Spyware, Viruses, & Security forum

General discussion

UPDATES - March 14, 2007

by roddy32 / March 13, 2007 8:59 PM PDT
Spybot S&D Detection rules

2007-03-14
Adware
++ WhenU.DAEMONTools.SearchBar
Dialer
++ ClickYesToEnter
Keylogger
++ KeyExplorer
Malware
++ GraceCasino ++ PPCHook + ScanSpyware + Smitfraud-C. + SpywareBot ++ Win32.Agent.pz ++ Win32.Renos
PUPS
++ CasinoRoyal.PT
Trojan
++ Ardamax.GWKeygen ++ Banker.FAT ++ Cactus.D (3) + FakeBill ++ Nurech (2) ++ Nurech.TServer ++ ServU.H (3) ++ Win32.Agent.bca ++ Win32.Agent.mu + Win32.BHO.gen + Win32.Rbot ++ Win32.Virtumonde.ha + Windows AdTools ++ Wootbot.gen ++ Zlob.AdultAccess ++ Zlob.DNSChanger ++ Zlob.ImageActiveXObject ++ Zlob.PrivateVideo + Zlob.SiteTicket + Zlob.VideoAccessActiveXObject
Total: 367531 fingerprints in 63233 rules for 2745 products.
http://www.safer-networking.org/en/home/index.html

Please remember to Re-Immunize after updating!
Discussion is locked
You are posting a reply to: UPDATES - March 14, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: UPDATES - March 14, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
BOClean FILEDATE: 2007-03-14 10:03:26 (UTC)
by roddy32 / March 13, 2007 9:32 PM PDT
NINE new nasties for a total of 22248 UNIQUE infectors (267,383 variants of these including trojans, worms, bots, hijackers, downloaders, spam proxies, rootkits, adware, spyware, keyloggers, "dialers" and other malware in total) covered in today's update for BOClean 4.22. BOClean 4.21 and earlier are no longer supported and MUST be upgraded.

To UPDATE your existing BOClean database, doubleclick on your BOClean traybar icon and select "check for update" to have BOClean automatically collect and install your update for you. BOClean is designed to perform an autoupdate if left configured to do so. If you have problems with the autoupdate program, check your firewall settings - we use passive FTP download instead of the more conventional HTTP method and some firewalls may refuse to allow the program to connect unless you set rules to permit the BOClean autoupdate program to collect them. Please consult your firewall's instructions on how to do this if the update program is stopped or crashed by your firewall.

Please ALSO note that updates of the database do NOT "UPGRADE" BOClean 4.21 and earlier to 4.22. Doing so requires that we send you a replacement or (if you paid for the "extended download" when you purchased BOClean) you can go back and redownload BOClean from Digital River and obtain the 4.22 upgrade yourself. If you didn't opt for the "extended download" premium option at additional cost at time of purchase, then you need to contact upgrade@nsclean.com in order to upgrade to 4.22. Information on what you need to do in order to GET your upgrade are detailed here:

http://www.nsclean.com/upgrade.html

Please also note that if you ever miss an update (or several) the update you collect includes *ALL* previous update information. There is no need to go hunting down other updates. The current one is always complete.
Collapse -
TrojanHunter 4.6 Ruleset Update - Mar 13, 2007
by roddy32 / March 13, 2007 10:01 PM PDT

An updated TrojanHunter ruleset is available. This update adds at least 57 new trojan definitions:

Adware.Agent.174
Adware.BHO.165
Adware.Boran.130
Adware.Cinmus.106
Adware.IEHlpr.124
Adware.Softomate.151
Agent.1263
TrojanDownloader.Agent.1168
TrojanDownloader.Agent.1167
TrojanDownloader.Agent.1166
TrojanDownloader.Small.1262
Agent.1262
Agent.1261
Agent.1260
TrojanDownloader.VB.483
TrojanDownloader.VB.482
Dialer.InstantAccess.112
DNSChanger.285
DNSChanger.284
FakeAlert.108
HacDef.123
Hupigon.685
IRC-Worm.Netol.100
Klone.176
Nimosw.100
Obfuscated.197
PWSteal.FakeAIM.100
PWSteal.QQPass.825
PWSteal.QQPass.824
RiskTool.Starter.100
Rootkit.Agent.158
Rootkit.Agent.157
ShotOne.104
ShotOne.103
ShotOne.102
ShotOne.101
ShotOne.100
TrojanClicker.Agent.202
TrojanDownloader.AdLoad.408
TrojanDownloader.Agent.1165
TrojanDownloader.Agent.1164
TrojanDownloader.Agent.1163
TrojanDownloader.Agent.1162
TrojanDownloader.Agent.1161
TrojanDownloader.Agent.1160
TrojanDownloader.Agent.1159
TrojanDownloader.Banload.1041
TrojanDownloader.Banload.1040
TrojanDownloader.QQHelper.147
TrojanDownloader.Small.1261
TrojanDownloader.Small.1260
TrojanDownloader.VB.481
TrojanDropper.Agent.462
TrojanSpy.Agent.307
VB.539
VirTool.AttackerDown.100
Worm.Locksky.162

Licensed TrojanHunter users can easily update using TrojanHunter's LiveUpdate utility.

If you are using the trial version of TrojanHunter, use LiveUpdate after installation and then manually update after a few days (once a week or more is recommended).

License holders without an ongoing subscription please see http://www.misec.net/trojanhunter/updating/ for instructions on how to manually update to the latest ruleset.


You should have 111707 rules
http://www.misec.net/forum/board/RulesetUpdates/1173830062

Collapse -
ClamAV Database update #2839
by roddy32 / March 13, 2007 10:19 PM PDT

Latest ClamAV? stable release is: 0.90.1
Total number of signatures: 99282
ClamAV Virus Databases:
main.cvd ver. 42 released on 31 Dec 2006 13:09 +0100
daily.cvd ver. 2839 released on 14 Mar 2007 09:24 +0000
http://www.clamav.net/

Collapse -
NOD32 - 2114 (20070314)
by roddy32 / March 13, 2007 10:49 PM PDT
2007-03-14 13:20
BAT/Legend.B, BluFish.A (2), VBS/BluFish.A, Win32/Agent.AIR, Win32/Agent.NEJ, Win32/Agent.NGZ, Win32/Bifrose.BK, Win32/Delf.NEB (3), Win32/GhostKeylogger, Win32/Hupigon.NBY (5), Win32/KeyLogger.AdvancedKeyLogger.14 (9), Win32/KGBFreeKeyLogger.187 (3), Win32/Monitor.SecretAgent (4), Win32/Nuwar.gen, Win32/OrvellMonitoring, Win32/PSW.Agent.NBX, Win32/PSW.Agent.NCN (2), Win32/PSW.LdPinch.BGM, Win32/PSW.LdPinch.BQE (2), Win32/Rbot (4), Win32/RemoteAdmin.GlobalPatrol.30 (8), Win32/RJump.A, Win32/Spy.Banker.CKW, Win32/Spy.Banker.NWM, Win32/Spy.Banker.NWN (2), Win32/Spy.Banker.NWO (2), Win32/Spy.KeyLogger.MH (4), Win32/Tiny.E, Win32/TrojanDownloader.Agent.BDD, Win32/TrojanDownloader.Dadobra.IA, Win32/TrojanDownloader.Delf.AZM, Win32/TrojanDownloader.Delf.NRI, Win32/TrojanDownloader.Zlob.ATJ (10), Win32/VB.BAU (2), Win32/VB.DA
http://www.eset.eu/podpora/aktualizacia-2114-20070314?lng=en
http://www.eset.eu/support/update-xy1
Collapse -
NOD32 - 2115 (20070314)
by roddy32 / March 14, 2007 4:21 AM PDT
2007-03-14 17:41
IRC/SdBot (3), Win32/Adware.180Solutions (2), Win32/Agent.AFB, Win32/Bagle.ID (2), Win32/Bagle.IE (2), Win32/Bagle.IF (2), Win32/Hupigon.NBV, Win32/Mocalo.EC (5), Win32/Parite.B, Win32/Poebot (4), Win32/PSW.Lineage.AJJ, Win32/PSW.Lineage.AJP, Win32/PSW.Lineage.AWO, Win32/PSW.Lineage.DN (2), Win32/PSW.Lineage.NFP, Win32/PSW.Maran.CZ (4), Win32/PSW.VB.KG, Win32/Rbot (3), Win32/RemoteAdmin.DDetective.2000 (4), Win32/Rootkit.Agent.EG, Win32/Small.MG (2), Win32/Spy.Banbra.NEJ (2), Win32/Spy.Bancos.AAG (2), Win32/Spy.Bancos.AAH (4), Win32/Spy.Bancos.NFD, Win32/Spy.Bancos.NFM (2), Win32/Spy.Banker.AHY (3), Win32/Spy.Banker.NWP (2), Win32/Spy.Goldun.BW (2), Win32/Stration.YB (5), Win32/Stration.YC (5), Win32/Stration.YD (4), Win32/TrojanDownloader.Agent.BBB, Win32/TrojanDownloader.Agent.BCC, Win32/TrojanDownloader.Banload.ABN, Win32/TrojanDownloader.Banload.AFC, Win32/TrojanDownloader.Banload.NNO (2), Win32/TrojanDownloader.Dadobra.CV, Win32/TrojanDownloader.VB.APY, Win32/TrojanDownloader.VB.NJF, Win32/TrojanDownloader.Zlob.ATK (2), Win32/VB.NKC, Win32/Viking.CN (2), Win32/Wootbot.NHK
http://www.eset.sk/podpora/aktualizacia-2115-20070314
http://www.eset.sk/en/support/update-xy1
Collapse -
NOD32 - 2116 (20070314)
by roddy32 / March 14, 2007 9:06 AM PDT
Collapse -
a-squared signature update
by roddy32 / March 13, 2007 11:10 PM PDT
Collapse -
SUPERAntiSpyware 03/13/2007 #3199/1209
by roddy32 / March 13, 2007 11:30 PM PDT
Collapse -
SUPERAntiSpyware #3200/1210
by roddy32 / March 14, 2007 10:36 AM PDT
Collapse -
Ad-Aware SE1R160 14.03.2007
by roddy32 / March 13, 2007 11:46 PM PDT

New definitions:
====================
-

Updated definitions:
====================
AntiVermins +2
Win32.Trojandownloader.Zlob +1798

MD5 checksum is 13ba4004609565cc6bdd910dfd6aeae0

http://www.lavasoftusa.com/download_and_buy/detection_database/

You can use Webupdate to install the new reference file, or download it manually from:
http://download.lavasoft.com/public/defs.zip

If you think something needs to be sent to us for review, visit our submission site at:
http://www.lavasoftusa.com/support/securit...submit_file.php

If you have any questions, please contact us at:
http://www.lavasoftsupport.com

Collapse -
avast! 4.x VPS (released: 14.3.2007, version: 000723-2)
by roddy32 / March 14, 2007 12:08 AM PDT
Collapse -
AVG Anti-spyware 14:08 CET
by roddy32 / March 14, 2007 12:59 AM PDT
Collapse -
AVG Anti-spyware 16:00 CET
by roddy32 / March 14, 2007 1:42 AM PDT
Collapse -
Apple Security Update 2007-003 (Mac OS X 10.3.9)
by Donna Buenaventura / March 14, 2007 1:37 AM PDT
Collapse -
AntiVir Version: 6.38.00.56
by roddy32 / March 14, 2007 1:56 AM PDT
Collapse -
F-Prot (2nd from ) 03/13/2007
by roddy32 / March 14, 2007 2:19 AM PDT

Virus Signature Files Download
Version 6 of F-PROT Antivirus can detect a total of 539813 worms, viruses and other malicious programs with its latest virus signature file. This number differs from that of other versions of F-PROT Antivirus due to differences in design and structure.

For all versions of F-PROT Antivirus except version 6 and later
* Application/Script Viruses and Trojans (13 March 2007 )
* Document/Office/Macro Viruses (13 March 2007)
F-PROT Antivirus can detect a total of 412611 worms, viruses and other malicious programs with these latest virus signature files.
http://www.f-prot.com/products/currentversions.html
http://www.f-prot.com/download/signaturefiles.html

Collapse -
NAV Weeky and Daily
by roddy32 / March 14, 2007 3:05 AM PDT
Weekly Updates
Virus Definitions created March 14
Virus Definitions released March 14
Defs Version: 90314q
Sequence Number: 65965
Extended Version: 3/14/2007 rev. 17
Total Viruses Detected: 73212

Norton AntiVirus for Mac Defs released March 9

Symantec AntiVirus for Handhelds Defs released March 2

Daily Updates
Virus Definitions created March 14
Virus Definitions released March 14
Defs Version: 90314q
Sequence Number: 65965
Extended Version: 3/14/2007 rev. 17
Total Viruses Detected: 73212
http://www.symantec.com/avcenter/defs.download.html
Collapse -
AVG 7.5 - AVI 268.18.11/ 722
by roddy32 / March 14, 2007 3:08 AM PDT

Added detection of new variant of I-Worm/Stration, I-Worm/Locksky, Worm/VB.
March 14, 2007

Collapse -
McAfee Daily #4984
by roddy32 / March 14, 2007 3:48 AM PDT
Collapse -
Panda
by roddy32 / March 14, 2007 9:28 AM PDT
Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.