra update for a category 3 worm.

Threat Severity Type Discovered
W32.Mydoom.AX@mm Category 3 Worm 02-16-2005


Intelligent Updater:
Virus Definitions created February 16
Virus Definitions released February 16
Norton AntiVirus Corp. Edition:
Defs Version: 70216af
Sequence Number: 41203
Extended Version: 2/16/2005 rev. 32
Total Viruses Detected: 69029

LiveUpdate:
Virus Definitions created February 16
Virus Definitions released February 16
Norton AntiVirus Corp. Edition:
Defs Version: 70216af
Sequence Number: 41203
Extended Version: 2/16/2005 rev. 32
Total Viruses Detected: 69029

New detections added for this release (1):
Threat Severity Type Discovered
W32.Mydoom.AX@mm Category 3 Worm 02-16-2005

http://www.symantec.com/avcenter/defs.download.html

CNET Forums

Forum Info