Friday, June 30, 2006

Ewido Anti-spyware Updated

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: June 30th, 2006
Known threats in database: 359,041

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Spy Sweeper Update 711

Spy Sweeper latest update.

Spyware definition: version 711

Updated June 30th, 2006
Protection against 141,238 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Sunbelt CounterSpy Update 367

CounterSpy 1.5 latest update definition is 367

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan-Downloader.Win32.Agent.alo, Linux.Plupii, BAT.Silly.AS, Trojan-Spy.Win32.Banker.bmi, Trojan-Spy.Win32.Banker.bmj, Trojan-Downloader.Win32.Delf.apz, Msgrua.A, Trojan.Opnis.F, Trojan-Downloader.Small.BEK, Trojan-Downloader.Small.AOE, Trojan-Downloader.VB.AAE, Trojan-Downloader.Win32.Small.buy, Carnival Casino, Dialer.PRPXDial, Trojan.Agent.Mgh, Trojan-Downloader.Small.AVT, Trojan-Downloader.Agent.Y, Trojan.Diamin.Q, Trojan.Agent.UB, Trojan-Downloader.VB.VC, Exploit.VBS.Phel.I, Trojan.Zapchast.AX, Trojan-Dropper.Win32.Microjoin.bj, Trojan-Downloader.Win32.WarSpy.d, Trojan-Downloader.Small.CVF, Trojan-Downloader.Hanlo.R, Trojan-Downloader.INService.GEN, Trojan-Downloader.Centim.AO, Trojan.LinkOptimizer, Trojan-Spy.Bancos.PW, Trojan-Downloader.Win32.Agent.alp, Trojan-Dropper.Agent.AKO, Trojan-Downloader.VB.ZS, Trojan-Downloader.Zlob.JY, Trojan-Downloader.Small.BVJ, Trojan-Spy.Win32.Banker.bkx, Trojan-PSW.Win32.Delf.ic, Packed.Win32.Klone.g, Backdoor.Win32.Bifrose.th, Trojan.Banker.Delf.CK, Backdoor.Haxdoor.K, Trojan.Spy.Banker.VE, Trojan.Spy.Banbra.GD, Trojan.Banker.Delf.E59D0DD3, Trojan.Banker.Delf.D1E671F4, Trojan.Banker.Delf.8F57A0BE, Trojan.Spy.Delf.JE, Trojan.Spy.Banker.VK, Trojan-Downloader.Tibs.DQ, Backdoor.Win32.IRCBot.ss, Backdoor.Win32.Bancodor.ab, Trojan-Downloader.Win32.Small.dcu, Trojan-Dropper.MSWord.Lafool.j, Backdoor.Win32.Bifrose.rr, Trojan-Spy.Win32.Banker.bly, Trojan-Downloader.Win32.Small.jh, Trojan-Spy.Small.DV, Trojan-Dropper.Agent.AMB, Trojan-Downloader.Zlob.KA, Trojan-IM.Win32.Agent.h, Trojan-Dropper.MSWord.Lafool.i, Trojan-Spy.Sters.P, Trojan-Downloader.Small.CPW, Trojan-Downloader.Small.CGY, Trojan.DNSChanger.EC, Trojan-Spy.Gepost.P, Trojan.Agent.NL, Trojan-Spy.Delf.RS, Trojan-Downloader.Small.DCX, Backdoor.Agent.ACI, Trojan.P2E.CO, Backdoor.PcClient.PB, Trojan.Dialer.PJ, Dialer.E-Group.U, Trojan-Downloader.Delf.AEU, Trojan-Proxy.Agent.HD, Backdoor.Win32.IRCBot.BV, Trojan.BHO.C

Threats that have been updated

DownloadWare, EGroup Sex Dialer, C2.Lop, XPCSpy, WebMail Spy, Win-Spy, WinSession Logger, CallingHome.biz, Begin2Search, Backdoor.Win32.Rbot.gen, Virtumonde, SpyGraphica Professional, Stealth Activity Reporter, EtherDetect, NiceSPY, Secret Explorer v6.0, Guardian Monitor, Exploit.Java ByteVerify, Visual Log, Trojan.Agent, XP Keylogger, XP Advanced Keylogger, DropSpam, Dimpy.Win32VBsy, SpyAxe, DollarRevenue, Trojan-Downloader.Gen, RazeSpyware, Trojan-Clicker.Win32.Delf.j, DesktopScam, FakeAlert, Trojan-Proxy.Win32.Agent.az, SkyAffiliate.2, Trojan-Spy.Win32.Banker.ark, FiveSec.Spam.Agent.vx, Goldun.Fam, Wab-Stealer, TagASaurus, Exploit.CHM, BraveSentry, Haxdoor.Fam, Trojan-Downloader.Win32.Small.ckj, Trojan-Dropper.Win32.Small.abx, Trojan-Downloader.Win32.Small.cpo, PWS.Order, SpamTool.Win32.Agent.h, Trojan-Downloader.Win32.Harnig, SystemDoctor, Trojan-Proxy.Win32.Xorpix.Fam, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Small.Cux, Backdoor.Win32.Agent.uu, Backdoor.Win32.IRCBot.rr, Trojan.Win32.Pakes, Trojan.Small.ADK, Infostealer.Banpaes, Trojan.Anserin, Infostealer.Bancos!gen, Trojan-Downloader.Dluca, Trojan-Clicker.Win32.Small.lc, Trojan-Proxy.Win32.Agent.km, Backdoor.Win32.Rbot.asn, Trojan.Win32.Agent.lv, Trojan-Dropper.Win32.Small.ape, Trojan-Proxy.Win32.Lager.aq, Trojan.Banker.Delf.9C530666, Trojan-Downloader.Win32.Small.cqs, Trojan-PSW.Agent.GR, Backdoor.Win32.Rbot.bcq, FullContext.PSHope, Trojan-Downloader.Win32.Small.cul, AdwareFinder, Exploit.ANI-MS05-002, Trojan.Win32.Agent.wc, eGroup, EGroup Dialer, Exploit.HTML.CodeBaseExec, NiceSpy Personal Monitor, Parite.B, PC SpyCam, Trojan-Downloader.Win32.Small.chk, Trojan-Downloader.Win32.Zlob.ab, Trojan-Downloader.Win32.Zlob.as, W32.Spybot.Worm

Ad Aware Update to SE1R113 28.06.2006

SE1R113 28.06.2006

Note: In this release, NoAdware has been lowered to a low risk item. NoAdware was previously included due to large amounts of false positives and dubious past business behaviours. After re-evaluation and changes made by the vendor, Lavasoft will place NoAdware in a
probationary period. As with all such changes, we ask for comments from our users and the online security community on this change.

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:


New Definitions:
========================
Adware.Astro +4
Backdoor.Nightmare +3
Win32.SymbOS.Cardblock

Updated Definitions:
========================
AB System Spy
Adware.DesktopMedia
Adware.DuDu
Adware.HuaCiSou
Adware.Maxifiles
Adware.MMSAssist +2
Adware.P2PNetworking
Adware.SystemProcess
Adware.Yazzle
AdwarePunisher
AdwareSheriff
BrowserAid
ClickSpring
CmdServices
CnsMin +3
CoolWebSearch
CustomToolbar
Dialer +23
Ebates MoneyMaker
ErrorSafe +2
GAIN
ImIServerIEPlugin
iSearch Toolbar
MalwareWipe
Marketscore(Netsetter)
OrbitExplorer +2
PromulGate
Search Relevancy
SearchMaid
SpywareNo +9
SpywareQuake
SpywareSheriff
Win32.Backdoor.Agent +3
Win32.Backdoor.CiaDoor
Win32.Generic.PWS +4
Win32.Harnig.Trojan
Win32.Trojan.Agent +2
Win32.Trojan.Downloader +12
Win32.Trojan.Hexdoor +2
Win32.Trojan.Krepper
Win32.Trojan.Mirc +5
Win32.Trojan.StartPage +3
Win32.TrojanClicker
Win32.TrojanSpy.Goldun

Spyware Doctor Update 3.0504

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0504 0
Intelli-Signatures: 62,650

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0504 0 - Caishow, Trojan.Downloader.Agent.DK, Trojan.Downloader.Banload.FZ, Trojan.Downloader.Zlob.PJ

3.0503 0 - AdFinder Toolbar, Backdoor.Agent.XU, Backdoor.Harvester, Common Components for YL Computing, PCSpy Keylogger

3.0502 0 - Adware Finder, Backdoor.Avstral, QDial24, StatWin Pro, Trojan.Downloader.Agent.OE, YourEnhancemen

Extended Intelli-Signatures:

3.0504 0 -180search Assistant, Backdoor.Agent.PX, Backdoor.Beastdoor, Backdoor.CIADoor.13, Backdoor.Hackdoor, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD,Brilliant Digital, BrowserAid, CasinoClient, ClientMan, Common Components for Integrated Search Technologies (IST) Items, Common Components for WinSoftware, Dialer.GlobalDialer, E2.Give, EliteBar, Email.Worm.Bagle, Keenvalue, MediaGateway, MyFreeCursors, PornMag Pass, Pugi.Qidion, Pugi.SearchitBar, PurityScan,
Rootkit.Order, Spy Key Logger, SystemDoctor, Trojan.Downloader.Agent.XQ, Trojan.Downloader.Ruins, Trojan.Downloader.Small.CQB, Trojan.Downloader.Small.WB,
Trojan.Dropper.Small.WP, Trojan.FakeAOL, Trojan.Fald, Trojan.Popuper, Trojan.PWSteal.Lineage, Trojan.Small.FH, TV Media Display, WinAntiVirus, Wonderland.33107, Zango Search Assistant

3.0503 0 - Adware.Defender, Back Orifice 2K, Backdoor.Agent.PX, Backdoor.Hackdoor, Backdoor.Sdbot.AAD, Backdoor.Theef, ClkOptimizer, Common Components for Toolbars, Comodo Trust Toolbar, Cram Toolbar, Dollarrevenue, Dotcomtoolbar, EliteBar, Email-Worm.Delf.v, Forbes, FreeScratchAndWin Beta, FriendGreetings E-Card, HomepageProtector, Known Bad Sites, MediaMotor, SahAgent, SideFind, SurfSideKick, Trojan.AOLPass.B, Trojan.Crypt.D, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Pacimedia, Trojan.Downloader.VB.TW, Trojan.Fald, Trojan.PSW.Hangame, Trojan.Repsamo, Trojan.Spywad.B, WinFixer, XP Advanced Keylogger, Xpehbam.biz dialer

3.0502 0 - AdRotator, Alexa, AproposMedia, Backdoor.Agobot, Comforest Dialer, Common Components for Trojans, Common Components Unrelated, CWS.Searchmeup, DialerPlatform, Instant Access, ISTbar, PCPolice, Pops Stop, SpywareNo, SystemDoctor, Trojan.Agent.FG, Trojan.Crypt.E, Trojan.Delf.EQ, Trojan.Dialer.FU,
Trojan.Downloader.CashDeluxe, Trojan.Dropper.Small.AEK, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Small.FH, Trojan.StartPage.HT, Trojan.Win32.Alureon.B, Zeno Search Assistant

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Wednesday, June 28, 2006

spywareBlaster Update

Database items = 6406 18 are new
Updated , 28th June 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer
Please use the web update feature withinSpywareBlaster to obtain the latest definitions.
Enable all protections once downloaded.

WGA Notification Update

A few days ago I was talking about how to disable Microsofts WGA Notification. Not that I have anything against steps that are being taken to reduce the software piracy problem. I just felt that the way it was installed and the fact that it phoned home on every reboot was a bit too much.

Today, Microsoft have released an update to the WGA Notification,

Today, Microsoft released an updated WGA Notifications package. With this update, the pilot phase of WGA Notifications is complete, and the program will continue with a phased roll-out to Windows XP users worldwide. All English, Spanish, French, German, Italian, Dutch and Brazilian Portuguese users of Windows XP running Automatic Updates will soon be offered an updated package with a new version of WGA Notifications.

The updated package includes some notable changes to the software based on customer feedback from the previous version.

No daily configuration check
In the pilot phase, a PC that had installed WGA Notifications checked a server-side configuration setting upon each login, to determine if WGA Notifications should run or not. This configuration file check has been removed in the updated WGA Notifications package released today. It is important to note that WGA Validation still periodically checks to determine whether the version of Windows is genuine.

Clearer EULA and instructions to opt-in.
The End User License Agreement (EULA) has been replaced with a standard, General Availability EULA that more clearly explains the purpose of the software and details about WGA Notifications. For customers who choose not to install the updated package, and wish to remove an installed previous version, Microsoft has made available a set of instructions for removing previous versions of WGA Notifications from their PCs.

The instructions for removing previous WGA Notifications can be found here.

Well done to Microsoft for listening to it's customers, this is a step in the right direction I think.

Monday, June 26, 2006

Spy Sweeper Latest Update

Spyware definition: version 707

Updated June 26th, 2006
Protection against 140,882 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 140,882 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Claria To Stop Spying

Yeah right... and I'll be 21 next week!!!!

Ok so I shouldn't be too sarcastic, Claria are actually telling people to uninstall their software.

Claria will stop displaying GAIN pop-up and other ads on July 1, 2006 and will stop supporting all GAIN Supported Software on October 1, 2006. After October 1, 2006, GAIN software may not function properly.

Our software will continue to collect data about your web usage from your computer for research and other purposes as described in our Privacy Statement until September 30, 2006, unless you uninstall the software before this date.

It is recommended that you uninstall all of GAIN Supported Software presently on your computer. To view a list of GAIN Supported Software installed on the computer you are currently using click here

So they are still going to be collecting information on you for research purposes... like they kill whales for research purposes... unless you uninstall of course.

Well I suppose there is a first time for everything. If you are a fan of Claria software and have it installed on your computer then there is more information at Claria's site

Saturday, June 24, 2006

SpywareFighter Webhelper Is Back

Webhelper has his new site up and you can find it at http://www.webhelper4u.net/ . One of the spyware makers, DollarRevenue, has been attacking his old site to keep it offline. Most people may not know Webhelper, but his work has been the basis for many antispyware programs, like Ad Aware, and block lists. By attacking him, it seems that DollarRevenue is trying to silence him. This tactic has been used before. Popular antispyware site Spywareinfo.com has been attacked like this before. So has Castle Cops, Spybot Search and Destroy's site, and Merijin.org (the maker of Hijackthis).



Webhelper is currently a senior research analyst for Sunbelt Software, who makes CounterSpy.

Spy Sweeper Update #706

Spy Sweeper latest update.

Spyware definition: version 706

Updated June 23rd, 2006
Protection against 140,775 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spybot Search and Destroy Update

Spybot Search & Destroy - http://spybot.info/en/updatehistory/index.html

Note this update fixes the false positive that Spybot detected if you have the new Ewido Antispyware version 4 installed.

Hijacker
+ Crackspider ++ SpywareSoftStop.Hijacker + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Keylogger
++ Ardamax (2) ++ HellzLittleSpy
Malware
++ VirusBlast + Winhound + SurfSideKick + Smitfraud-C. ++ TitanShield ++ Pokapoka79 ++ Win23.PE ++ XXXTeenPornPack + Vcodec.eMedia
Spyware
+ PurityScan
Trojan
+ MZS.Spoolserver32 + Wild Media + Haxdoor-H ++ Zlob.XPasswordManager + Zlob.Downloader ++ SearchSpy ++ Win32.Murlo.du ++ Small.cxl ++ LowZones.df ++ Win32.Lager.aq (2) ++ SilentCaller.pw ++ S.P-Bot.B ++ ConHook + Virtumonde ++ Zlob.PornMagPass (2)
Total: 332792 fingerprints in 43604 rules for 2048 products.

Ewido Anti-Spyware - Update

Note that all future updates the we give for Ewido are for the newer version, which has been renamed to Ewido Antispyware. The new version doesn't have a numer for the update. You can tell if you have the most recent update by the number of threats in the database, however.

Date of Update: June 23rd, 2006
Known threats in database: 354,904

Ewido Anti-Spyware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Anti-Spyware

Sunbelt CounterSpy Update #363

CounterSpy 1.5 latest update definition is 363

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

New Threats Added to Database

Backdoor.Eterok, Trojan-Downloader.Win32.Small.bkg, Backdoor.Brepibot.Fam, SecurityRisk.Downldr, Backdoor.Pakes.BS, Exploit.JS.Exception, Exploit.MHTMLRedir, Backdoor.Win32.Rbot.aeu, Trojan-Downloader.Win32.Agent.aho, Xupiter.StopMessengerSpam, HateStupid, Soccer.A, Trojan-Downloader.Win32.Agent.td, Trojan-Downloader.Small.AUU, Trojan-Downloader.NSIS.QQHelper.b, Backdoor.IRC.Kanallar.g, Backdoor.Win32.Delf.asp, Trojan-Clicker.Win32.Small.lc, BackDoor.AVW, Trojan-Downloader.Small.3500, Trojan-Proxy.Win32.Agent.km, rojan-Downloader.Win32.Delf.z, SpyMail, X Password Manager, MySee Alert, Backdoor.Darkmoon.C, Trojan.Downloader.Small.BUM, Trojan.Spy.Banbra.ET, Trojan.PWS.QQPass.GZ, Trojan.Banker.Delf.BL, Trojan.Banker.Delf.89984057, Backdoor.Ginwui, Trojan.Banker.Delf.BD3AA7F0, Infostealer.Menghuan, W32.Monikey@mm, Trojan.Voxom, Trojan.Banker.Delf.A39B0E64, W32.Mydoom.FS@mm, Trojan.Banker.Delf.AB50A6AA, Trojan.Spy.Banker.BGL, Trojan.Spy.Delf.IA, Trojan.PWS.QQPass.HD, Trojan.Spy.Delf.HQ, Trojan.Banker.Delf.060CC583, Trojan.Spy.Banker.BDP, Backdoor.Delf.ARG, Trojan.Banker.Delf.0B66F4BC, Backdoor.WinShell.50, Trojan.Win32.BKClient, Trojan-Downloader.Mediket.CD, Trojan-Downloader.Win32.ConHook.aa, Backdoor.Win32.IRCBot.sj, BackDoor.VB.a.gen, Backdoor.IRC.Kelebek.aj, Backdoor.Win32.Hupigon.BV, Trojan.Proxy.970, Trojan.Win32.Agent.vp, Trojan-Downloader.Small.CQB, Trojan-Proxy.Win32.Horst.be, Trojan-Proxy.Win32.Horst.bh, Trojan-Downloader.Win32.Small.CWC

Threats that have been updated

eXact.BargainBuddy, Go!Zilla, IST.ISTbar, Look2Me, MediaCharger, Weatherbug, ClickSpring.PuritySCAN, WhenU.Save, Surf Spy, DialerPlatform, W32.Spybot.Worm, CWS.HomeSearchAssistant, SpyKeySpy, SpyMyPC, Spy Lantern Keylogger, Stealth KeyLogger, Personal Desktop Spy 2.10, Trojan.Vxgame, SpySheriff, Spytector, SSA-KeyLogger, Spy-Keylogger, BigBlue.01, Regfreeze, DollarRevenue, xploit.WMF, Trojan-Downloader.Gen, Parents CyberAlert, XControl, System Surveillance Pro, DesktopScam, FakeAlert, Backdoor.IRC.Zapchast, FiveSec.Spam.Agent.vx, Goldun.Fam, Haxdoor.Fam, PigSearch, Trojan-Proxy.Win32.Wopla.u, Trojan-Downloader.Win32.Small.cpo, Trojan-Downloader.Win32.Harnig, Trojan-Proxy.Win32.Xorpix.Fam, Ginwui.B, Trojan-PSW.Win32.Sinowal, Zlob.Media-Codec, Trojan-Downloader.Win32.Tiny.cl, Trojan-Downloader.Win32.Small.ctf, Trojan-Downloader.Win32.Delf.ang, Backdoor.Win32.Agent.uu, Trojan-Proxy.Win32.DcomServ, KillAndClean, Worm.Win32.Agent.h, Infostealer.Banpaes, Infostealer.Bancos, Trojan.Anserin, Infostealer.Bancos!gen, ackdoor.Graybird, Trojan.Dropper, Trojan Horse, Infostealer, Infostealer.Lemir, Backdoor.Prorat, Backdoor.IRC.Bot, Backdoor.Trojan, Downloader.Bancos!gen, IRC Trojan, Trojan.Emcodec, Backdoor.Darkmoon, Infostealer.Banker.B, Trojan.Jupillites, Trojan-Downloader.Agent.ALZ, ASH 0.2, ASH 0.2 fix1, BackDoor v2.02, Blackhole 2005 Enterprise 0726, Bloodhound.Tibs, CWS.Trojan.Downloader.Gen, Desktop Spy Agent, Download.Trojan, Downloader.Trojan, FKWP 1.5, GayOL, Java/Byteverify, KeyTrap V2.0, Microspy, Molela v1.0, NastyXP v 1.1 beta2, ProRat v1.6, Remote Desktop Control 1.2, Remote Desktop Control 1.3, Remote Desktop Control 1.5, Remote Desktop Control 1.5.0.70, RemoteShut 1.4
SnapKey Parental Internet Monitor, Tian Troj GG 0.2, Trojan-Downloader.LoaderEXE.C, Trojan.Downloader.Time2Pay.AQ, Trojan.Galapoper.A, TrojanDownloader.loadadv, WinRat

Friday, June 23, 2006

Spyware Doctor Update

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0499 0
Intelli-Signatures: 62,081

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0496 1 - MrFindALot, SentryPC, Yahoo Messenger Spy
3.0497 0 - Common Components for Toolbars, PornMag Pass, Trojan.Hooker, Trojan.Spy.Delf.R, Trojan.VB.ABV
3.0498 0 - Email-Worm.Delf.v, Trojan.Dialer.BY, Yazzle Cowabanga
3.0499 0 - Family Cyber Alert, PC eGuardian, Trojan.Downloader.Small.CX, Trojan.Nixgen, Trojan.Proxy.Agent.AA


Extended Intelli-Signatures:
3.0496 1 - Backdoor.Agent.PX, Backdoor.CXH, Backdoor.Rbot.Gen, Backdoor.Sdbot.AAD, ClkOptimizer, CommonName, CWS.Cassandra.A, CWS.XPSystem, DealBar, Desktop Media, Deskwizz, Energy Plugin, eZula, Fast Video Player Dialer, GogoTools, GoZilla, IEAccess.IEDial, Instant Access, LockSky, Maxifiles, MediaGateway, OnWebMedia, QQFace, RXToolbar, SahAgent, SpyAxe, Trojan.Banker, Trojan.Downloader.Banload.BE, Trojan.Downloader.Banload.CK, Trojan.Downloader.CashDeluxe, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.WB, Trojan.Downloader.VB.AAL, Trojan.Downloader.Zlob.AS, Trojan.Dropper.Small.AEK, Trojan.Fald, Trojan.Fivesec.A, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.CT, Trojan.Repsamo, Trojan.Spybot.GL, VX2.Look2Me
3.0497 0 - 2020search.com, Backdoor.Agent.PX, Backdoor.Banito, Backdoor.CXH, Backdoor.Rbot.AEU, Backdoor.Sdbot.AAD, Blondes, Common Components for CWS, Common Components Unrelated, Comodo Trust Toolbar, CrackedEarth, CWS.IEengine, Dotcomtoolbar, Energy Plugin, ezSearchbar.B, Fast Video Player Dialer, ISTbar, MediaGateway, PurityScan, SearchCentrix, SlimFTP, SpywareNo, Trojan.Bancos.JL, Trojan.Downloader.PV, Trojan.Downloader.Small.AWA, Trojan.Downloader.Small.CQB, Trojan.Fivesec.A, Trojan.Popuper, Trojan.Zlob.C, Zango Search Assistant
3.0498 0 - AdRotator, Adware.Defender, Backdoor.Bobic.K, Backdoor.Hackdoor, Backdoor.Hupigon.GT, Backdoor.Padodor, Backdoor.Thunk.E, Common Components for Trojans, CommonName, Cram Toolbar, CWS.MCICDB, CWS, Golden Eye, Instant Access, Known Bad Sites, LinkMaker Hijacker, LittleHelper, Maxifiles, PremiumSearch, Regfreeze Hijacker, SpywareQuake, ToonComics Hijacker, Trojan.Bancos, Trojan.DNS Changer, Trojan.Downloader.Delf.KS, Trojan.Downloader.Femad, Trojan.Downloader.Harnig, Trojan.Downloader.Small.CQB, Trojan.Dropper.Agent.HL, Trojan.Fald, Trojan.Polymorph, Trojan.Popuper, Trojan.Proxy.OPU, Trojan.Proxy.Small.CT, Trojan.Runner.F, Trojan.Spy.Agent.EW, Trojan.StartPage.GEN, Trojan.Tooso, Virtumonde
3.0499 0 - AproposMedia, BackDoor.Agent.OO, Backdoor.Agent.PX, Backdoor.Beastdoor, Backdoor.Hackdoor, Backdoor.Rbot.AEU, Backdoor.Sdbot.AAD, ClkOptimizer, Cram Toolbar, CWS, CWS.XPSystem, Dollarrevenue, Enbrowser, ISTbar, Known Bad Sites, Lop.com, Marketscore Netsetter, Possible Website Hijack, PurityScan, SysCheckBop32, Trojan.Agent.HR, Trojan.Downloader.CashDeluxe, Trojan.Downloader.ConHook, Trojan.Downloader.Harnig, Trojan.Downloader.Small.AMB, Trojan.Downloader.Small.AMQ, Trojan.Downloader.Traffbiz, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.HL, Trojan.Dumaru, Trojan.Fald, Trojan.Fivesec.A, Trojan.Icekboy.F, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.CT, Trojan.Vxgame, VX2.Look2Me, Yazzle Snowball Wars, Zeno Search Assistant



General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Thursday, June 22, 2006

Disable WGA Notification

There has been a lot of discussion about the last set of Microsoft Security updates, namely the fact that WGA Notification was installed, and sneakily at that, in my opinion.

Now I have no problem with validating my copy of Windows, and if I have to validate it everytime I need to download something from Microsoft, then fair enough, I can live with that . But I don't like the fact that everytime I boot up my computer, WGA notification (not validation) phones home.

There are various methods of disabling this intrusion but the best one so far is blogged by Suzi Turner at ZDNet today. Like Suzi, I too had been blocking WGA Notification with my firewall, but AutoRuns is a quick and free download and is useful for a whole lot more than just turning off a nag.

Update; I've noticed that I get a notification from Microsoft of a new update on reboot, yes folks it's the WGA Notification tool. I have my updates set to notify me but not download automatically... so I was able to say thanks but no thanks.

To check your Windows Update settings go to Control Panel, click on Security Centre and then scroll to the bottom and click on Automatic Updates. I have mine set to notify me but not to automatically download or install.

Wednesday, June 21, 2006

Big Changes For Ewido

A new version of Ewido has been release, Ewido Anti-Spyware 4. There have been major changes to the entire program, and from my first look, all for the better. The name has changed from Ewido Antimalware to Ewido Anti-Spyware. This is more than a simple update; you'll need to download and install this new version. If you have paid for the previous version of Ewido, then you have the option to move your license to this new one. Whether you have the free or paid version, I recommend that you uninstall the older program before installing Ewido Anti-Spyware 4. This will prevent problems when installing the new program.

This new version of Ewido replaces the older one. So you need to update to Ewido Anti-Spyware 4 to get the latest updates. Let's take a look at what the new Ewido looks like and can do.


To the left, you can see a screen shot of the main page for Ewido Anti-Spyware. You can click this picture or any of the ones in this post to see them at regular size.

Like most of the pages in the program, the most important info is on the left side. Across the top are different functions that Ewido can do. The ones you'll use the most are the scanner and update ones.

This is an example of the free trial, which is now available for 30 days. Older versions of Ewido had only a 15 day trial. If you do have an older trial version, be sure to uninstall it before upgrading to Ewido Anti-Spyware 4. My trial version was expired, but I got a new 30 day trial by uninstalling the old one first.

To clean spyware from your computer, you'll select the scanner button on the top menu. Then you'll see what is in the picture to the left. You have several options to choose from. A complete scan, a quick scan, and a few specialized ones.

If you have spyware on your computer, I suggest doing the complete system scan. This will allow Ewido to look for spyware and trojans where ever they may be hiding on your computer. If you don't have spyware, then the fast system scan is a good choice. It won't look in as many places, so it could miss something if you are infected. In my test, I did a fast scan and it did not find anything that the complete scan did find. The registry and custom scans look at those two specific places. It's not something that most people should use, since you will have to run a regular scan if something is found. The custom scan allows you to scan only certain parts of your computer. One example I can think of is to have a folder you download new files to and then have Ewido only scan that folder.

I did a complete scan on one of my computers. I use the computer to test spyware, adware, and trojans, so there were a few bad files that Ewido could find. They are only installers or parts of spyware programs, so this isn't a complete test to see how well Ewido does. Ewido used to put a warning for each spyware file it found as it was doing the scan. Now it will wait until the scan is done and list everything for you to look over at once. This is much better in my opinion, because you can leave the scan while it is running.

In this scan, everything that Ewido found was a bad file. The recommended action to quarantine is the correct thing to do with them. The one found that was set to ignore once is also bad, but it won't be able to do anything by itself. With new updates, it will most likely be removed by Ewido. If something is found that you don't want to remove, then you can click on the orange word quarantine and change it to one of the other options, like ignore once.

At the end of a scan, you can save the report to look at later. If spyware is found, then one is saved for you. If you need help from someone else, they may want to look at it. Click the report button on the top of the program, and you will have a list of the scans that you have done. You can save the report or simply copy and paste it to a posting at on online spyware removal help forum.

Let's take a look at a few of the other features of Ewido. The shield button is for the real time monitor. It is available only during the 30 day trial or if you have a paid subscription. This watches your computer for spyware, and can help to prevent it from getting on your computer. The infections button will take you to any spyware files that have been removed from your computer. This is where the quarantine option puts them. Quarantine files can't do anything, so if something was removed by mistake, then you can put it back to where it belongs. After a few days of using your computer, you should remove any malware files from the quarantine. Use the remove finally button at the bottom to do this. The analysis and tools buttons provide some useful ways to learn more about your computer, but are not newbie friendly. Last, there is a help file that can give you answers to any questions you may have about Ewido Anti-Spyware.

Overall, I find that this new version of Ewido is a great improvement. It is light on computer resources and memory, easy to use, and scanning is improved over the last version. One of my complaints about the older version was it alerted you about every suspicious file it found while it was scanning. This could get tedious on a computer with many detected malware files. Extending the trial period to 30 days is also a good move. This allows people more time to use and judge the program. One thing I do not like about this new version is it does not tell you what update you have installed. You can get around this by looking at the number of threats detected, but it is probably better to just check for updates every time you open the program to make sure you have the latest detections. These are minor problems though, Ewido is a great free product.

Spy Sweeper Latest Update

Spy Sweeper latest update.

Spyware definition: version 703

Updated June 20th, 2006
Protection against 140,573 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Monday, June 19, 2006

Spyware Fighter Webhelper Under Attack

Spyware DollarRevenue has targetted the web site of Webhelper. Webhelper has been fighting spyware for several years. First as one of the researchers for Lavasoft's Ad Aware, and now as a spyware researcher for Sunbelt Software . He has his own site called webhelper4u.com, which lists much of his work. Lists of many bad web sites for CoolWebSearch, SmitFraud, and many other bad sites to avoid are listed there.

This is posted on his site right now:

As of June 16, 2006, I have been under a DDos attack from a trojan installer that DollarRevenue.com began using which was called from one of the Russian VladZone gangs sites and which with my current hosting company, I cannot block the attacks which in 3 days went over 125 Gig in bandwidth usage of my alloted 200Gig per month. They are putting url addressess to free web pages designed to load my sites pages as if they were images and with the use of a trojan from the VladZone and bundled in DollarRevenue.com infestations, I cannot and will not put all my time into fighting groups that have been running since 2003 and authorities around the world have not been able to stop.


While most people outside of the antispyware community probably don't know him, his work has been the basis for many antispyware programs, like Ad Aware, and block lists. By attacking him, it seems that DollarRevenue is trying to silence him. This tactic has been used before. Popular antispyware site Spywareinfo.com has been attacked like this before. So has Castle Cops, Spybot Search and Destroy's site, and Merijin.org (the maker of Hijackthis).

Spy Sweeper and Ewido For June 19

Spy Sweeper latest update.

Spyware definition: version 702

Updated June 19th, 2006
Protection against 140,573 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Current database: #1937
Date of Update: June 19th, 2006
Known threats in database: 352,984

Spyware Doctor Update 3.0495

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0495 0
Intelli-Signatures: 61,447

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:

3.0495 0 - Backdoor.CWD, Backdoor.Poebot.F, SpyPal
3.0494 0 - Backdoor.Agent.JN, Backdoor.Banger, LinkOptimizer, MG-Shadow Monitoring Software, Trojan.Dadobra.CP

Extended Intelli-Signatures:

3.0495 0 - Backdoor.Agobot, Backdoor.Banito, Backdoor.Bifrose.R, Backdoor.Bifrose, Backdoor.Netdevil, Backdoor.SpyBoter, Carpe Diem, Comedy Planet, Crystalysmedia Assistant, EliteBar, Email-Worm.Win32.Prox.B, eZula, Fast Video Player Dialer, HotBar, KeyKey2000 Professional Keylogger, Known Bad Sites, LinkMaker Hijacker, LockSky, Lop.com, Marketscore Netsetter, Maxifiles, MediaTickets, PurityScan, SexDialer, SpyAxe, SurfSideKick, SystemDoctor, Trojan.BeastPWS.C, Trojan.Downloader.Agent.SY, Trojan.Downloader.Banload.BC, Trojan.Downloader.Harnig, Trojan.Downloader.Obscux, Trojan.Downloader.Small.AWA, Trojan.Downloader.Small.CAM, Trojan.Downloader.Small.CQB, Trojan.Dropper.Small.AEK, Trojan.Dumaru, Trojan.Emspy, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.CT, Trojan.Spybot.GL, Trojan.Startpage.FH, Virtumonde

3.0494 0 - 180ad Solution, 2nd-thought.com, AproposMedia, Backdoor.Bifrose, Backdoor.ProRAT.K, Backdoor.Sdbot.AAD, Derbiz, Dollarrevenue, IEFeats, Instant Access, Maxifiles, Rogue Anti-Spyware Products, SpywareSheriff, SurfSideKick, System Surveillance, SystemDoctor, Trojan.Agent.FG, Trojan.Downloader.Adload.I, Trojan.Downloader.Harnig, Trojan.Downloader.Monurl, Trojan.Downloader.Small.AWA, Trojan.FavAdd.AE, Trojan.Fivesec.A, Trojan.Popuper, Trojan.PSW.Cain, Trojan.Spy.Banker.AEW, Virtumonde, VX2.Host, VX2.Look2Me, WhenU.SaveNow

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Saturday, June 17, 2006

Ewido Antimalware Update

Current database: #1933
Date of Update: June 17th, 2006
Known threats in database: 351,998

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Friday, June 16, 2006

Spy Sweeper and Spybot Search & Destroy Updates

Spy Sweeper latest update.

Spyware definition: version 700

Updated June 16th, 2006
Protection against 140,462 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are over 140,000 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Spybot Search and Destroy also has been updated.

6-16-2006

Dialer
+ TIBS
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
+ PestTrap + Vcodec.eMedia + Swizzor (2)
PUPS
+ Hotbar
Security
+ Windows.RedirectedHosts
Spyware
+ 180Solutions.SearchAssistant
Trojan
+ DigiKeygen (18 ) + BraveSentry + Win32.Small.kw + Win32.Agent.mn + Zlob.Downloader + Small.cxl + Click.AgentHI

Total: 331476 fingerprints in 43336 rules for 2028 products.

Spybot is available from
Safer-Networking.org

CounterSpy Update 359

CounterSpy 1.5 latest update definition is 359

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

ErrorProtector, Trojan-Downloader.Win32.Small.cpg, Trojan-Spy.Win32.KeyLogger.cd, Backdoor.Win32.Pahador.o, Trojan-Proxy.Win32.Small.eo, Trojan-Downloader.Win32.Small.dax, Trojan-PSW.Win32.LdPinch.aov, Trojan-Downloader.Win32.Small.bux, Trojan.Win32.KillAV.hd, Backdoor.Win32.Iroffer.b, Trojan-Downloader.VB.AER, Trojan-Downloader.Agent.ALI, Trojan-Spy.Banker.ALR, Trojan-Downloader.Win32.Small.daz, Trojan-Dropper.Win32.Small.apv, Trojan-Downloader.Win32.Small.cy, Trojan-Proxy.Win32.Small.du, Worm.Win32.Agent.h, Trojan-Dropper.Win32.VB.mo, Trojan-Spy.Win32.KeyLogger.jt, Trojan-Downloader.Win32.Agent.uj, Trojan-Downloader.Small.DBA, Trojan-Downloader.Agent.ALJ, Trojan-Clicker.Small.CC, Trojan-Dropper.Agent.OL, Trojan-Downloader.Tibs.ET, Backdoor.Spybot.C, Trojan.Win32.Small.fb, Trojan-Downloader.Small.CSH

Threats that have been updated

AdRoar, Delfin.Media Viewer, DownloadWare, Family KeyLogger, Go!Zilla, C2.Lop, PC Spy, PC Activity Monitor, WhenU.Save, TinyBar, WhenU.ClockSync, 180solutions.SearchAssistant, IST.SideFind, Desktop Spy Agent, eXact.BullseyeNetwork, MediaMotor, eZula.Dash.PcCleaner, eZula.Dash.Connect, iSearch.DesktopSearch, InternetOffers, Admilli Service, Personal Inspector, ILL-Eagle DL, iProtectYou, PC Bloodhound, PC Police, Trojan.Vxgame, ABetterInternet.Aurora, AntiVirus Gold, Trojan-Downloader.abc, Xware, PSGuard, SystemSoap Pro, NetPatrol 2.0, OverSpy, MFinc.SmallHttpServer, BackDoor.Galapop.A, PC Spy Keylogger, MyGlobalSearch.Toolbar, WinFixer, My247eShopper, Desktop Links, Backdoor.SdBot.aad, DollarRevenue, Netdsg-Keylogger, DesktopScam, WinHound, EliteMediaGroup, Goldun.Fam, Trojan-Downloader.Win32.Small.awa, BraveSentry, Haxdoor.Fam, Powered Keylogger, Trojan-Downloader.Win32.Harnig, Zlob.Media-Codec, Trojan-Downloader.Win32.Small.ABD, Trojan-Proxy.Win32.Xmiler

Spyware Doctor Update 3.8.0.2582

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0490 1
Intelli-Signatures: 61285

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0490 1- ICQ Spy Monitor
3.0490 0- ICQ Spy Monitor
3.0489 0- Adware.NewWeb, Backdoor.Agent.CFC, Backdoor.Recub, Common Components for Backdoors, KillAndClean, Power Spy, Trojan.Agent.QW, Trojan.Clicker.VB.LX, Trojan.Delf.BZ, Trojan.Downloader.Banload.AM, Trojan.Spy.Banpaes.M, Trust Cleaner

Extended Intelli-Signatures:
3.04901- ActMon Keylogger, BaiDu, CasinoClient, CnsMin, Common Components for Keyloggers, Deskwizz, Perfect Keylogger, PurityScan, SpyAxe, SpywareQuake, SupremeSpy, SystemSleuth Keylogger, Trojan.Downloader.Agent.SX, Trojan.Downloader.Harnig, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Proxy.Agent.FP, Virtumonde, Web3000, WhenU.SaveNow, YahooStock
3.0490 0- ActMon Keylogger, BaiDu, CasinoClient, CnsMin, Common Components for Keyloggers, Deskwizz, Perfect Keylogger, PurityScan, SpyAxe, SpywareQuake, SupremeSpy, SystemSleuth Keylogger, Trojan.Downloader.Agent.SX, Trojan.Downloader.Harnig, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Proxy.Agent.FP, Virtumonde, Web3000, WhenU.SaveNow, YahooStock
3.0489 0 - Adware.Defender, Backdoor.ABJ, Backdoor.Agobot, Backdoor.Rbot.Gen, Casino, CnsMin, Common Components for 180Solutions items, Common Components Unrelated, CWS.Search For, Dialer.Coder, Dollarrevenue, EliteBar, ISTbar, KeyKey2000 Professional Keylogger, Known Bad Sites, Lineage.MO, LinkMaker Hijacker, LZIO Websearch, MediaGateway, Pru-tect, PurityScan, SpyAxe, Starware, TargetSavers, Transponder.MXTarget, Trojan.Downloader.Agent.SU, Trojan.Downloader.Delf.QY, Trojan.Downloader.Druser, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.TK, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Ranky.Gen, Trojan.Proxy.Small.BO, WebSearch Toolbar


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Thursday, June 15, 2006

SpywareBlaster Updated

New SpywareBlaster updates available.This update adds 25 new protections for your computer.

Database 6388 items
Updated June 15th, 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer

The End For Windows 98 Will Leave It Open to Attack

As I mentioned earlier, Windows 98 and ME will have all support stopped by Microsoft. After July 11th, there will not be anymore updates for both of those operating systems. If any flaws are discovered that could allow hackers to attack either of those operating systems, then it isn't likely that they will be patched (fixed). What I missed is there is already a flaw that hasn't been patched by Microsoft. It does not appear that it will be fixed either.

In April, one of the patches released did not include Windows 98 or ME, even though they were vulnerable. The vulnerbility is a critical one that can allow a hacker to take over the computer and install programs and steal data. In the release notes from Microsoft ( You have to scroll down to General Information and then click the FAQ) the following is said:

If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?

During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

If a security problem this bad is not going to be fixed, then there is no doubt Microsoft will really stop supporting 98 this time. Windows 98 has been scheduled to have support stopped two times before, but had an extension to add time to it's support.

If you are one of the few who still uses either of these operating systems, then you really need to look at getting an upgrade to XP Home or getting a new computer.

Titan Shield Is the Latest Spyware Threat

Titan Shield is the latest version of SmitFraud, which is more commonly known as SpyFalcon, SpyAxe, SpySheriff, SpywareQuake, Malware Wipe, Pest Trap, and many other names. Like the others, Titan Shield will give you fake alerts about your computer having spyware. Also, your homepage will be changed to one that looks like a Windows Security Center page from Microsoft. It's not real. It is just a way to trick you into downloading software they want you to buy.

Here is an example of the homepage hijack:



It also appears that Titan Shield downloads some files that are meant to look like spyware or trojans so it can "find" malware on your computer. The files aren't really spyware, but are put on your computer to validate Titan Shield finding spyware on your computer. This is according to Eric Howes, Sunbelt's Director of Malware Research.

The culprit is the new rogue anti-spyware app, TitanShield Antispyware.Incredibly enough, this app loads a bunch of bogus spyware/adware, which is then proceeds to detect. The bogus spyware/adware conists of both garbage dummy files named and located like the originals of the above threats as well as Registry
keys that actually match the above threats.


To remove this spyware from your computer, you can use the same instructions that I have posted about in my Easy Fix For Spyware and Virus Alert. The tool SmitFraudFix is constantly updated and can remove Titan Shield.

Spy Sweeper and Ewido Antimalware Updates

Spy Sweeper and Ewido Antimalware have been busy with updates this week.

Spy Sweeper has been updated to:

Spyware definition: version 700
Updated June 15th, 2006
Protection against 140,048 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 140,048 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Ewido Antimalware current update information

Current database: #1930
Date of Update: June 15th, 2006
Known threats in database: 350,725

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Ad Aware SE Update SE1R112 15.06.2006

Ad Aware has an update today. The latest update is SE1R112 15.06.2006

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Ad Aware can be downloaded from the official Lavasoft Ad Aware page. Here is a list of the latest spyware detections:

New definitions:
====================
Win32.Worm.Hotlix

Updated definitions:
====================
Adware.DollarRevenue +3
Adware.Look2Me +4
Adware.Yazzle +4
IROffer
MediaMotor +6
Win32.Backdoor.Agent +14
Win32.Trojan.Downloader +28
Virtumonde +81

Spy Sweeper and Ewido Antimalware Updated

Two of the better spyware, trojan, and malware fighting programs have been updated.

Spy Sweeper latest update.

Spyware definition: version 699

Updated June 14th, 2006
Protection against 140,021 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 140,021 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/


Ewido Antimalware current update:

Current database: #1927
Date of Update: June 14th, 2006
Known threats in database: 350,344

Ewido Antimalware scans your computer to clean any spyware that may have gotten on your computer. Ewido also has active protection to prevent spyware from getting on to your computer.

Hijackers and Spyware
-Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
Worms
-Nobody should receive e-mails in your name with malicious files in the appendix anymore.
Dialers
-Security against all kinds of dialers. No fear when receiving the next phone bill.
Trojans and Keyloggers
-No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Product Info & Download: Ewido Antimalware

Sunbelt Counterspy Update 357

CounterSpy 1.5 latest update definition is 357


CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Trojan.Win32.Dialer.pw
Trojan-Clicker.JS.Linker.b
Trojan-Clicker.Win32.Small.kx
Backdoor.IRCBot.qc
SpamTool.Win32.Mailbot.ba
Trojan-Spy.Win32.Delf.rc
Trojan-PSW.Win32.QQPass.ho
Backdoor.Spambot.Extdrvr
Trojan-PSW.Comart.B
Trojan-Spy.Banker.BJQ
Backdoor.Hupigon.bly
Trojan-Spy.Banker.BIR
Trojan-Downloader.Small.czs
Trojan.Spambot.Dxvw
Trojan.Win32.Winos
Yazzle.Cowabanga
Trojan-Downloader.Delf.2
Trojan-Downloader.Small.CQF
Trojan-Downloader.Win32.VB.aan
Trojan-Downloader.Small.DAN
Trojan-Proxy.Win32.Small.ct
Trojan.Manfo
Trojan.Win32.Dialer.hh
Adware.BHO.AH
Trojan-Downloader.Small.ON
Trojan-Downloader.Small.CNV
Trojan-Downloader.Small.DAQ
Trojan-Downloader.Small.CZW
Trojan-Spy.Banker.BAI
Exploit.Smitfraud (you may know this one by the names Spyfalcon, Pest Trap, Malware Wipe, and many other names)
PWS.LNB
Banker.UA
Trojan-Downloader.Small.ARM
Trojan.Small.ADK
Trojan-Spy.Win32.Banker.bab
Trojan-Downloader.Win32.Small.dau
Trojan-Downloader.Win32.Agent.akq

Threats that have been updated

Hotbar
IST.ISTbar
Loser Trojan
NetVizor
Perfect Keylogger
ClickSpring.PuritySCAN
Search ToolBar
TIBS Premium Rate Dialer
TopRebates.WebRebates
IBIS.WinTools
IST.SideFind
WindUpdates
Keylogger Pro
SearchMiracle.EliteBar
MediaTickets CDT
Zango.SearchAssistant
Trojan.Small
Messenger Plus!
Looking-For.Home Search Assistant
Backdoor.Win32.Rbot.gen
DailyToolbar
eZula.Earn
Marketscore.RelevantKnowledge
Deskwizz
Netwebsearch Toolbar
Virtumonde
AzeSearch.MWSearch
TMKSoft.Admess
SurfSideKick
Trojan.Vxgame
SafeSurfing.RsyncMon
Trojan-Downloader.Small
Dialer.Maxd
180solutions.EasyMessenger
007.2Search
Trojan.Agent
BigBlue.01
Starware.Toolbar
DollarRevenue
DesktopScam
FakeAlert
Maxifiles
Backdoor.IRC.Zapchast
TrojanDownloader.loadadv
Bitlocker
Trojan-Spy.Win32.Banker.ark
Goldun.Fam
Trojan-Downloader.Win32.Small.awa
Trojan-Spy.Win32.Delf.dq
BraveSentry
Haxdoor.Fam
Trojan-Downloader.Agent.Afl
BaiduBar
Yazzle.SnowBallWars
Trojan-Proxy.Win32.Lager
WinAntiVirus Pro
Trojan-Proxy.Win32.Agent.ji
Trojan-Downloader.Win32.Harnig
SystemDoctor
Trojan-Proxy.Win32.Xorpix.Fam
Ultimate Defender
Ginwui.A
Exploit.MSWord.1Table.bd
Trojan.Win32.Agent.qt
180solutions.Zango.CommonElements
Trojan.Svchostsys
Trojan-PSW.Win32.Sinowal
Zlob.Media-Codec
Trojan-Downloader.Win32.Delf.ang
PornMag Pass
TitanShield AntiSpyware
KillAndClean
Small.ER
Trojan.Dropper.AV
Unclassified.Trojan.93

Wednesday, June 14, 2006

Ad Aware SE Updated

Ad Aware has been updated to reference file SE1R111 08.06.2006

This update has the following definitions for spyware, adware, trojans, and other malware:

New Definitions:
========================
Adware.TotalVelocity +11
Ardamax Keylogger +2
BFK keylogger +2

Updated Definitions:
========================
Adintelligence.AproposToolbar +4
Adware.DollarRevenue +2
Adware.HuaCiSou
Adware.Latendis +5
Adware.Look2Me +15
Adware.Maxifiles +3
Adware.SideBySideSearch +4
Adware.Websearch +6
Adware.Yazzle +4
begin2search
BookedSpace +4
CrazyWinnings +2
Dialer +33
Global Netcom Inc +4
IBIS Toolbar +6
Lop +7
Lycos Sidesearch
MediaMotor
Neededware
NetworkEssentials
RelatedLinks +6
SahAgent +5
SearchExplorerBar +3
SearchRelevancy
SpyFalcon +2
SpywareNo
SurfSideKick +2
Win32.Backdoor.Dumador +2
Win32.Backdoor.RBot +4
Win32.Genric.PWS +3
Win32.Harnig.Trojan
Win32.Trojan.Agent +13
Win32.Trojan.Dnschanger
Win32.Trojan.Hexdoor +3
Win32.Trojan.Keylogger +6
Win32.Trojan.SDBot +2
Win32.Trojan.Spambot +3
Win32.Trojan.Starter +2
Win32.TrojanClicker +11
Win32.TrojanDownloader.Swizzor.br +7
Win32.Trojandownloader.Zlob +16
Win32.TrojanProxy.Small +4
Win32.TrojanSpy.Banker +3
Win32.TrojanSpy.Goldun +3
Win32.Winshow +8
Virtumonde +20
Yok Toolbar


Ad Aware can be downloaded for free from the official Ad Aware page

NOD32 Antivirus Update 1.1599

NOD32 Antivirus detection database has been updated to version 1.1599 (20060614)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

HTML/TrojanDownloader.Agent.AQ (2), IRC/SdBot (6), Win32/Hoax.Renos.DK (2), Win32/Hupigon, Win32/IRCBot.SG (2), Win32/KeyLogger.Ardamax (3), Win32/Lovgate.Z, Win32/Mocalo.DE (4), Win32/Nugache.B (2), Win32/PcClient.OQ, Win32/PSW.LdPinch, Win32/PSW.Lineage.DN (3), Win32/PSW.Lineage.ON, Win32/PSW.Lineage.SU, Win32/Rbot, Win32/Spy.Banker.AHY (2), Win32/Spy.Goldun.GU, Win32/Spy.Goldun.HP, Win32/TrojanDownloader.Busky.L, Win32/TrojanDownloader.Delmed (2), Win32/TrojanDownloader.QQHelper, Win32/TrojanDownloader.VB.NAW, Win32/TrojanDownloader.Zlob.PV (2), Win32/TrojanDownloader.Zlob.RW (7), Win32/VB.ANM, Win32/VB.NEY, Win32/Viking.NAH (3)

MVPS Hosts File Update - 14th June 2006

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.

Now includes most major parasites, hijackers and unwanted Search Engines!

In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load. This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking". Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

Editors Note: As time has progressed the focus of this project has changed from blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying, but get hijacked by a parasite from an evil script or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.
More Info: MVPS Hosts File

Download: hosts.zip (112 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource
for determining possible culprits ... (454 kb)
http://www.mvps.org/winhelp2002/hosts.txt

Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/hosts.htm#contribute

Security Updates for June

Microsoft released this months security update bundle yesterday, I hope you have done your preparations for the update, see here for further info if you haven't.

The security update contents are as follows;

8 Critical Bulletins:

  • MS06-021 - Cumulative Security Update for Internet Explorer (916281) It is recommended that you install this update at the same time with MS06-023 as this update could expose this vulnerability or cause application compatibility issues.
  • MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
  • MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
  • MS06-024 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
  • MS06-025 - Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
  • MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
  • MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
  • MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

3 Important Bulletins:

  • MS06-029 - Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
  • MS06-030 - Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
  • MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

1 Moderate Bulletin:

  • MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
For detailed information check out the Micorsoft Security Bulletin Summary.

It is also worth noting that you can download an ISO image of Junes security updates from Microsoft.

These ISO-9660 CD image files contain the security updates for Windows released on Windows Update on June 13th, 2006. They do not contain security updates for other Microsoft products. These CD images are intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update, and who do not use an automated solution such as WSUS. Use these images to download multiple updates in all languages at the same time.

Caution: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.
More information and download here

Tuesday, June 13, 2006

Rogue/Suspect Site Updated

Eric L Howes Rogue/Suspect Anti-Spyware Products and Websites list has been updated today to include Xmembytes AntiSpyware, TitanShield AntiSpyware, Trust Cleaner and KillAndClean.

Xmembytes AntiSpyware - xmembytes.com - uses stolen database; questionable license terms [A: 6-13-06 / U: 6-13-06]

TitanShield AntiSpyware - titanshield.com, antispywarebox.com, hotwinupdates.com, cashunlim.com - app plants the very files it falsely detects as malware (1); aggressive, deceptive advertising, stealth installations (1); false positives work as goad to purchase; same app as AdwareDelete, AntiVirus Gold, SpyAxe, SpyFalcon, Spyware Sheriff, & SpywareStrike [A: 6-13-06 / U: 6-13-06]

Trust Cleaner - trustcleaner.com - aggressive/deceptive advertising, stealth installs (1); false positives work as goad to purchase [A: 6-13-06 / U: 6-13-06]

KillAndClean - killandclean.com - installed through exploits; false positives work as goad to purchase; inadequate/flawed scan/detection scheme; same app as Safe & Clean & UnSpyPC [A: 6-14-06 / U: 6-13-06]

Incidentally, I've been seeing quite a lot of TitanShield infections on the anti-spyware forums recently, if you are having problems with this one then I suggest that you get expert help from one of the forums listed here, if you really can't wait then there are some self help instructions here, and please don't forget to register your complaint at Malware Complaints, we can't do anything about it if you don't complain.

Yahoo Email Virus

Reported today on Reuters

Yahoo Inc., the world's largest provider of e-mail services, said on Monday that a software virus aimed at Yahoo Mail users had infected "a very small fraction" of its base of more than 200 million accounts.

The e-mail virus, or worm, has been dubbed Yamanner and landed in Yahoo mailboxes bearing the headline "New Graphic Site." Once opened, the message infects the computer and spreads to other users listed in Yahoo users' e-mail address books, security experts said.

The e-mail containing the virus need only be opened -- in contrast to most worms that are hidden in attachments and require users to take an additional step -- to release the virus, according to computer security site Symantec Corp.

The Sunnyvale, California-based company advised users to update virus and firewall software on their computers and to block any e-mail sent from the address "av3@yahoo.com."

Symantec's Security Response site have suggested that Yahoo Mail users might protect themselves by upgrading to the latest test version of the recently upgraded Yahoo Mail software as they reckon that the worm cannot run on Yahoo Mail Beta.

JS.Yamanner@m is a worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts.

EMAIL to AVOID:
From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.

Monday, June 12, 2006

Spyware Doctor Update 3.0490

PÇ Tools spyware Doctor has an update. The latest update version is 3.0490 and there are 61,285 Inteli-Signatures

New intelli-Signatures

3.0490 1- ICQ Spy Monitor

3.0490 0- ICQ Spy Monitor

3.0489 0- Adware.NewWeb, Backdoor.Agent.CFC, Backdoor.Recub, Common Components for Backdoors, KillAndClean, Power Spy, Trojan.Agent.QW, Trojan.Clicker.VB.LX, Trojan.Delf.BZ, Trojan.Downloader.Banload.AM, Trojan.Spy.Banpaes.M, Trust Cleaner

Updated Intelli-Signatures

3.04901- ActMon Keylogger, BaiDu, CasinoClient, CnsMin, Common Components for Keyloggers, Deskwizz, Perfect Keylogger, PurityScan, SpyAxe, SpywareQuake, SupremeSpy, SystemSleuth Keylogger, Trojan.Downloader.Agent.SX, Trojan.Downloader.Harnig, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Proxy.Agent.FP, Virtumonde, Web3000, WhenU.SaveNow, YahooStock

3.0490 0- ActMon Keylogger, BaiDu, CasinoClient, CnsMin, Common Components for Keyloggers, Deskwizz, Perfect Keylogger, PurityScan, SpyAxe, SpywareQuake, SupremeSpy, SystemSleuth Keylogger, Trojan.Downloader.Agent.SX, Trojan.Downloader.Harnig, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Proxy.Agent.FP, Virtumonde, Web3000, WhenU.SaveNow, YahooStock

3.0489 0 - Adware.Defender, Backdoor.ABJ, Backdoor.Agobot, Backdoor.Rbot.Gen, Casino, CnsMin, Common Components for 180Solutions items, Common Components Unrelated, CWS.Search For, Dialer.Coder, Dollarrevenue, EliteBar, ISTbar, KeyKey2000 Professional Keylogger, Known Bad Sites, Lineage.MO, LinkMaker Hijacker, LZIO Websearch, MediaGateway, Pru-tect, PurityScan, SpyAxe, Starware, TargetSavers, Transponder.MXTarget, Trojan.Downloader.Agent.SU, Trojan.Downloader.Delf.QY, Trojan.Downloader.Druser, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.TK, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Ranky.Gen, Trojan.Proxy.Small.BO, WebSearch Toolbar


Spyware Doctor home page

http://www.pctools.com/spyware-doctor/

Webroot Spy Sweeper Update 697

Spyware definition: version 697

Updated June 12th, 2006
Protection against 139,709 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 139,709 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from

http://www.webroot.com/consumer/products/spysweeper/

Sunbelt Counterspy update 355

CounterSpy 1.5 latest update definition is 355

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

TitanShield AntiSpyware

Threats that have been updated

Hotbar
Trojan-Downloader.small.HS
UCmore.XP.SearchAccelerator
Appwiz.B
Appwiz.C
Appwiz.D
Appwiz.E
Apwiz.AA
Backdoor.Win32.SdBot.aad
Downloader.AS
VX2.DLMax

Sunday, June 11, 2006

De-Crapify your Dell

Don't you just love that word... I wonder if it is a real word... I'm just going to de-crapify my computer.

Lets stop giggling and get to the point, Calendar of Updates, which is one of my favourite information forums posted about the Dell De-crapifier which will get rid of all the pre-installed junk that you get, but don't ask for when you buy a new Dell system.

Saturday, June 10, 2006

Spy Sweeper latest update.

Spyware definition: version 696

Updated June 9th, 2006
Protection against 139,540 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 139,540 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spybot Search and Destroy Update

Spybot Search and Destroy has an update today, June 10th, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Dialer
+ EnergyFactor
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Keylogger
+ Winsession Logger + Spytector
Malware
+ HitVirus + Vcodec.eMedia + Smitfraud-C. ++ Spyware Browser Antispyware + FreePops
PUPS
+ SpyiBlock + AlertSpy
Trojan
+ Crazywinnings.Inc + Win32.Agent.qt + Jupilites + Frichi + SDBot.WMF Exploit + Zlob.Downloader + UpToFind.RelatedSearch + Win32.Bagle.WS
Total: 330185 fingerprints in 43053 rules for 2019 products.

Friday, June 09, 2006

Spyware Doctor Update to 3.0488

Spyware Doctor has been updated with new spyware definitions.

Latest Database Version: 3.0488 0
Intelli-Signatures: 61,091

Spyware Doctor protects your computer in 3 ways. First, it has the On guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0488 0 – Adware.Kad, CommonName, Email.Flooder.Labean, OverSpy, Trojan.Bancos.BG, Trojan.Downloader.PV
3.0487 0- Backdoor.AutoSpy, Trojan.Agent.BIY
3.0486 0 - ICQ Logger, IRC Logger, Trojan.Alfacentavr, Trojan.Downloader.Delf.AAX, Trojan.Downloader.IDC


Extended Intelli-Signatures:
3.0488 0 - Adware.Defender, Casino, CommonScripts.txt, CWS.XPSystem, Desktop SpyAgent, Fast Video Player Dialer, HotBar, KeyKey2000 Professional Keylogger, LockSky, Lop.com, Maxifiles, Perfect Keylogger, PSGuard Desktop Hijacker, PurityScan, QQFace, SideFind, SurfSideKick, TIBS Premium Rate Dialer, Trojan.Agent.BIY, Trojan.Delf.IT, Trojan.Downloader.Adload.J, Trojan.Downloader.Agent.ACR, Trojan.Downloader.Delf.LH, Trojan.Downloader.Harnig, Trojan.Downloader.Qoologic.B, Trojan.Downloader.Small.AQT, Trojan.Downloader.VB.TW, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.ABU, Trojan.Fivesec.A, Trojan.Popuper, Trojan.PWSteal.Lineage
3.0487 0- 404Search, Backdoor.Hackdoor, Backdoor.SpyBoter, Carpe Diem, Common Components for Claria, Common Components for Trojans, Crystalysmedia Assistant, CWS.Cassandra.A, CWS.SearchCounter, Dollarrevenue, InternetOptimizer, 24,185 ISTbar, 198,298 Known Bad Sites, 28,751 MediaMotor, PSGuard, Rootkit.Se500mdm, Spy Recon Keylogger, Supersmileys, Surf Speak, SurfSideKick, SysProtectFree, System Soap, SystemDoctor, TafBar, The PC Detective, TheLocalSearch Toolbar, TheSearchMall, TIBS Premium Rate Dialer, Tiny Personal Firewall, TinyBar, ToolbarCC.Pre, ToolbarCC.Rnd, ToolbarCC, TopConverting Crazywinnings, TOPicks, TopSearch, Transponder.Ahexe, Transponder.BI, Transponder.Bolger, Transponder.BTGrab, Transponder.Ceres, Transponder.DLMax, Transponder.FileFinder, Transponder.ImGiant, Transponder.kz515, Transponder.LocalNRD, Transponder.MSView, Transponder.Multimpp, Transponder.MXTarget, Transponder.Pynix, Transponder.SiteHelper, Transponder.Speer, Transponder.Speer2, Transponder.TPS108, Transponder.Twain-tech, Transponder.Zserv, Trojan.Adclicker, Trojan.Agent.AIV, Trojan.Agent.CL, Trojan.Agent.DJ, Trojan.Agent.FC, Trojan.Agent.FG, Trojan.Agent.HR, Trojan.Agent.HT, Trojan.Astro.B, Trojan.Bancban, Trojan.Bancos.cr, Trojan.Banker.DH, Trojan.Clagger.H, Trojan.Downloader.JW, Trojan.Downloader.Small.AWA, Trojan.Downloader.Small.BDZ, Trojan.Downloader.Small.CAM, Trojan.Downloader.Traffbiz, Trojan.Dropper.Agent.ABU, Trojan.Dropper.Small.AEK, Trojan.Goldun, Trojan.Popuper, Trojan.Proxy.BK, Trojan.Proxy.Lager.f, Trojan.Proxy.Xorpix, Virtumonde, WebSearch Toolbar, WinTools, Zquest
3.0486 0 - 180ad Solution, ActiveX Objects, Adservice Scanner, Backdoor.Agent.PX, Backdoor.CXH, Backdoor.Hackdoor, Backdoor.Hupigon.GT, Common Components for KMiNT21 software, Deepshadow Keylogger, EliteBar, ErrorSafeFree, ISTbar, LinkMaker Hijacker, MediaGateway, MediaMotor, Rogue Anti-Spyware Products, SahAgent, Spyguard, Surf Speak, SurfSideKick, Trojan.Clicker.VB.IJ, Trojan.Downloader.Small.CML, Trojan.Downloader.Tiny.AA, Trojan.Downloader.VB.TW, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.TK, Virtumonde, Yahoo Logger, Zeno Search Assistant


General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Sitemeter