Sunday, April 30, 2006

NOD32 - 1.1514 (20060430)

NOD32 Antivirus detection database has been updated to version NOD32 - 1.1514 (20060430)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:
JS/TrojanDropper.Tivso.H, Win32/Mytob.SX, Win32/PSW.Algus (2), Win32/Rootkit.Agent.AD, Win32/Spy.Goldun.BF, Win32/Spy.Goldun.GU, Win32/TrojanDownloader.Small.AWA (2), Win32/TrojanDownloader.Small.CIE

Counter Spy #330

CounterSpy 1.5 latest update definition is 330

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database
Anskya.A.1
Trojan.Downloader.Small.cpm
Trojan.Downloader.backups
Affiliate Beta
Backdoor.Win32.SdBot.xd


Threats that have been updated
Alexa Toolbar
Golden Eye
NetSonic Internet Accelerator
Netword Agent
SDBot
TrojanClicker
VBS Webdownloader
webHancer
Rbot
AproposMedia
CoolWebSearch.SearchX
WootBot
eZula.Dash.Memory
eZula.Dash.Connect
Bullguard
KeenValue
Winsniffer v1.22
PC-Watch
CWS.Sdkvt32
Freeprod Toolbar
SearchNugget.DNSCatcher
Trojan.Downloader.Qoologic
AdwareDelete
Zenotecnico
Trojan.Downloader.AdMSI
Maxifiles.Director
WorldAntispy
WebNexus
Regfreeze
Desktop Links
Proxy-Lager
SpyAxe
DollarRevenue
Trojan.Downloader.Various
DesktopScam
FakeAlert
Goldun.Fam
PartyPoker
TrustIn Bar
Haxdoor.Fam
Keyboard Spectator Pro
Begin2Search Toolbar
Keyboard Spectator Lite 1.3

Spy Sweeper #668

Spy Sweeper latest update.

Spyware definition: version 668

Updated April 25th, 2006
Protection against 136,224 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 136,224 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.




Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Thursday, April 27, 2006

Spyware Doctor Update 3.0457

Spyware Doctor has been updated with new removal detections.

Latest Database Version: 3.0457 0
Intelli-Signatures: 59,736

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0455 0 - AIM Logger, Backdoor.CXH, Trojan.Clicker.Small.KR, Trojan.Downloader.Agent.PJ, Trojan.Downloader.Aphex.050, Trojan.Downloader.Banload.CK, Trojan.Downloader.Banload.FB, Trojan.Downloader.Delf.ABO, Trojan.Downloader.Delf.ABS, Trojan.Downloader.Delf.ABW, Trojan.Downloader.Delf.ACL, Trojan.Downloader.Donn.AA, Trojan.Downloader.Small.DAC
3.0456 0 - Backdoor.SDBot.XD, Backdoor.Senik, Trojan.Cosiam, Trojan.Downloader.Agent.ZJ, Trojan.Downloader.Exemas.B, Trojan.Downloader.Small.CKT, Trojan.Downloader.Traffbucks, Trojan.Dropper.Agent.ABD, Trojan.Killav.FV
3.0457 0 - Kuho, RPCC Spammer, Trojan.Downloader.Agent.AAA, Trojan.Downloader.Agent.AAE, Trojan.Dropper.Agent.ACD


Extended Intelli-Signatures:
3.0455 0 - AdBlaster, Anti-Phishing, AproposMedia, Azesearch Toolbar, Common Components for KMiNT21 software, E2.Give.IEBHOs, Family Keylogger, InternetOptimizer, Known Bad Sites, Pru-tect, Slagent, Tracking Cookie(s), Trojan.Adclicker, Trojan.AVKillers, Trojan.Banker, Trojan.Downloader.Delf.XG, Trojan.Downloader.PassAlert, Trojan.Downloader.Small.AVT, Trojan.Downloader.Small.BQK, Trojan.Fivesec.A, Trojan.Popuper, Trojan.PWSteal.Lineage, Trojan.Repsamo, Virtumonde, WinTools
3.0456 0 - Backdoor.mIRC, CashSaver, Common Components for Trojans, Common Components Unrelated, ISTbar, MediaMotor, Trojan.Bancos.cr, Trojan.Banker, Trojan.Downloader.Agent.AAC, Trojan.Downloader.Delf.AAL, Trojan.Downloader.Delf.AI, Trojan.Downloader.Delf.XG, Trojan.Downloader.Small.BNK, Trojan.Dropper.Delf.OM, Trojan.FakeAlert, Trojan.Goldun, Trojan.Popuper, Trojan.Proxy.Agent.GM, Trojan.Proxy.Small.BO, Trojan.PWSteal.Gamania, WebDir, Webhancer, WinFixer, Yazzle Sudoku
3.0457 0 - AdProtector, Backdoor.ProRAT.K, Backdoor.Servu, Dollarrevenue, Enbrowser, eZula, ILookup.Begin2Search, MediaMotor, PurityScan, SpyAxe, SpyQuake, Trojan.Adclicker, Trojan.Bancban, Trojan.Banker, Trojan.Downloader.Small.API, Trojan.FakeAlert, Trojan.Proxy.Small.BO, Trojan.Popuper, Worm.Sasser, Zeno Search Assistant

NOD32 Antivirus Update 1.1510

NOD32 Antivirus detection database has been updated to version 1.1510 (20060427)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

BAT/Spy.Agent.A (2), IRC/SdBot (2), Win32/BlackHole (2), Win32/Delf.VB (3), Win32/Hupigon (3), Win32/IRCBot.RU, Win32/IRCBot.SB (2), Win32/Kangen, Win32/Kangen.A, Win32/Legsip, Win32/Legsip.A, Win32/Medbot (4), Win32/Mytob.SV, Win32/Oscarbot.BW (2), Win32/PassMa, Win32/PassMa.F, Win32/PSW.LdPinch, Win32/PSW.LdPinch.NBW, Win32/PSW.Legendmir, Win32/PSW.Mifeng.M, Win32/Rbot (6), Win32/Small.KY (2), Win32/Spabot.NAA, Win32/SpamTool.Gadina, Win32/Spy.Banker (2), Win32/Spy.Banker.AHY (2), Win32/Spy.Luzia, Win32/Spy.Luzia.W, Win32/Spy.Tofger, Win32/Spy.Tofger.CR, Win32/Spy.Webmoner.AV (2), Win32/TrojanClicker.Aplugin.E, Win32/TrojanClicker.VB.NAW, Win32/TrojanDownloader.Adload.AJ, Win32/TrojanDownloader.Adload.AX (2), Win32/TrojanDownloader.Adload.NAD, Win32/TrojanDownloader.Agent.AJD (2), Win32/TrojanDownloader.Agent.UE, Win32/TrojanDownloader.Delf.NDQ, Win32/TrojanDownloader.Small.AVT, Win32/TrojanDownloader.VB.ABU (2), Win32/TrojanDownloader.VB.LP (2), Win32/TrojanDownloader.Zlob

Spy Sweeper Update 667

Spy Sweeper latest update.

Spyware definition: version 667

Updated April 27th, 2006
Protection against 136,220 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 136,220 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.

Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Wednesday, April 26, 2006

Ewido Antimalware Bought By AVG Maker Grisoft

Ewido Antimalware was purchased by Grisoft, makers of the popular free antivirus program AVG. This move brings one of the best trojan and malware detection programs to Grisoft to add to their virus detection experience. Both Ewido and AVG 0ffer free versions of their programs.

Both Ewido Antimalware and AVG Antivirus will remain seperate products that also have free versions. Whether Grisoft will combine them into one security program or change the availability of Ewido is not known right now. In any event, having the skill and experience of the Ewido team will help AVG become a stronger program.

Ewido, a German based company, has been available since 2004. Because of it's good detection and removal ability, I've recomended it's use when helping people remove spyware. In fact, I have advised it's use over Ad Aware because of it's better detection and removal. Ewido is updated frequently, usually 4 or more times a week. With a 15 day fully functional trial, it can block and remove malware so you can try it out. After the 15 day trial, it can still scan and remove malware, but you must manually update it to get the latest definitions.

AVG has both a free and pay version of it's antivirus program. Grisoft, who makes AVG, has been in business since 1991. I have used the free version of AVG since 2002 on some of my computers. The free version does not have a trial period to limit it's use, so anyone who can not afford to pay for security can still get a great antivirus program. AVG free will detect and remove virus threats, which means their is no pressure to buy the pay version. Perhaps the greatest weakness of the free version is the updated virus definitions can be delayed. This is not on purpose, but a result of the 30 million users who can overwhelm the update servers. I have had this problem, although it is infrequent. The pay version has a seperate, dedicated server to update and does not have this problem.

Spyware Doctor 3.0454 0

Spyware Doctor has been updated with new removal detections.

Latest Database Version: 3.0454 0
Intelli-Signatures: 54,259

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0454 0 - Trojan.Downloader.Agent.AAC, Trojan.Downloader.Agent.PD, Trojan.Downloader.Agent.RK, Trojan.Downloader.Apher.GEN, Trojan.Downloader.Banload.CD, Trojan.Downloader.Banload.CJ, Trojan.Downloader.Banload.CN, Trojan.Downloader.Delf.ABK, Trojan.Horst, Trojan.Proxy.Agent.HO, Worm.Shelp, Yahoo Logger

Extended Intelli-Signatures:
3.0454 0 - 123Search, AdBlaster, AlfaCleaner, AproposMedia, Backdoor.Agent.QS, Backdoor.Hackdoor, Backdoor.Sdbot.AAD, Common Components for Trojans, Common Components Unrelated, Dollarrevenue, Golden Keylogger, Instant Access, Mediaback, SahAgent, Surf Accuracy, TelephoneSpy, Trojan.Dluca, Trojan.Downloader.Agent.AFL, Trojan.Downloader.CashDeluxe.A, Trojan.Downloader.Loadadv, Trojan.Downloader.Small.BWS, Trojan.Pakes.A, Trojan.Proxy.Lager.f, Trojan.Repsamo, Trojan.StartPage.GEN, Virtumonde, WinTools

Spy Sweeper Update 665

Spy Sweeper latest update.

Spyware definition: version 665

Updated April 25th, 2006
Protection against 136,044 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 136,044 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.

Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Sunbelt Counterspy Update 328

CounterSpy 1.5 latest update definition is 328

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

Numb-Soft
Etcetera Toolbar
Trojan-Proxy-srshost
Trojan.PPT.A


Threats that have been updated

E2Give
ProAgent
ClickSpring.PuritySCAN
Ardamax Keylogger
Virtumonde
IamBigBrother 9.1
SSA-KeyLogger
Trojan.Agent
Accoona.Toolbar
Trojan.Downloader.Various
DesktopScam
BestOffersNetworks
SpyFalcon
Backdoor.IRC.Zapchast
E-nrgyPlus
HotWebFinder.BHO
FiveSec.Spam.Agent.vx
Goldun.Fam
Exploit.CHM
Haxdoor.Fam
Trojan-PSW.Lmir.ara
SpywareQuake
Zlob.IL
Media-Codec
IRC.Worm.Zapchast

IE Spyad April 23

IE Spyad has been updated. You can download all of these new versions at:

http://www.spywarewarrior.com/uiuc/resource.htm

What is IE Spyad? It is a free list of bad sites that are added to Internet Explorer's restricted zone. By putting those sites in the restricted zone, it limits the harm they can do your computer. Here is an excerpt from the author describing it:

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Here is an explanation on how to use it, including screen shots.
Many rogue Internet sites have been added to IE Spyad's protection list. A few that are of note include some of the fake Windows security sites that are from SmitFraud, better known as SpyAxe, SpyFalcon, and SpywareQuake.


bestsecurityguide.com
bestsecuritysites.com
boostservice.com
securitybulletin.net
systemsecurityindex.com
theguardservices.com
urgentwindowsupdate.biz

Ad Aware SE1R105 26.04.2006

Lavasoft's Ad Aware has been updated. The latest definition file is SE1R105 26.04.2006

New Definitions:
========================
Win32.Trojan.KillAV +3
Win32.Trojan.Runner

Updated Definitions:
========================
Adware.DollarRevenue +8
Adware.Yazzle
AlfaCleaner
BargainBuddy +2
Blazingtools Perfect Keylogger
CoolWebSearch +3
Dialer +3
ImIServer IEPlugin
MediaMotor
SearchCentrix +5
ShopNav Hijacker
SpywareNo +7
Trojan +3
WebHancer +5
Win32.Backdoor.Agent +4
Win32.Backdoor.Nethief
Win32.Backdoor.RBot +2
Win32.Backdoor.SDBot +12
Win32.Dialer.E-nrgyPlus
Win32.Generic.PWS +12
Win32.Trojan.Agent
Win32.Trojan.Delf
Win32.Trojan.Downloader +60
Win32.Trojan.Hexdoor
Win32.Trojan.SDBot +5
Win32.Trojan.Spambot +7
Win32.TrojanClicker +6
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.IstBar.hg +5
Win32.TrojanDropper +8
Win32.TrojanProxy.Small +7
Win32.TrojanSpy.Banker +2
Win32.TrojanSpy.Goldun +12
Win32.TrojanSpy.Small
Virtumonde

http://www.lavasoft.de/software/adaware/

Friday, April 21, 2006

Spyware Doctor 3.0453 1

Spyware Doctor has been updated with new removal detections.

Latest Database Version: 3.0453 1
Intelli-Signatures: 54,165

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0451 0 - Backdoor.Agobot.AGZ, Backdoor.Hupigon.GT, Backdoor.mIRC, Backdoor.PPdoor.BC, Trojan.Agent.BBT, Trojan.Banker.GO, Trojan.Downloader.Agent.IJ, Trojan.Downloader.Agent.TM, Trojan.Downloader.Aphex, Trojan.Downloader.Delf.AAS, Trojan.Downloader.Donn.A, Trojan.Downloader.Tiny.AA, Trojan.PSW.Agent.FV, WindowEnhancer
3.0452 0 - Backdoor.Bifrose.R, SpywareSoftstop, Trojan.Downloader.Agent.NZ, Trojan.Downloader.Agent.VH, Trojan.Downloader.Agent.WI, Trojan.Downloader.Banload.CM, Trojan.Downloader.Banload.EY, Trojan.Downloader.Delf.AAT, Trojan.Downloader.Delf.ABD, Trojan.Downloader.Delf.ACM, Trojan.Downloader.Dluca.AB, Trojan.Downloader.VB.AAL, Trojan.Dropper.Delf.SE, Trojan.Proxy.Agent.JL, Worm.Opanki.AN, YapBrowser
3.0453 1 - Backdoor.VB.NI, Give Me Too, Trojan.Banbra.DF, Trojan.Downloader.Agent.UW, Trojan.Downloader.Delf.ABA, Trojan.Downloader.Delf.ABE, Trojan.Downloader.Delf.ABH, Trojan.Downloader.Delf.ABI, Trojan.Downloader.Dluca.IC, Trojan.Spy.VB.AF


Extended Intelli-Signatures:
3.0451 0 - ActiveX Objects, Alexa, Anti-Phishing, Backdoor.Agent.PX, BlazeFind, Common Components for Claria, Common Components for Trojans, Crystalysmedia Assistant, CWS.XPSystem, DirectIP, eZula, FavoriteMan, Hacktool.Ipcscan.C, Huntbar, IEWatch, LockSky, Mediaback, Personal Inspector, Sidebysidesearch, Surf Accuracy, Trojan.Asimov, Trojan.Banker, Trojan.Downloader.Agent.ACV, Trojan.Downloader.Delf.XG, Trojan.Downloader.VB.HW, Trojan.Dropper.Delf.OM, Trojan.Emspy, WebSearch Toolbar, WinTools, WurldMedia, Zango Search Assistant before December 2004, Zango Search Assistant
3.0452 0 - 123Search, 2Search, Adlogix Browser Hijacker, Backdoor.Agent.PX, Backdoor.Rbot.Gen, Backdoor.SdBot.ADS, Bargain Buddy, Common Components for Backdoor.Bifrose, Cyber Snoop, Dollarrevenue, ErrorSafeFree, Family Keylogger, iDonate, I-Search Desktop Search Toolbar, ISTbar, Keenvalue, Known Bad Sites, LZIO Websearch, MediaGateway, NaviSearch, RXToolbar, SafeSearch, SearchRelevancy, Trojan.Adclicker, Trojan.Bancos.JZ, Trojan.Bankem, Trojan.Banker.DX, Trojan.Downloader.Agent.QU, Trojan.Downloader.Agent.RS, Trojan.Downloader.ConHook, Trojan.Downloader.Monurl, Trojan.Downloader.Pacer, Trojan.Downloader.VB.TW, Trojan.Proxy.Lager.f, Virtumonde, WinFixer, Zango Search Assistant
3.0453 1 - 180ad Solution, Alexa, Backdoor.Hupigon.MX, ClientMan, Common Components for Trojans, Desktop Media, Email.Worm.Bagle, eZula, HotBar, IESearchToolbar, IncrediFind, LinkMaker Hijacker, MediaMotor, Mirar, PurityScan, SpyAxe, Superlogy.com, Trojan.Downloader.Banload.BC, Trojan.Mailskinner, Trojan.PSW.Agent.FV, Trojan.PWSteal.QQPass.FD, Trojan.Spy.Agent.BY, Worm.Sasser

Spy Sweeper Update 663

Spy Sweeper latest update.

Spyware definition: version 663

Updated April 21st, 2006
Protection against 135,855 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 135,855 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.

Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

SpywareBlaster April 21st

New SpywareBlaster updates available.

Database 5665 items
Updated April 21st, 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer

Spybot Search and Destroy April 21st

Spybot Search and Destroy has an update today, April 14th, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Dialer
eGroup.InstantAccess, CarpeDiem Vars, Sfonditalia
Hijacker, CoolWWWSearch.008k, CoolWWWSearch.WCADW, CoolWWWSearch.Feat2Installer, CoolWWWSearch.Service, CoolWWWSearch.Feat2DLL

Malware
SpywareStrike, Smitfraud-C.

PUPS
AdwarePunisher , Kasinos

Spyware
AppWizz

Trojan
SpywareQuake, Zlob.Downloader , Jupilites, Win32.Small.AOQ, Tibs.vq

317540 fingerprints in 39840 rules for 1918 products

Tuesday, April 18, 2006

Spy Sweeper Update 660

Spy Sweeper latest update.

Spyware definition: version 660

Updated April 18th, 2006
Protection against 135,629 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 135,629 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.




Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Ad Aware SE1R104 18.04.2006

Lavasoft's Ad Aware has been updated.

New Definitions:
========================
Adware.HuaCiSou +3
Adware.IWon
Adware.Yazzle +5
Trojan.Shutdown
Win32.Generic.PWS +7
Voonda Toolbar +2

Updated Definitions:
========================
Adware.Henbang +2
AdwareSheriff +2
BargainBuddy
begin2search +7
Clickspring
CnsMin
Dialer
ErrorSafe +2
SpyFalcon
SpySpotter
Trojan
Win32.Backdoor.Agent +2
Win32.Trojan.Agent +4
Win32.Trojan.Delf +2
Win32.Trojan.Downloader +29
Win32.Trojan.Mirc
Win32.Trojan.Spambot +4
Win32.TrojanClicker +3
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Small +4
Win32.TrojanSpy.Small

The MD5 checksum for the defs.ref file is c8a9ad7e13df10116a073da18c2b3290

AD Aware can be downloaded at http://www.lavasoft.de/software/adaware/

Spyware Doctor 3.0450 1

Spyware Doctor has been updated with new removal detections.

Latest Database Version: 3.0450 1
Intelli-Signatures: 53,689

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0450 1 - AffiliateTarget, Common Components for Pearl Software, Inc, ContentWatch, Coupons, Cyber Snoop, Keyboard Guardian, Pearl Echo, Trojan.Crypt.Q, Trojan.Downloader.Agent.ACR, Trojan.Downloader.Agent.RT, Trojan.Downloader.Agent.RW, Trojan.Downloader.Agent.SU, Trojan.Downloader.Agent.TI, Trojan.Downloader.Agent.UA, Trojan.Downloader.Agent.VB, Trojan.Downloader.Banload.CU, Trojan.Downloader.Delf.AAE, Trojan.Downloader.Hanlo.A, Trojan.Downloader.Small.BYM, Trojan.Downloader.Small.CCA, Trojan.StartPage.VY

Extended Intelli-Signatures:
3.0450 1 - Backdoor.Hackdoor, BigTrafficNetwork, ClearSearch, Comet Cursor, Common Components Unrelated, CouponAge, CWS, Cydoor, Elitemedia Pop64, FavoriteMan, Hotsearchbar, ILookup.Begin2Search, Instant Access, InternetOptimizer, ISTbar, Known Bad Sites, Maxifiles, Neo Toolbar, Perfect Keylogger, PurityScan, SpywareStrike, Trojan.Adclicker, Trojan.Downloader.Banload.BS, Trojan.Downloader.Delf.ABU, Trojan.Downloader.Xiero, Trojan.Popuper, Virtumonde, Worm.Mytob.BI
General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Monday, April 17, 2006

Spy Sweeper Update #659

Spy Sweeper latest update.

Spyware definition: version 659

Updated April 17th, 2006
Protection against 135,440 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 135,440 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Counterspy Update 322

CounterSpy 1.5 latest update definition is 322

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

Threats that have been updated


KeyKey
SurfSideKick
Beyond Keylogger
VaultSearch
SpywareStrike
SpyFalcon
Zeno Search
Trojan.Startup.NameShifter.BC

NOD32 - 1.1493

NOD32 Antivirus detection database has been updated to version 1.1493 (20060417)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

IRC/Zapchast.N (2), Win32/Adware.MediaBack (2), Win32/Agent.PA, Win32/Cakl (8), Win32/Mytob.SH (2), Win32/PSW.Agent.GT, Win32/Rbot (2), Win32/Rootkit.Agent.NAE, Win32/Spy.KeyLogger.FL (2), Win32/TrojanDownloader.Zlob.LP (6), Win32/TrojanDownloader.Zlob.NAV (8)

IE Spyad Update April 16

IE Spyad has been updated. You can download all of these new versions at:

http://www.spywarewarrior.com/uiuc/resource.htm

What is IE Spyad? It is a free list of bad sites that are added to Internet Explorer's restricted zone. By putting those sites in the restricted zone, it limits the harm they can do your computer. Here is an excerpt from the author describing it:

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Here is an explanation on how to use it, including screen shots.


Sunday, April 16, 2006

Did Your Homepage Change and It Says You Have Spyware?

I see several people complaining about their home page being changed and having a warning about being infected with spyware. There are many different web addresses that you will see these pages on, such as perfectedsecurity.com or securityfeature.com. All of them have the same look and style, like the example below. You will be told that spyware is detected on your computer along with some info about your IP address, Internet browser, and current time. This is information that any web site can see, so it is not anything to be worried about.

Usually, you have one of the fake warning pages set as your home page after being infected with what is called SmitFraud. SmitFraud is the general name given to what is more commonly known as SpyAxe, SpyFalcon, SpywareStrike, SpywareQuake, and several other rogue programs. SpyAxe infected many people back in November of 2005 and is probably the best known.

After the spyware gets onto your computer, a pop up warning appears just above your clock in the lower right corner of your desktop. At this point, you have been infected and you will be directed to one of the fake pages if you click it. Your home page will also be changed to one of these pages as well. Below is an example of what they all look like. All of the warnings are false because I took this from my test computer, which had no spyware or virus, or trojans on it. Click the image for the full size version.


There are several ways to fix this problem. Most of the reliable antispyware programs will remove this infection. Spyware Doctor, Sunbelt Counterspy, and Spy Sweeper will target and remove this threat. You can also try using a removal tool developed by one of the antispyware experts S!ri called Smitfraudfix. You can see an example of this free program in a help topic at Spyware Warrior. In the next day or two, I will write a more detailed explanation here in this blog.

This is a list of some of the web addresses that these sites are at. I wouldn't go to these sites. I'm listing them for those people who are trying to find out information on them because their homepage has been changed.

perfectedsecurity.com
securityfeature.com
updatecenter.com
bestsecurityguide.com
necessaryupdates.com

Friday, April 14, 2006

Spy Sweeper Update 658

SpySweeper latest update.

Spyware definition: version 658

Updated April 12th, 2006
Protection against 135,275 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 134,946 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.




Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Sunbelt Counterspy Update 321

CounterSpy 1.5 latest update definition is 321

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

KeyCaptor Keylogger 1.0
Winbrume
SysProtect
ScamFixer.CommonFiles

Threats that have been updated

Family KeyLogger
WebSearch Toolbar
Internet Spy
Actmon PC & Internet Monitoring
ISpyNow
Keyboard Collector
KeyKey
Zuvio.OpenSite
Zango.SearchAssistant
Handy Keylogger
looxee
Beyond Keylogger
IamBigBrother 9.1
Trojan.Lowzones
Zango.DavidvsGoliath
Zango.Toolbar
BestOffersNetworks
PestTrap
Goldun.Fam
Jupites.dr
P2P-Worm.Win32.SpyBot.gl
Backdoor.Rbot.adf
IST.XXXToolBar
FunWebProducts.FunBuddyIcons
FunBuddyIcons
Trojan.Lowzones.B
QuickLinks
Lowzones.C
Lowzones.FC

Spybot Search & Destroy Update April 14th

Spybot Search and Destroy has an update today, April 14th, 2006. Spybot Search and Destroy is a free antispyware program available from Safer-Networking.org.

Spybot can clean your computer of apyware, but it also offers several ways to prevent spyware from getting onto your computer. Spybot was the first program to offer an Immunize feature. What Immunize does is to prevent some types of spyware and adware from installing by adding settings in your computer to block them from installing. With this update, there are 4483 items that the Immunize feature targets. There is also a helper added to Internet Explorer that can block unwanted cookies and other minor threats. Last, there is a feature called Tea Timer that monitors changes on your computer that spyware is likely to change. Unlike the monitor that is included in other antispyware products like Spyware Doctor or Spy Sweeper, Tea Timer looks for things that are deleted from your computer. So if malware tries to delete your anti virus program from starting when Windows starts, you will be notified and can block it.

Spybot Search and Destroy is free because it is supported by volunteers. A donation is always welcomed to help keep it free. You can donate by going to the donation page at Safernetworking.

Spyware and other threats added in this update:

Hijacker

+ C2.lop + Smitfraud-C. + ErrorSafe + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
+ SpyFalcon + Deskwizz + Command Service
PUPS
+ YazzleSudoku + Network Monitor + Freeze
Spyware
+ SpyBanker + Targetsaver + eXact Advertising.BargainsBuddy + WhenU.SaveNow + KillSec + 007 Spy Software
Trojan
+ Innovagest2000.SpyDeface + Goldun + Jupilites + Haxdoor.gx + Win32.Agent.pj + Win32.Tiny.ac + Win32.Swizzor.dd (2) + Vcodec + SpywareQuake

Firefox Updated to Fix Problems

A new version of Mozilla's popular Firefox web browser has been released. Firefox version 1.5.0.2, is now available to improve both security and stability. The exact details of the security updates hasn't released, but this update comes two days after Microsoft issued several updates for Internet Explorer. The non security updates are said to address the memory leak that Firefox has experienced. Symptons of the memory leak include delays in typed leters appearing on web pages and jerky scrolling of web pages. This update also allows Firefox to be run on Apple Macs using Intel computer chips. You can download the new version from the Mozilla Firefox page. I would recommend uninstalling the older version before installing the new version.

The security updates appear to address remote code execution. This is a fancy way of saying that a website can do something that it isn't allowed to normally do because of a flaw in the web browser. While Firefox is often noted because it does not have as many security problems as Internet Explorer, the growing popularity of the browser means that it is becoming a target of hackers.

The use of some of Firefox's features casued more RAM to be used than should be in older versions. There are two examples fixed in Firefox 1.5.0.2 that were using too much memory. The Find feature used to locate words on a web page is one, while the autocomplete is the other. Hopefully, this update will completly fix the problem.

I will post an update in the future letting you know what my experience is with this version.

Thursday, April 13, 2006

Spy Sweeper Update # 656

Spy Sweeper has been updated to spyware definition version 656.

Updated April 12th, 2006

Protection against 135,057 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places spyware is likely to change. Second is with the large threat database. Should any spyware get onto your computer, Spy Sweeper can remove it.

Spy Sweeper is available from here

Wednesday, April 12, 2006

Spyware Doctor Update - 3.04490

Spyware Doctor has been updated with new removal detections.

Latest Database Version: 3.0449 0
Intelli-Signatures: 53,302

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

A free scan is available from the Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

New Intelli-Signatures:
3.0449 0 - 2378ru Toolbar, Backdoor.Hupigon.RJ, Trojan.Downloader.Agent.EQ, Trojan.Downloader.Agent.JC, Trojan.Downloader.Agent.TE, Trojan.Downloader.Agent.YT, Trojan.Downloader.Delf.AAC, Trojan.Downloader.Delf.AAF, Trojan.Downloader.Delf.AAG, Trojan.Downloader.Delf.AAI, Trojan.Downloader.Delf.AAL, Trojan.Spy.Banpaes.AF

3.0448 0 - A+++ Keylogger, Backdoor.Bifrose, Trojan.Downloader.Agent.AAM, Trojan.Downloader.Agent.AAO, Trojan.Downloader.Delf.ABU, Trojan.Downloader.Delf.AGS, Trojan.Downloader.Small.BXH, Trojan.Downloader.Small.CAB, Trojan.Downloader.Small.CGE, Trojan.Proxy.Xorpix, Trojan.Spy.Banker.ACD

Extended Intelli-Signatures:
3.0449 0 - 2Search, ActiveX Objects, Activity Logger, AdultLinks, All-In-One Telcom, Anti-Phishing, Azesearch Toolbar, Backdoor.Delf.JZ, Backdoor.Robobot, ClkOptimizer, EliteBar, Email.Worm.Bagle, InternetOptimizer, Known Bad Sites, LinkMaker Hijacker, LockSky, Trojan.Banker, Trojan.Downloader.Pacer, Trojan.Downloader.Small.BHO, Trojan.EShopee, Trojan.Popuper, Trojan.PWS.Tanspy, Trojan.StartPage.AV, Trojan.StartPage.GEN, Virtual Bouncer, WinFixer

3.0448 0 - Backdoor.Hackdoor, Backdoor.IRC.Client.a, Backdoor.ProRAT.K, BookedSpace, Boss Everyware, CasinoClient, Common Components for Trojans, CWS.Home Search Assistant, DialerPlatform, eZula, PSGuard Desktop Hijacker, StartNow.HyperBar, Starware, Statblaster, Stealth Keyboard Interceptor, Stealth Keylogger, StickyPops, StoragePass Viewer, StripPlayer, SubSeven, Super Spy, Super Stealth Key Capturer, SuperKeylogger, Superlogy.com, Supersmileys, SupremeSpy, Surf Accuracy, Surf Speak, Surf Spy 2.1, SurfSideKick, SysCheckBop32, SystemSleuth Keylogger, TechKiller, TelephoneSpy, The PC Detective, TheNewSearch Dialer, TIBS Premium Rate Dialer, TizzleTalk, ToonComics Hijacker, TopSearch, Transponder.Ahexe, Transponder.Alchemy, Transponder.BI, Transponder.Blackstonedata, Transponder.Bolger, Transponder.BTGrab, Transponder.Ceres, Transponder.DLMax, Transponder.FileFinder, Transponder.ImGiant, Transponder.kz515, Transponder.LocalNRD, Transponder.MSView, Transponder.Multimpp, Transponder.MXTarget, Transponder.Pynix, Transponder.Speer, Transponder.Speer2, Transponder.TPS108, Transponder.Twain-tech, Transponder.Zserv, Trojan.Abox, Trojan.AckCmd, Trojan.Adclicker, Trojan.Admincash, Trojan.Adwaheck, Trojan.Agent.CL, Trojan.Agent.CS, Trojan.Agent.DJ, Trojan.Agent-BZ, Trojan.Bankem, Trojan.Banker, Trojan.Downloader.Agent.AM, Trojan.Downloader.ConHook, Trojan.Downloader.Delf.XG, Trojan.Downloader.Small.ATL, Trojan.Downloader.Small.BYD, Trojan.Dropper.Agent.ABU, Trojan.Goldun.D, Trojan.Popuper, Trojan.Proxy.Lager.f, Trojan.Proxy.Small.BO, Trojan.StartPage.HT, WebDialer, Windows AdControl, WinTools

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

CounterSpy Updated to Detection 319

CounterSpy 1.5 latest update definition is 319

CounterSpy is able to catch more spyware than almost every other utility on the market because the CounterSpy threat database (with the signatures of every spyware and malware utility we can identify) is constantly updated. Our researchers constantly look for ways to improve our spyware searching database so that it catches all spyware that could potentially be on your system. Keyloggers, spyware cookies, remote access trojans (backdoors), and more are all identified.

http://research.sunbelt-software.com/download.cfm

CounterSpy offers a 15 day fully functional trial. So that means you can not only test how it detects spyware, but how well it removes spyware, malware, and other threats.

New Threats Added to Database

SniperSpy
SpamTool.Win32.Agent.e
Trojan-Downloader.Win32.Agent.afl
Trojan-Downloader.Win32.Small.cpp
Trojan.Win32.Agent.oh
Trojan-Downloader.Win32.Small.oc
Trojan-Downloader.Win32.Small.ckj
Trojan-Downloader.Win32.CWS.s
FullContext.EQAdvice
Transponder.NewAd1
QuickLinks
Win32/VB.NN
Win32/Agent.LP
Win32/Small.TV
Win32/Small.ALF
Win32/Small.KW
Win32/Small.P
Win32/Small.CV
Win32/Dnschanger.C
Win32/Small.NBI
Agent.CJ.dll
Agent.UQ
Agent.NO
Agent.UZ
Agent.NN
Zlob.HV
Zlob.BW
Zlob.IL
Smoking Gun
Backdoor.Rbot.adf

Microsoft Windows Updates for April

On Tuesday, Microsoft released several updates for Windows and Internet Explorer. Three of the updates, also called patches, are critical. That means your computer is at risk from hackers and criminals who can use the unfixed flaws to do things on your computer that should not be allowed. Many of the spyware makers use these flaws to get their spyware onto your computer.

One of the patches fixes a serious flaw in Internet Explorer that could allow spyware, trojans, and other unwanted files onto your computer. Simply visiting a page with this exploit can allow your computer to be taken over. This is stated in the detail page for one of the updates.

"An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system," Microsoft said in its alert. "We recommend that customers apply the update immediately."
To check your computer and to install these updates, visit Windows Update.

In addition to updates, the Windows Malicious Software Removal Tool is part of the update process. The tool checks for some of the most serious virus and trojan risks that could be on your computer. A list of threats detected and removed by the Malicious Software Tool can be seen on the Families Cleaned page. Currently added threats include Locksky, Reatle, and Valla. Other threats include Sober, Blaster, and Zlob. Trojan Zlob is better known by the programs it tries to sell. SpyAxe, SpywareStrike, SpywareQuake, and WinHound are a few of the ones installed by Zlob. Even thought the tool is part of Windows Update, you can run the tool anytime by visiting the tool's homepage here.

NOD32 Antivirus 1.1483

NOD32 Antivirus detection database has been updated to version 1.1483 (20060411)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

IRC/SdBot (2), JS/TrojanDownloader.Tivso.U (2), Win32/Adware.Comet (4), Win32/Adware.DM (3), Win32/Adware.WSearch (2), Win32/Agent.NAU (3), Win32/Agent.OH (4), Win32/Agent.TV (3), Win32/Bagle.ET, Win32/Bagle.FY, Win32/Bagle.J, Win32/BO.Plugin.IO.A, Win32/Delf.ADO (2), Win32/Dialer.HZ (2), Win32/Dialer.PornDial.F (2), Win32/EggDrop (2), Win32/Mytob.OZ, Win32/Mytob.SC (2), Win32/PcClient, Win32/PcClient.IF, Win32/PcClient.OQ (2), Win32/PeerBot.B, Win32/Poebot, Win32/PSW.Delf.JM (2), Win32/PSW.Gamania.CH, Win32/PSW.LdPinch (2), Win32/PSW.LdPinch.AKI, Win32/PSW.Lineage.ON, Win32/Qhosts, Win32/Rbot (5), Win32/ServU-Daemon (2), Win32/Small.HW (2), Win32/Spy.Agent.IK (4), Win32/Spy.Asher, Win32/Spy.Banker.AHY (3), Win32/TrojanClicker.Bomka.K (2), Win32/TrojanDownloader.Agent.AIG, Win32/TrojanDownloader.Agent.NFA, Win32/TrojanDownloader.Bagle.AO (2), Win32/TrojanDownloader.Small.AWA, Win32/TrojanDownloader.Small.CAT, Win32/TrojanDownloader.Small.CJG, Win32/TrojanDownloader.Small.NIE,

SpySweeper latest update.

Spyware definition: version 655

Updated April 1th, 2006
Protection against 134,946 spyware traces.

Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 134,946 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.




Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Monday, April 10, 2006

Spyware Doctor Update

Spyware Doctor has been updated with new removal detections.

Spyware Doctor protects your computer in 3 ways. First, it has the ON guard monitor which watches places spyware will change your computer settings. By alerting you, Spyware Doctor gives you the option to not allow unwanted programs on your computer. Second, Spyware Doctor has a feature called Immunize that completely blocks known spyware from even installing. Third, spyware Doctor has a large detection database that removes spyware that has gotten onto your computer. I have used Spyware Doctor in tests against SpyAxe and SpyFalcon. It completely removed the those two. A restart of the computer and resetting my wallpaper was the hardest part.

Latest Database Version: 3.0447 0
Intelli-Signatures: 53025

New Intelli-Signatures:
3.0447 0 - Trojan.AOL.PS, Trojan.Downloader.Agent.AAN, Trojan.Downloader.Banload.BC, Trojan.Downloader.Banload.BF, Trojan.Downloader.Banload.BH

3.0446 1- Email.Flooder.XMas, Maya Password Stealer, Rootkit.Vanti, Trojan.Agent.FC, Trojan.Downloader.Agent.AAJ, Trojan.Downloader.Agent.FB, Trojan.Downloader.Banload.BE, Trojan.Dropper.Agent.K

Extended Intelli-Signatures:
3.0447 0 - 2020search.com, Adlogix Browser Hijacker, CWS.Search For, DSSAgent, IEPlugin, MediaTickets, Trojan.Downloader.Agent.AFL, Trojan.Downloader.IN, Trojan.Downloader.Small.BNK, Trojan.Downloader.Small.BPK, Trojan.Dropper.Agent.JS, Trojan.Dropper.Small.NA, Virtumonde, WhenU.SaveNow, WinFixer, ZToolbar, ZY WebSearch

3.0446 1 -Backdoor.Robobot, Dollarrevenue, Email-Worm.Win32.Prox.B, eZula, Regfreeze Hijacker, Trojan.Banker, Trojan.Downloader.AZ, Trojan.Downloader.ConHook, Trojan.Downloader.Delf.ACR, Trojan.Downloader.Delf.QY, Trojan.LowZones, Trojan.Spy.Delf.MQ, Trojan.Zapchast, Yazzle Sudoku, Zeno Search Assistant

General Information:
Updates are posted 5 times per week on average.
Updates are installed by running Spyware Doctors' Smart Update feature.

Spyware Doctor Homepage:
http://www.pctools.com/spyware-doctor/

Spy Sweeper Update # 654

SpySweeper latest update.

Spyware definition: version 654

Updated April 10th, 2006
Protection against 134,854 spyware traces.


Spy Sweeper protects your computer in two ways. First, it uses what is called shields to monitor places on your computer that spyware will likely change. By alerting you, you can prevent spyware from even getting on your computer. The second way is the large threat database. With this update, there are 134,854 known spyware threats that Spy Sweeper detects and removes, should anything undesirable get onto your computer.

Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

NOD32 Antivirus Update 1.1480

NOD32 Antivirus detection database has been updated to version 1.1480 (20060410)

NOD32 Antivirus is in my opinion the best anti virus program available. It is light on resources, easy to maintain, and has one of the best detection and removal capabilities among anti virus programs.

Since its first submission for testing in May 1998, NOD32 was the only tested product that has never missed a single In the Wild virus. NOD32 has been selected as the "Antivirus program of 2001" by Australian PC User magazine, "Best Buy, Best Performance, Best Value" by the independent UK Consumer's Association
From Eset's NOD32 product information page.

Threats added in this update include the following:

IRC/Cloner.AZ, JS/Exploit.CVE-2006-1359, JS/TrojanDownloader.Small.NAI, Linux/Mare.G, Linux/Tsunami.W, Win32/Adware.SpySheriff, Win32/Agent.NAN (4), Win32/Agent.PO, Win32/Mocalo.CJ (3), Win32/Mytob.SA (2), Win32/PSW.Agent.EB, Win32/PSW.QQPass.FQ (2), Win32/PSW.VB.IO (3), Win32/Rbot, Win32/Spy.PerfKey.P (2), Win32/TrojanClicker.VB.LI, Win32/TrojanDownloader.QQHelper, Win32/TrojanDownloader.VB.WG, Win32/TrojanDropper.Agent.UO (2), Win32/TrojanDropper.Delf.NBH (2)

Ad Aware SE Update - SE1R103 10.04.2006

Ad Aware has been updated today.

The current definition file is SE1R103 10.04.2006

New Definitions:
========================
ABetterInternet.Nail
Adware.DuDu +2
Adware.P2PNetworking
Adware.Quicklinks
Spyware.QuickKeylogger

Updated Definitions:
========================
AdBlaster
Adintelligence.AproposToolbar +4
Adware.DollarRevenue
Adware.DuDu +8
Adware.EnergyPlugin
Adware.Hengbang
Adware.Mediapipe
Adware.Systemprocess
AdwareSheriff
begin2search +2
BroadCastPC
ClearSearch +4
CnsMin +20
Dialer +13
EzuLa +3
Global Netcom Inc +6
ImIServer IEPlugin +2
IROffer +2
istbar
MediaMotor
MegaSearch Toolbar +2
Softomate Toolbar +2
SpyAxe
SpyFerret
SpywareNo
SurfSideKickBHO
Timesink
Trojan +6
Win32.Bagle.B +3
Win32.Harnig.Trojan
Win32.Sober.A +3
Win32.Spybot.worm +2
Win32.Trojan.Agent.cs
Win32.Trojan.Delf
Win32.Trojan.Downloader +38
Win32.Trojan.Mirc +2
Win32.Trojan.Puper.d +4
Win32.Trojan.Spambot +2
Win32.TrojanClicker +7
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.ConHook +2
Win32.TrojanDownloader.IstBar.hg +3
Win32.TrojanDownloader.Lastad.h +2
Win32.TrojanDownloader.Swizzor.br +22
Win32.Trojandownloader.Zlob +2
Win32.TrojanDropper
Win32.TrojanDropper.Vidro
Win32.TrojanProxy.Small +3
Win32.Trojan-PSW.Lineage +4
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Goldun +2
Virtumonde +2
Zango +2


Ad Aware SE by Lavasoft is a program to scan your computer for adware componets including cookies, registry keys, and files. When done with scanning, you can clean anything found with no limitations or need to buy.

More information available at Lavasoft, the creators of Ad Aware.

Sunday, April 09, 2006

NOD32 Antivirus Update v. 1.1479 (20060409)

NOD32 Antivirus has been updated. The current threat definition is v. 1.1479 (20060409)

Updated detections include the following:

JS/TrojanDropper.Tivso.H, Linux/Bi.A, Win32/Adware.180Solutions, Win32/Bi.A, Win32/Bropia.CK (2), Win32/Delf.Q (28), Win32/Dialer.NBQ, Win32/Flooder.VB.EE, Win32/Hipid.A (3), Win32/Hupigon, Win32/Lemoor.A, Win32/Lemoor.C (2), Win32/Mytob.RW, Win32/Mytob.RY, Win32/Mytob.RZ (2), Win32/Protoride (2), Win32/Qhosts, Win32/Rbot, Win32/Rootkit.Agent.AT, Win32/Spy.Banker.NII (2), Win32/Spy.Goldun.GU, Win32/Spy.Goldun.HP, Win32/VB.AEL

http://www.eset.com/download/index.php

New Fake Windows Security Site

There is a new fake website from the same spyware makers of SpyAxe, SpyFalcon, and SpywareQuake. If your homepage has been changed to bestsecurityguide.com or you are being directed to this site by alerts on your computer, then you have been infected by spyware.The warning about the W32.Sinnaka.A@mm virus is false. Usually, this infection comes from installing codec to view a short video. About 5 to 15 minutes after installing the codec, you will begin getting alerts near the clock on your taskbar. The following is one example of the fake alert from earlier this year.

This is not a real message from Windows or Microsoft. You will also get pop up windows from time to time alerting you that you are infected with spyware. They will have different looks, but all of them wil lead you to a site where you will have to buy something to fix your computer. In a recent post, I have several screenshots of ones that appeared when I had a test computer infected with SpyFalcon.

The solution offered on the page for Malware Wipe and Pest Trap are just advertisments to get you to buy something. Both programs will not fix anything unless you pay $49. Since these programs are rogue antispyware programs, there's no guarantee that they will fix anything. Last, since these programs come from people from shady backgrounds, your credit card number may be sold to other criminals. Don't buy them!

If you need to fix your computer, you can try my SpyFalcon and SpywareQuake removal instructions. There are some new files that you will need to manually fix that aren't in that post yet, so add these to the removal process:

With Hijackthis, check and fix:

O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hpAD57.tmp

Note that the file is randomly named. It will have hp***.tmp in it, but the part in the middle with the stars will be random.

Delete the following files:

  • C:\WINDOWS\system32\stickrep.dll
  • C:\WINDOWS\system32\mssearchnet.exe
  • C:\WINDOWS\system32\ncompat.tlb
  • C:\WINDOWS\system32\nvctrl.exe
If there is additional info, I will update.

Friday, April 07, 2006

CounterSpy Updated to Definition 317

CounterSpy 1.5 latest update definition is 317

New Threats Added to Database

WebWatcher
Trojan-Downloader.Win32.Banload.adw
Trojan-Downloader.Vip
Exploit.JS-CVE-2005-1790


Current Threats With Updated Information


Actmon PC & Internet Monitoring
Backdoor.Hupigon.lq
Beyond Keylogger
BigBlue.01
BlazingTools Perfect Keylogger
Busted
ClickSpring.PuritySCAN
Exploit.CHM
Exploit.WMF
Family KeyLogger
Haxdoor.Fam
Trojan.BankerSpy
Trojan.PayTime
Unclassified.Spyware.Loader
Zango Search Assistant
AssasinTrojan2.0
Zango.Muncher
Zango.Grab&Burn


http://research.sunbelt-software.com/download.cfm

NOD32 Update v.1.1476 (20060407)


NOD 32 Antivirus current update is v.1.1476 (20060407)


HTML/Phishing.gen, IRC/SdBot (2), JS/TrojanDropper.Tivso.H, Spfake.A, Win32/3Proxy (2), Win32/Adware.Comet, Win32/Adware.Softomate, Win32/Adware.Virtumonde, Win32/Agent.XS (4), Win32/Dialer.IT (2), Win32/IRCBot, Win32/Locksky.BF, Win32/Mocalo.CI (4), Win32/PrcView (3), Win32/PSW.Gamania.CH (3), Win32/PSW.Lineage.RR (3), Win32/Rbot (4), Win32/Rootkit.Agent.AD, Win32/Rootkit.Agent.BS, Win32/Small.FB (2), Win32/Spy.Banbra.DF (2), Win32/Spy.Banker (2), Win32/Spy.Banker.AHY (4), Win32/Spy.Banker.AWW, Win32/Spy.Banker.AYF (2), Win32/Spy.Goldun.BF, Win32/Spy.Goldun.GU, Win32/Spy.Small.J, Win32/TrojanDownloader.Banload.AAE, Win32/TrojanDownloader.Banload.AEE (2), Win32/TrojanDownloader.Banload.LY, Win32/TrojanDownloader.Banload.UH, Win32/TrojanDownloader.Banload.YG (2), Win32/TrojanDownloader.Dadobra.AG, Win32/TrojanDownloader.Dadobra.FX, Win32/TrojanDownloader.Small.CIE (3), Win32/TrojanDownloader.Small.CQN (4), Win32/TrojanDownloader.VB.XO, Win32/TrojanDownloader.Zlob.IH (2), Win32 /TrojanProxy.Agent.FP, Win32/TrojanProxy.Agent.IW, Win32/TrojanProxy.Ranky (2), Win32/Tsipe, Win32/VB.AIB, Win32/VB.BU (2), Win32/VB.NCC, Win32/VB.NFB

http://www.eset.com/products/products.htm

Spy Sweeper Update 652

SpySweeper latest update.

Spyware definition: version 652

Updated April 7th, 2006
Protection against 134,504spyware traces.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

Spybot Search & Destroy Update

04-07-2006

Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL

Malware
+ AdwarePunisher ++ Anti-Virus-Pro + SpyContra + SpyAxe + SpyFalcon + SpyGuard + Winhound ++ UnSpyPc + Vcodec ++ Win32.LinkBot

PUPS
+ SpyiBlock

Trojan
+ Innovagest2000.1stAntiVirus + Innovagest2000.SpyDeface + Innovagest2000.XSRemover + SpywareQuake ++ SpywareXP

Total: 314,668 fingerprints in 39,026 rules for 1902 products.

http://www.safer-networking.org/en/home/index.html

FTC Fines California Spam Group

The Federal Trade Commission fined a California company that was sending out millions of spam emails. The FTC working with the California Attorney General issued a 2.4 million dollar judgement against Optin Global, Inc., Vision Media Limited Corp., Qing Kuang “Rick” Yang, and Peonie Pui Ting Chen. During the investigation, the FTC received some 1.8 million email messages from the public as complaints.

In the complaint, the FTC said that the defendents sent emails that:

  • contained false or forged header information;
  • included deceptive subject headings;
  • failed to identify e-mail as advertisements or solicitations;
  • failed to notify consumers they had a right to opt out of receiving more e-mail;
  • failed to provide an opt-out mechanism;
  • failed to include a valid physical postal address.
These are in violation of the CAN-SPAM Act. If the defendants are found to violate it in the future, then additional action will be taken.

The FTC is the regulatory agency that covers spam, spywar, and any other Internet fraud. If you have a complaint against spammers, spyware makers, or online businesses, you can file a complaint. There is a web page on the FTC site to submit complaints. You can also call 1-877-FTC-HELP (1-877-382-4357) if you prefer. In addition to the FTC, there are several other ways to voice your complaints. The Center for Democracy and Technology has an online form for spyware that you can use to complain. Last, there is a new site set up by volunteers from many help forums that fight spyware to voice your complaints as well. Malware Complaints offers a way to share your thoughts about spyware, adware, and other Internet pests. This site is not just for the United States, but for many countries around the world.

More On the Direct Revenue Lawsuit

Just a day after posting about the lawsuit by New York State against malware maker Direct Revenue, come more details into the questionable practices by them. How did they anger so many people to the point of writing profanity filled letters that sometimes contained death threats?

First, to show how there is much money to be made in the adware business, here are some of the revenues that Direct Revenue (no pun intended) reported over the last few years. The pdf that includes this info goes into more detail, but I will post some so you get the idea.


Revenue from the Direct Revenue Program

  • 2003 - $6,134,875
  • 2004 - $27,994,341
  • 2005 up to October - $24,272,155
More details can be seen in the pdf file hosted by antispyware researcher Ben Edleman here.

In the summer of 2005, the amount of people needing help removing the Aurora or nail.exe spyware program, that a post was created at Spyware Warrior to help people remove it. The number of people complaining about this was so great, that the helpers at the forum could not keep up. This is probably one reason why Direct Revenue got so many emails with obscenities and varying degrees of violence. Since they are too vulgar to quote here, I'll just link to the pdf that contains them. Be warned, much of the language is not family friendly. You have to scroll down to around page 10 or so to get to them. The amount of outrage is almost unbelievable.

More details and insight at fellow antispyware bloggers:

Spyware Doctor Update 3.04450

Latest Database Version: 3.04450
Intelli-Signatures: 52,880

New Intelli-Signatures:
3.04450- Backdoor.G_Door.B, Hacktool.Ipcscan.C, Trojan.Downloader.Agent.AV, Trojan.Downloader.Banload.BS, Trojan.Fumilo.A, Trojan.Implinker, Trojan.Spy.Keylogger.AP

3.0444 1 - Appolinaria, Backdoor.Sdbot.JT, Common Components for Retina-X Studios, Net Spy Pro, NetSpy, OKiller, SniperSpy, TechKiller, Trojan.Downloader.Banload.BB, Trojan.Downloader.Banload.GH, Trojan.Spy.Delf.AF, Trojan.Spy.GWGhost, Trojan.VisAgent

Extended Intelli-Signatures:
3.04450 - 180search Assistant, ActiveX Objects, Activity Logger, Activity Monitor, ActMon Keylogger, Anti-Phishing, Backdoor.Agent.QS, Backdoor.ProRAT.K, Backdoor.SdBot.XM, BookedSpace, Common Components for Keyloggers, Common Components for Spytech software, Common Components for Trojans, Cram Toolbar, Dollarrevenue, IE Driver, IGetNet, Instant Access, IST Unknown Variant, LinkMaker Hijacker, NetVizor, SpywareQuake, Trojan.Banker, Trojan.Downloader.Banload.BN, Trojan.Downloader.Delf.ACR, Trojan.Downloader.Delf.VT, Trojan.Downloader.VB, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Agent.PQ, Trojan.Dropper.Small.WP, Trojan.Emspy, Trojan.Goldun, Trojan.Pakes.A, VisualLog, WurldMedia

3.0444 1- 180search Assistant, AceSpy, Backdoor.Rbot.Gen, Common components for Exploreanywhere, Common Components for Keyloggers, Common Components for Spytech software, CommonScripts.txt, CWS.Home Search Assistant, CWS, Dialer.Star, ErrorSafeFree, FavoriteMan, Keylogger Pro, Keylog-sters, Known Bad Sites, Lop.com, MediaGateway, Nuclear R.A.T, PurityScan, Real Spy Monitor-Keylogger, SpyBuddy Keylogger, Surf Accuracy, Trojan.AVKillers, Trojan.Clicker.BHO, Trojan.Downloader.Agent IL, Trojan.Downloader.Banload.AF, Trojan.Downloader.Delf.VT, Trojan.Dropper.Small.AEK, Trojan.LowZones.CQ, Trojan.PWS.Tanspy, Trojan.StartPage.ADH, Trojan.XPSP2FW, Virtumonde, WebMailSpy, WhenU.Search, WhenU.WeatherCast, WinFixer

Tool Update releases:
3.6.0.1049 - Interface Tool Library

Spyware Doctor homepage
http://www.pctools.com/spyware-doctor/

Thursday, April 06, 2006

NOD32 - v.1.1475 (20060406)

NOD 32 Antivirus current update is v.1.1475 (20060406)

Threats updated include some of the following. Since the number of updated threats is quite alot, I'll include the important ones.

Win32/Adware.Altnet, Win32/Adware.Mirar, Win32/Adware.PurityScan (4), Win32/Adware.Virtumonde (2), Win32/Rootkit.Agent.BK, Win32/Rootkit.Agent.BR, Win32/Rootkit.Agent.Y (2), Win32/Spy.KeyLogger.FM (4)

All of the following Zlob ones are different varients of SmitFraud, which is the family name of SpyAxe, SpyFalcon, SpywareQuake, and many others. If you've seen or heard about the spyware that has the fake security warning that keeps popping up above your clock in Windows, then that's SmitFraud.

Win32/TrojanDownloader.Zlob, Win32/TrojanDownloader.Zlob.DC (2), Win32/TrojanDownloader.Zlob.GP, Win32/TrojanDownloader.Zlob.KE (4), Win32/TrojanDownloader.Zlob.KF

I already posted about how to remove the various types of SmitFraud on my other blog. What NOD 32 can do is prevent installation by blocking the bad files. You'll get a big red alert box telling you what was blocked. Whenever I have tested SpyFalcon or SpyAxe on my test computer, I can't have NOD32 running. It won't let me install the bad files.

http://www.eset.com/

Spy Sweeper Update 651

SpySweeper latest update.

Spyware definition: version 651

Updated April 6th, 2006
Protection against 134,399 spyware traces.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

New York State Sues Spyware Maker

New York State Attorney General Eliot Spitzer has filed suit against Direct Revenue. In the suit, the Attorney General is asking the Court to stop Direct Revenue from installing any more software and to stop software that is already installed from showing ads. In addition, the State is asking Direct Revenue to provide accounting of the money it has made. Official notice on the New York Attorney General's website is here.

Aurora is the most common name of the program that was installed on people's computers. The Aurora program was installed without notice or consent by 3rd party vendors. Once installed, many pop up ads appear selling anything from online gambling to adult oriented sites. Since having more installations means more money, many affiliates used any means they could to get Direct Revenue's program onto as many computers as possible. No notice was given when the program was bundled with other software. If notice was given, it was buried in a long license agreement that most people wouldn't notice. Direct Revenue was aware of these shady practices. Not only did they allow it, they attempted to silence critics. According to Eric Howes, Director of Malware Research at Sunbelt Software, there was even a case of Direct Revenue hiring a private investigator to intimidate one critic.

Also of interest is the fact that DR execs obsessively monitored anti-spyware web sites, organizations, and companies for any sign of criticism and were not shy about issuing legal threats and, in one case, hiring a private investigator to bully critics into silence.
This is not the first lawsuit against Direct Revenue. Last year, a class action lawsuit was filed in Chicago against them as well. A settlement was reached last month with Direct Revenue. Some of the settlement conditions include providing a 1-800 number where people can get uninstall instructions, clearly marking any promotions as advertisements, destroying any personal information collected, and refraining from collecting any personal information such as Social Security numbers in the future. Most importantly, the company will ensure that people are clearly agreeing to any software installs from them.

Between these two legal actions, at least one spyware vendor appears to be on the way out. If Direct Revenue wants to continue their online business, then they will have to change their methods of installing their software.

SpywareQuake Removal

SpywareQuake is the new version of SpyAxe, SpywareStrike, and SpyFalcon. You may see the following line from Hijackthis:

O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h

You may also find one of these file as a new dll controlling the fake warning near the clock:

C:\WINDOWS\system32\stickrep.dll
C:\WINDOWS\system32\dxmpp.dll
C:\WINDOWS\system32\ginuerep.dll
C:\WINDOWS\system32\dfrgsrv.exe

You can follow the SpyFalcon removal instructions and add the above to the fix as needed.

Spy Sweeper Update 650

SpySweeper latest update.

Spyware definition: version 650

Updated April 5th, 2006
Protection against 134,245 spyware traces.


Spy Sweeper available from http://www.webroot.com/consumer/products/spysweeper/

NOD 32 Antivirus v.1.1474 (20060405)

NOD 32 latest update is v.1.1474 (20060405)


Threats updated include the following:

Win32/Adware.AdHelper, Win32/Adware.DigitalNames, Win32/Adware.IGetNet (2), Win32/Adware.Pugi (2), Win32/Adware.Suggestor, Win32/Adware.Virtumonde.AK, Win32/Adware.WinAd (2), Win32/Agent.TV (4), Win32/Bagle.FX (2), Win32/Bobax.AT (2), Win32/Lowzones.DM, Win32/PSW.Agent.EG (5), Win32/PSW.LdPinch (3), Win32/PSW.LdPinch.AJV (2), Win32/PSW.Lineage.DN (6), Win32/PSW.Lineage.NAQ, Win32/PSW.Lineage.ON, Win32/PSW.Lineage.VA, Win32/PSW.Lineage.XX, Win32/PSW.Lineage.YS (2), Win32/Rbot, Win32/TrojanClicker.BHO.B, Win32/TrojanDownloader.Agent.AHT (2), Win32/TrojanDownloader.Small.AWA, Win32/TrojanDownloader.Zlob.KE (5), Win32/TrojanDownloader.Zlob.KF (5), Win32/TrojanDropper.Small.NDY (2), Win32/TrojanProxy.Daemonize.AW (2)

http://www.eset.com

SpywareBlaster For April

New SpywareBlaster updates available.

Database 5643 items
Updated April 3rd, 2006

SpywareBlaster is free and available from here.

SpywareBlaster can:

  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox
  • Restrict the actions of potentially unwanted sites in Internet Explorer

Sunbelt CounterSpy Definition 315

CounterSpy 1.5 latest update definition is 315

New Threats Added to Database

WeirdOnTheWeb
Downloader.AN
Downloader.AP
Rivarts.A
Clagger.C
ApiGrabber
Trojan-PSW.Win32.Agent.fv
CoolWebSearch.NetCross
Spyshield
WinBot
BHO.NameShifter.LG
Java/Byteverify
BTEngine
VBS.Zerolin
SmartDove
Downloader.AQ
Trojan-Downloader.NSIS.Agent.p


Current Threats With Updated Information

180Solutions.Zango.ZangoToolbar
3721.com Chinese Keywords
ABetterInternet.Aurora
Actmon PC & Internet Monitoring
Actual Spy
AdHelper
Adware-Webnexus
Auto.Keylogger Key Logger
Axexx CHM
BaiduBar
BearShare
Begin2Search
BestOffersNetwork
BossWatcher
Bullguard
CnsMin
CoolWebSearch.MWSearch
Desktop Links
Dimpy.win32VBsy
DollarRevenue
Downloader.activate_crack
DropSpam
DropSpam
eXact.Downloader
eXact.NaviSearch
Haxdoor.Fam
Jupites.dr
Krepper
NewAds.IRASSync
PartyPoker
PWS-Banker
QuickLinks
SurfSideKick
TargetSaver
Trojan-Proxy.Win32.Xorpix.o
Trojan.Delf
Trojan.Downloader.Qoologic
Trojan.PayTime
Trojan.vxgame
Virtumonde
webHancer
WebSearch Toolbar
WhenU.SaveNow
WinFixer
Yazzle Sudoku
Zenotecnico
AlltheInternet
Weird on the Web



http://research.sunbelt-software.com/download.cfm

Wednesday, April 05, 2006

Sunbelt CounterSpy

CounterSpy 1.5 latest update definition is 313

New Threats Added to Database

Trojan.Downloader.8062
Falling Dollar


Current Threats With Updated Information

AceSpy 3.5.45
Actual Spy
Adware-Webnexus
Ardamax Keylogger
BestOffersNetwork
CoolWebSearch.MWSearch
DesktopScam
Dialer.maxd
DollarRevenue
Exploit.CreateTextRange
FiveSec.Spam.agent.vx
Fullcontext.EQAdvice
InternetOffers
Jupites.B
Kiwi Alpha
Locksky.M
Marketscore.RelevantKnowledge
Nextern
QuickLinks
ShopAtHome
SpyFalcon
SpywareQuake
SurfSideKick
TIBS Premium Rate Dialer
Trojan.Delf.MM
Trojan.Downloader.abc
Trojan.vxgame
TrojanDownloader.loadadv
Virtumonde
webHancer
WhenU.SaveNow
WindUpdates.MediaGateway
Yazzle Sudoku
YourSiteBar
Zenotecnico
Ads.Tucows


http://research.sunbelt-software.com/download.cfm

Spyware Doctor For Monday

Latest Database Version: 3.0442 0

Intelli-Signatures: 52195

New Intelli-Signatures:

3.0442 0- Backdoor.IRCBot.FP, C-One v.1.0.0, Dialer.FV, LittleHelper, Trojan.Dialer.NE, Trojan.Downloader.Banload.AL, Trojan.Downloader.Banload.B, Trojan.Downloader.Fuetel, Trojan.Downloader.Tiny.Y, Trojan.Dropper.Agent.AAY, Trojan.Proxy.Small.DV, Trojan.Runner.F


3.0441 1 - Backdoor.Rbot.WI, Dialer.LI, Digiwex, StoragePass Viewer, Suggestor.O, Trojan.Downloader.BRE, Trojan.Downloader.BSC, Trojan.Downloader.BTC, Trojan.Downloader.Delf.ABR, Trojan.Downloader.Hanlo.I, Trojan.Downloader.Leodon, Trojan.Downloader.Msole32, Trojan.Downloader.Small.API, Trojan.Downloader.Small.BFE, Trojan.Emspy, Trojan.Proxy.Ranky.EK, Trojan.Spy.Agent.BY


Extended Intelli-Signatures:

3.0442 0 - AceSpy, Backdoor.Robobot, DealHelper, EasyWebSearch, eZula, ISTbar, MediaTickets, TopConverting Crazywinnings, Trojan.Downloader.Agent.AEA, Trojan.Downloader.CashDeluxe.A, Trojan.Downloader.ConHook, Trojan.Downloader.Small.AVT, Trojan.Downloader.Zlob.GEN, Trojan.Dropper.Small.AEK, Trojan.Proxy.GN, Trojan.Proxy.Lager.f, Trojan.SpamBot, Weird On The Web



3.04411 - AB System Spy Keylogger, Absolute Key Logger, Backdoor.Agent.BA, Backdoor.Sdbot.AAD, ClkOptimizer, Common Components for Trojans, DropSpam ToolBar, IE Driver, IEAccess.SurfYa, ISTbar, Known Bad Sites, Perfect Keylogger, Pop Marketing, SpyAxe, SpyFalcon, Trojan.Adclicker, Trojan.Bankem, Trojan.Banker.DX, Trojan.Banker, Trojan.Clicker.BHO, Trojan.Clicker.Delf.DY, Trojan.Delf.IT, Trojan.Downloader.Agent.AEA, Trojan.Downloader.Agent.AFL, Trojan.Downloader.Baltia, Trojan.Downloader.Druser, Trojan.Downloader.NVD, Trojan.Downloader.Qoologic.B, Trojan.Dropper.Agent.D, Trojan.StartPage.GEN, Trojan.Win32.Small.BJY, Trojan.Zlob.AP, Virtumonde, Weird On The Web, Zango Search Assistant


General Information:

Updates are posted 5 times per week on average.

Updates are installed by running Spyware Doctors' Smart Update feature.


PCTools Homepage:

http://www.pctools.com/

Tuesday, April 04, 2006

Ad Aware SE1R102 03.04.2006

SE1R102 03.04.2006

New Definitions:
========================
SpyFighter
SpywareQuake +4
SpywareStormer

Updated Definitions:
========================
Adintelligence.AproposToolbar +6
Adultlinks Quickbar
Adware.CasinoClient +3
AdwareSheriff
BargainBuddy +4
BlazeFind
BlazingTools Perfect Keylogger
DyFuCA +2
Elitum.ElitebarBHO
Lop
MediaMotor +3
PurityScan +3
SahAgent +2
SpyAxe
SpyFalcon
SpyFerret
SpywareNo +30
Win32.Adverts.TrojanDownloader +5
Win32.Backdoor.CiaDoor +3
Win32.Trojan.Delf +3
Win32.Trojan.Downloader +6
Win32.Trojan.Keylogger +3
Win32.Trojan.Kolweb +8
Win32.Trojan.LowZones
Win32.Trojan.SDBot +6
Win32.Trojan.StartPage +2
Win32.TrojanClicker +5
Win32.TrojanDownloader.Swizzor.br
Win32.Trojandownloader.Zlob
Win32.TrojanDropper +3
Win32.TrojanSpy.Banker
Win32.Winshow
Virtumonde +3
Zango +2
ZipclixToolbar

The MD5 checksum for the defs.ref file is cf0ed41d39089e503d8825e91900834f

Additional Information
============================================
You can use Webupdate to install the new reference file, or download it manually from:
http://download.lavasoft.de.edgesuite.net/public/defs.zip

If you think something needs to be sent to us for review, visit our submission site at:
http://www.lavasofthelp.net/submit/

If you have any questions, please contact us at:
http://www.lavasoftsupport.com

Monday, April 03, 2006

NOD32 - v.1.1467 (20060402)

NOD32 - v.1.1467 (20060402)
Virus signature database updates:
JS/TrojanDownloader.Tivso.S, Win32/Delf.API (2), Win32/Delf.NCC (2), Win32/Locksky, Win32/Locksky.BE (4), Win32/Spy.Banbra.DF (3), Win32/Spy.Banker.AHY (4), Win32/Spy.Banker.ANV (2), Win32/Spy.Banker.NIB, Win32/Spy.Banker.WN (2), Win32/Spy.PerfKey, Win32/Spy.PerfKey.J, Win32/TrojanDownloader.Small.AWA, Win32/TrojanDownloader.Small.CGT (2), Win32/TrojanDropper.Small.ABM (2)

http://www.eset.com

Saturday, April 01, 2006

Spybot Search & Destroy Updated

03-31-2006
Dialer
+ Cbit-Solutions.PlayGames
Hijacker
+ CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
Malware
+ ISearchTech.ISTactiveX + SpywareStrike + SpyFalcon + Vcodec.eMedia + HitVirus + RemedyAntiSpy + SpyAxe + SpyFalcon + Command Service + Anti-Virus-Pro + AdwareSpy
PUPS
+ MalwareWipe + SystemStable
Spyware
+ webHancer + Exact Advertising.BargainsBuddy + KillSec
Trojan
+ Euniverse + TrojanDownloader.Small.fo + DLUCA-M + PestWiper + SpyCut + WorldAntiSpy + Jupilites + Hupigon


http://www.safer-networking.org/en/home/index.html

Sitemeter