2011年3月30日星期三
Your Federal Tax Payment has been rejected
Definition file update for Ad-Aware.
149.648 is now available, new definition file for Ad-Aware 8.2.
150.333 is now available, new definition file for Ad-Aware 9.x, 8.3.
New definitions:
====================
Win32.FraudTool.WindowsSupportSystem
Updated definitions:
====================
BAT.Trojan.Regger
MSIL.Backdoor.Agent
MSIL.Trojan.Agent
MSIL.Trojan.Inject
MSIL.TrojanDownloader.Agent
MSIL.TrojanDownloader.Vkont
MSIL.TrojanDropper.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
MSIL.Worm.Autorun
Win32.Adware.AdStart
Win32.Adware.Adnur
Win32.Adware.CommonName
Win32.Adware.Delf
Win32.Adware.EzuLa
Win32.Adware.FakeInstaller
Win32.Adware.Gaba
Win32.Adware.Gamevance
Win32.Adware.MegaP
Win32.Adware.NavExcel
Win32.Adware.Quick
Win32.Adware.RON
Win32.Adware.SideTab
Win32.Adware.SuperJuan
Win32.Adware.TMAagent
Win32.Adware.VB
Win32.Adware.Zwangi
Win32.Backdoor.Acidoor
Win32.Backdoor.Agent
Win32.Backdoor.Alphabot
Win32.Backdoor.Amitis
Win32.Backdoor.Bandok
Win32.Backdoor.BeastDoor
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.CiaDoor
Win32.Backdoor.Curioso
Win32.Backdoor.Delf
Win32.Backdoor.Dusta
Win32.Backdoor.Floder
Win32.Backdoor.Gbot
Win32.Backdoor.Hadache
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Iroffer
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Lolbot
Win32.Backdoor.Mailer
Win32.Backdoor.Mesub
Win32.Backdoor.Pangus
Win32.Backdoor.Papras
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Protector
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.Ruskill
Win32.Backdoor.SDBot
Win32.Backdoor.Spammy
Win32.Backdoor.TDSS
Win32.Backdoor.Turkojan
Win32.Backdoor.Udr
Win32.Backdoor.VB
Win32.Backdoor.Y3KRat
Win32.Backdoor.Yobdam
Win32.Backdoor.Zzslash
Win32.Dialer.InstantAccess
Win32.Dialer.Tuta
Win32.Flooder.Delf
Win32.Flooder.Spambot
Win32.FraudTool.SystemDefender
Win32.FraudTool.SystemSecurity
Win32.Hoax.ArchSMS
Win32.Hoax.Bravia
Win32.IMWorm.Vb
Win32.Monitor.Agent
Win32.Monitor.Ardamax
Win32.Monitor.Hooker
Win32.Monitor.Perflogger
Win32.Monitor.SoundSnooper
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Benjamin
Win32.P2PWorm.Butibrot
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.P2PWorm.VB
Win32.Rootkit.Agent
Win32.Rootkit.Banker
Win32.Rootkit.Bubnix
Win32.Rootkit.Fisp
Win32.Rootkit.TDSS
Win32.Rootkit.Tent
Win32.Rootkit.Xanfpezes
Win32.SMSFlooder.Ideknet
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavka
Win32.Trojan.Antavmu
Win32.Trojan.AntiAV
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Cdur
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cosmu
Win32.Trojan.Cospet
Win32.Trojan.Cossta
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Dialer
Win32.Trojan.Diamin
Win32.Trojan.DieMast
Win32.Trojan.Diple
Win32.Trojan.FakeAV
Win32.Trojan.Fakewarn
Win32.Trojan.FraudST
Win32.Trojan.Fraudpack
Win32.Trojan.Genome
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Jorik
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.Lebag
Win32.Trojan.Llac
Win32.Trojan.MMM
Win32.Trojan.Mahato
Win32.Trojan.Maudi
Win32.Trojan.Menti
Win32.Trojan.Mepaow
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Pakes
Win32.Trojan.Paltus
Win32.Trojan.Pasta
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Ruvs
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Sefnit
Win32.Trojan.Shutdowner
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Smardf
Win32.Trojan.Staget
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Virtumonde
Win32.Trojan.Webprefix
Win32.Trojan.Wigon
Win32.Trojan.Zapchast
Win32.Trojan.Zmunik
Win32.TrojanClicker.Agent
Win32.TrojanClicker.Casu
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.Libie
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanDDoS.Agent
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.Bhosta
Win32.TrojanDownloader.CcKrizCry
Win32.TrojanDownloader.Clan
Win32.TrojanDownloader.Cntr
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Helminthos
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homa
Win32.TrojanDownloader.Kach
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Myxa
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Qhost
Win32.TrojanDownloader.Refroso
Win32.TrojanDownloader.RtkDL
Win32.TrojanDownloader.Rubinurd
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Appis
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Cadro
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Decay
Win32.TrojanDropper.Delf
Win32.TrojanDropper.EESbinder
Win32.TrojanDropper.ExeBinder
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Fraudrop
Win32.TrojanDropper.Interlac
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.NeodurkJoiner
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Rogan
Win32.TrojanDropper.Soops
Win32.TrojanDropper.Stabs
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vedio
Win32.TrojanDropper.Wlord
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Capwin
Win32.TrojanPWS.Delf
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Firethief
Win32.TrojanPWS.Frethoq
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Qqfish
Win32.TrojanPWS.Ruftar
Win32.TrojanPWS.VB
Win32.TrojanPWS.Vkont
Win32.TrojanPWS.WOW
Win32.TrojanProxy.Agent
Win32.TrojanProxy.Delf
Win32.TrojanRansom.Agent
Win32.TrojanRansom.Digitala
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.FullScreen
Win32.TrojanRansom.Gimemo
Win32.TrojanRansom.HmBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanRansom.Zoblocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flux
Win32.TrojanSpy.GWGhost
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Lpxenur
Win32.TrojanSpy.Lydra
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Proagent
Win32.TrojanSpy.Qproxy
Win32.TrojanSpy.Qqlogger
Win32.TrojanSpy.Spenir
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Webmoner
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Allaple
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bybz
Win32.Worm.Ckbface
Win32.Worm.Fujack
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Mytob
Win32.Worm.Padobot
Win32.Worm.Qvod
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.VB
Win32.Worm.Vbna
Win32.Worm.Viking
MD5 checksum for Ad-Aware core.aawdef is 3341be21e098c5d5bf2ede037e4e71a0
Re: Norton Browser Protection: Protecting you from web attacks
I HAVE BEEN DESPERATELY TRYING TO GET THE TOOLBAR YOU SHOW�HOW TO ENTER THAT TOOLBAR WITH THE GREEN SAFE SEARCH WITH THE YELLOW LOGIN BUTTON INTO MY INTERNET TOOLBAR
2011年3月29日星期二
Definition file update for Ad-Aware.
149.648 is now available, new definition file for Ad-Aware 8.2.
150.333 is now available, new definition file for Ad-Aware 9.x, 8.3.
New definitions:
====================
Win32.FraudTool.WindowsSupportSystem
Updated definitions:
====================
BAT.Trojan.Regger
MSIL.Backdoor.Agent
MSIL.Trojan.Agent
MSIL.Trojan.Inject
MSIL.TrojanDownloader.Agent
MSIL.TrojanDownloader.Vkont
MSIL.TrojanDropper.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
MSIL.Worm.Autorun
Win32.Adware.AdStart
Win32.Adware.Adnur
Win32.Adware.CommonName
Win32.Adware.Delf
Win32.Adware.EzuLa
Win32.Adware.FakeInstaller
Win32.Adware.Gaba
Win32.Adware.Gamevance
Win32.Adware.MegaP
Win32.Adware.NavExcel
Win32.Adware.Quick
Win32.Adware.RON
Win32.Adware.SideTab
Win32.Adware.SuperJuan
Win32.Adware.TMAagent
Win32.Adware.VB
Win32.Adware.Zwangi
Win32.Backdoor.Acidoor
Win32.Backdoor.Agent
Win32.Backdoor.Alphabot
Win32.Backdoor.Amitis
Win32.Backdoor.Bandok
Win32.Backdoor.BeastDoor
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.CiaDoor
Win32.Backdoor.Curioso
Win32.Backdoor.Delf
Win32.Backdoor.Dusta
Win32.Backdoor.Floder
Win32.Backdoor.Gbot
Win32.Backdoor.Hadache
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Iroffer
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Lolbot
Win32.Backdoor.Mailer
Win32.Backdoor.Mesub
Win32.Backdoor.Pangus
Win32.Backdoor.Papras
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Protector
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.Ruskill
Win32.Backdoor.SDBot
Win32.Backdoor.Spammy
Win32.Backdoor.TDSS
Win32.Backdoor.Turkojan
Win32.Backdoor.Udr
Win32.Backdoor.VB
Win32.Backdoor.Y3KRat
Win32.Backdoor.Yobdam
Win32.Backdoor.Zzslash
Win32.Dialer.InstantAccess
Win32.Dialer.Tuta
Win32.Flooder.Delf
Win32.Flooder.Spambot
Win32.FraudTool.SystemDefender
Win32.FraudTool.SystemSecurity
Win32.Hoax.ArchSMS
Win32.Hoax.Bravia
Win32.IMWorm.Vb
Win32.Monitor.Agent
Win32.Monitor.Ardamax
Win32.Monitor.Hooker
Win32.Monitor.Perflogger
Win32.Monitor.SoundSnooper
Win32.P2PWorm.Agent
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Benjamin
Win32.P2PWorm.Butibrot
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.P2PWorm.VB
Win32.Rootkit.Agent
Win32.Rootkit.Banker
Win32.Rootkit.Bubnix
Win32.Rootkit.Fisp
Win32.Rootkit.TDSS
Win32.Rootkit.Tent
Win32.Rootkit.Xanfpezes
Win32.SMSFlooder.Ideknet
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavka
Win32.Trojan.Antavmu
Win32.Trojan.AntiAV
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Cdur
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cosmu
Win32.Trojan.Cospet
Win32.Trojan.Cossta
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Dialer
Win32.Trojan.Diamin
Win32.Trojan.DieMast
Win32.Trojan.Diple
Win32.Trojan.FakeAV
Win32.Trojan.Fakewarn
Win32.Trojan.FraudST
Win32.Trojan.Fraudpack
Win32.Trojan.Genome
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Jorik
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.Lebag
Win32.Trojan.Llac
Win32.Trojan.MMM
Win32.Trojan.Mahato
Win32.Trojan.Maudi
Win32.Trojan.Menti
Win32.Trojan.Mepaow
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Pakes
Win32.Trojan.Paltus
Win32.Trojan.Pasta
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Ruvs
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Sefnit
Win32.Trojan.Shutdowner
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Smardf
Win32.Trojan.Staget
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Virtumonde
Win32.Trojan.Webprefix
Win32.Trojan.Wigon
Win32.Trojan.Zapchast
Win32.Trojan.Zmunik
Win32.TrojanClicker.Agent
Win32.TrojanClicker.Casu
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.Libie
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanDDoS.Agent
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.Bhosta
Win32.TrojanDownloader.CcKrizCry
Win32.TrojanDownloader.Clan
Win32.TrojanDownloader.Cntr
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Helminthos
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homa
Win32.TrojanDownloader.Kach
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Myxa
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Qhost
Win32.TrojanDownloader.Refroso
Win32.TrojanDownloader.RtkDL
Win32.TrojanDownloader.Rubinurd
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Appis
Win32.TrojanDropper.BHO
Win32.TrojanDropper.Cadro
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Decay
Win32.TrojanDropper.Delf
Win32.TrojanDropper.EESbinder
Win32.TrojanDropper.ExeBinder
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Fraudrop
Win32.TrojanDropper.Interlac
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.NeodurkJoiner
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Rogan
Win32.TrojanDropper.Soops
Win32.TrojanDropper.Stabs
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vedio
Win32.TrojanDropper.Wlord
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Capwin
Win32.TrojanPWS.Delf
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Firethief
Win32.TrojanPWS.Frethoq
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Qqfish
Win32.TrojanPWS.Ruftar
Win32.TrojanPWS.VB
Win32.TrojanPWS.Vkont
Win32.TrojanPWS.WOW
Win32.TrojanProxy.Agent
Win32.TrojanProxy.Delf
Win32.TrojanRansom.Agent
Win32.TrojanRansom.Digitala
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.FullScreen
Win32.TrojanRansom.Gimemo
Win32.TrojanRansom.HmBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanRansom.Zoblocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flux
Win32.TrojanSpy.GWGhost
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Lpxenur
Win32.TrojanSpy.Lydra
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Proagent
Win32.TrojanSpy.Qproxy
Win32.TrojanSpy.Qqlogger
Win32.TrojanSpy.Spenir
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Webmoner
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Allaple
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bybz
Win32.Worm.Ckbface
Win32.Worm.Fujack
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Mytob
Win32.Worm.Padobot
Win32.Worm.Qvod
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.VB
Win32.Worm.Vbna
Win32.Worm.Viking
MD5 checksum for Ad-Aware core.aawdef is 3341be21e098c5d5bf2ede037e4e71a0
Re: Norton Browser Protection: Protecting you from web attacks
I DL'ed a nice little PacMan/Trojan bundle (win32.Suspect Crc!) from a 'trusted' site. Norton and Power Eraser couldn't detect this old trojan (!), and neither could Malwarebytes. If you like getting gadgets, extensions, and other useless stuff, I strongly recommend you get Emsisoft with the Ikarus scanner (free scan), which picked up this trojan and quarantined it for me to kill.
Definition file update for Ad-Aware.
149.655 is now available, new definition file for Ad-Aware 8.2.
150.340 is now available, new definition file for Ad-Aware 9.x, 8.3.
New definitions:
====================
Updated definitions:
====================
JS.Trojan.Agent
MSIL.Trojan.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.NetPass
MSIL.TrojanSpy.Agent
NSIS.TrojanDownloader.Agent
Win32.Adware.AdMedia
Win32.Adware.Adnur
Win32.Adware.FLVTube
Win32.Adware.Gaba
Win32.Adware.MyWay
Win32.Adware.RON
Win32.Adware.SuperJuan
Win32.Backdoor.Agent
Win32.Backdoor.Bandok
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.Buterat
Win32.Backdoor.Delf
Win32.Backdoor.Floder
Win32.Backdoor.Gbot
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Inject
Win32.Backdoor.Iroffer
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Lolbot
Win32.Backdoor.Papras
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.SDBot
Win32.Backdoor.Shiz
Win32.Backdoor.Small
Win32.Backdoor.Spammy
Win32.Backdoor.TDSS
Win32.Backdoor.Turkojan
Win32.Backdoor.VB
Win32.Backdoor.Yobdam
Win32.Hoax.ArchSMS
Win32.IMWorm.Vb
Win32.Monitor.Ardamax
Win32.Monitor.Perflogger
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.Rootkit.Agent
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavmu
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cosmu
Win32.Trojan.Cospet
Win32.Trojan.Cossta
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Diple
Win32.Trojan.FakeAV
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Inject
Win32.Trojan.Jorik
Win32.Trojan.Lexip
Win32.Trojan.Llac
Win32.Trojan.Mahato
Win32.Trojan.Menti
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Pakes
Win32.Trojan.Pasta
Win32.Trojan.Pirminay
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Searches
Win32.Trojan.Sefnit
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Small
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Webprefix
Win32.Trojan.Writer
Win32.TrojanClicker.Agent
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanDDoS.Artlu
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Goo
Win32.TrojanDownloader.Icehart
Win32.TrojanDownloader.Kido
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Nekill
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.SpyAgent
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Cadro
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Delf
Win32.TrojanDropper.Fraudrop
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.NSIS
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Stabs
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vedio
Win32.TrojanPWS.Agent
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.TrojanPWS.Prostor
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Qbot
Win32.TrojanPWS.Ruftar
Win32.TrojanRansom.BrowHost
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.HmBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.Qhost
Win32.TrojanSpy.Zbot
Win32.Worm.Allaple
Win32.Worm.Aspxor
Win32.Worm.Autorun
Win32.Worm.Bybz
Win32.Worm.Carrier
Win32.Worm.Ckbface
Win32.Worm.Fujack
Win32.Worm.Joleee
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Runouce
Win32.Worm.Sohanad
Win32.Worm.Vbna
Win32.Worm.Viking
MD5 checksum for Ad-Aware core.aawdef is 05b18bf097e2ab1246036ea58a2320a3
Dangerous Flash Drives ? The End(?)
fix errors on pc for free fix computer errors for free fixing registry errors
Japan Quake Spam (II)
As was predicted by many, email scams soliciting donations for Japan are appearing in user’s inboxes. We took a closer look at one of these messages and identified the following details:
Mozilla Firefox 4 just arrived: where is Electrolysis?
Yesterday the long awaited fourth version of Mozilla Firefox was publicly released and the Mozilla download counter already hit more than six millions of downloads in less than 24 hours. Mozilla Firefox 4 arrived a bit later than the other major competitors - Microsoft and Google - who already updated their relative browsers a couple weeks ago.
Among the top three browsers, Firefox is the latest one that achieved the full compatibility to the HTML5 standard - even though at this time HTML5 could be considered all but a definitive standard. It features a new JavaScript engine called J�gerMonkey, full hardware acceleration, crash protection feature implemented by keeping all the various browser plugins out of the main browser process and putting them in a separate process called plugin-container.exe, a brand new user interface and other interesting features.
The Firefox roadmap has been quite long, with the release of twelve beta builds and two release candidates. Today, Firefox is ready to fight against Chrome 10 and Internet Explorer 9 in the surfing performance, system performance, web page compatibility and user customization fields. Sadly, in the security field Firefox lacks of what in my opinion can be considered a really critical feature: a proactive security sandbox. By looking at the browser process architecture, it's easy to spot that Firefox inherited the old architecture of Firefox 3.x, without any major change.
We focused many times in our blog about the potential risk when surfing the web, the high chance to run into a fake or compromised webpage containing an exploit able to execute malicious code on the victim PC. Last, but not least, the 0day flaw discovered in Adobe Flash Player fixed a couple days ago by Adobe with a new update to the player.
One of the challenges in the security industry is preventing exploit codes from getting executed and mitigate them whether they are able to get executed. I usually like to think about this concept this way: the big challenge is the proactive prevention of exploit code from damaging the system, then I usually think about two sub levels in this field, a proactive step and a reactive step. In the proactive step I usually put all the techniques that try to prevent exploits from getting executed, like Data Execution Prevention, Address Space Layout Randomization, SafeSEH, GS cookie protection. In the reactive step I put technologies able to handle the potential executed exploit and mitigate it so that it can't harm the system.
We have seen many times how a misconfigured proactive layer together with a poor software coding style helped attackers to infect victim's PC with nasty malware. Even if the user is running in a limited account, banking trojans like SpyEye, old ZeuS, Carberp can still infect the system and steal sensitive data.
This is why during these years there has been a huge development of tools able to put the browser session in a sandbox, a monitored section which would be able to prevent potential malware dropped by exploit to get outside the limited sandbox.
Google has been the first company to implement a sandbox feature in its Google Chrome, a sandbox framework compatible with Windows 2000 to Windows 7. All the browser tab sessions are divided in separate processes, each one of these stripped of all user privileges and put in a limited job object. This effectively helps Chrome in protecting the user from possible exploits that could be run against Chrome or browser plugins like Adobe Flash Player.
Then Microsoft implemented a sandbox-like feature starting from Internet Explorer 7, by using the new User Account Control and Mandatory Integrity Control features included in Windows Vista and Windows 7. The browser starts in protected mode and every browser process is run at low integrity level. All browser extensions and ActiveX controls run inside the low-integrity process. All processes run at low integrity level have highly limited access to system resources, registry and disk locations. This means that a potential malware dropped by an exploit could still be executed, but it couldn't easily go too far in the system because of the highly reduced privileges.
What about Firefox? I expected to see something similar in this fourth release, though as far I can see nothing about it has been implemented by Mozilla. Firefox sets up the main browser process firefox.exe and another child process called plugin-container.exe, which will contain all the browser plugins. Both processes are executed at medium integrity level, with the privileges of the user who executed the browser session. This could result in a situation where a possible malware executed by an exploit would run with standard user privilege, not so good actually.
While I think the proactive step based on exploit prevention is important, I strongly consider the reactive step a critical feature that should be implemented as well, in a perspective of a multi layered protection system able to mitigate as much as possible a potential malware. Mozilla had a project called Electrolysis (also known as e10s) already scheduled, that should allow Firefox running separate processes to display browser's tabs. The sandbox feature looks scheduled inside this project, though the roadmap is still to be defined.
Moreover, Firefox 4 is compatible with Windows XP and this is a very good news. The problem is that, while Windows XP can take advantage of Data Execution Prevention (DEP), XP lacks the more important Address space layout randomization (ASLR) feature from later versions of Windows, which helps DEP work more effectively. This means that a sandbox would be really useful to protect customers against web exploits.
Sure, there are a huge number of Firefox extensions that could help the browser in mitigating exploit attacks, most notably the very effective NoScript extension. NoScript actively helps in preventing exploits from working because it acts as a script firewall, preventing scripts from unauthorized Web sites from loading. Though I must admit that it's hard to me thinking about the average Joe using NoScript extension.
I think that Firefox 4 is a great browser, totally able to compete with Internet Explorer 9 and Google Chrome. I would have like to have seen in Firefox 4 a sandbox-like approach like Chrome and Internet Explorer, that would definitely help users stay safe while surfing the web.
Re: Computer held hostage? Try Norton Power Eraser
Norton Power Eraser is a very powerful tool.� For this reason, it should be considered as one of the last things you try, rather than one of the first.� There is a danger of false positives, or identification of system files that should not be removed.
�
There is an uninstaller provided by Mighty Magoo.� The website tests as safe by Norton Safe Web, and as well there is a place to phone if you are having difficulty.� That is always the first line of attack.
�
http://mightymagoo.com/deactivate.html
�
�
Dangerous Flash Drives ? The End(?)
Operation b107 - Rustock Botnet Takedown
Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security). Today, a similar action has had its legal seal opened allowing us to talk more openly about recent activities against the Win32/Rustock botnet.
Comparatively, Waledac was a much simpler- and smaller- botnet than Rustock. It is, however, because of legal and technical lessons learned in that set of actions that we were able to take on the much larger challenge of Rustock- a botnet with an estimated infection count above one million computers and capable of sending billions of spam messages per day. Some statistics suggest that, at peaks, it represented as much as 80% of spam traffic and in excess of 2000 spam messages per second.
Our efforts here represent a partnership between Microsoft’s Digital Crimes Unit, the Microsoft Malware Protection Center and Trustworthy Computing. This was a multi-month effort which had its denouement yesterday with a coordinated seizure of command and control servers under court order from the U.S. District Court for the Western District of Washington carried out by the U.S. Marshals Service as well as authorities in the Netherlands. Investigators are now inspecting the evidence captured in these seizures from five hosting centers in seven locations in order to, potentially, learn more about those responsible and their activities.
Efforts like this are not possible without collaboration with others. For this effort, we worked with Pfizer—whose brands were infringed by fake-pharma spam coming from Rustock. We also worked with our colleagues at FireEye and the University of Washington. All three provided valuable declarations to the court on the behaviors of Rustock and the specific dangers posed by this threat- dangers to public health in addition to those affecting the Internet.
We are continuing our work with both CERTs and ISPs around the world to reach out to those whose computers are infected and help clean them of viruses. If you believe a computer under your care or that of a family member, friend or colleague may be infected, please make a concerted effort to clean it and get protected with a full antivirus product from a trusted provider. More support information is available at http://support.microsoft.com/botnets. The announcement from Microsoft’s Digital Crimes Unit can be found on the Official Microsoft Blog and the Microsoft on the Issues blog.
Virus uses Antivirus?
how to fix runtime error fix computer problems computer problems
2011年3月28日星期一
Definition file update for Ad-Aware.
149.647 is now available, new definition file for Ad-Aware 8.2.
150.332 is now available, new definition file for Ad-Aware 9.x, 8.3.
New definitions:
====================
Win32.Backdoor.Mailer
Updated definitions:
====================
BAT.Trojan.Agent
BAT.Trojan.KilLAV
BAT.Trojan.Regger
BAT.Trojan.Startpage
BAT.TrojanPWS.Labt
MSIL.Backdoor.Agent
MSIL.Backdoor.IRCBot
MSIL.Backdoor.Vkont
MSIL.Trojan.Agent
MSIL.Trojan.DelFiles
MSIL.Trojan.Inject
MSIL.TrojanDownloader.Agent
MSIL.TrojanDownloader.Vkont
MSIL.TrojanDropper.Agent
MSIL.TrojanDropper.Late
MSIL.TrojanDropper.Mudrop
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanPWS.Dybalom
MSIL.TrojanPWS.VKont
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
MSIL.Worm.Autorun
NSIS.Trojan.Voter
VBS.TrojanClicker.Agent
VBS.Worm.Autorun
Win32.Adware.AdWeb
Win32.Adware.Adnur
Win32.Adware.AdultIt
Win32.Adware.Adzul
Win32.Adware.Agent
Win32.Adware.Altnet
Win32.Adware.BHO
Win32.Adware.Bispy
Win32.Adware.EzuLa
Win32.Adware.FLVTube
Win32.Adware.FakeInstaller
Win32.Adware.Gaba
Win32.Adware.Gamevance
Win32.Adware.MyCashBag
Win32.Adware.OneStep
Win32.Adware.RON
Win32.Adware.SuperJuan
Win32.Adware.Ubar
Win32.Backdoor.Agent
Win32.Backdoor.AimBot
Win32.Backdoor.Asper
Win32.Backdoor.Bancodor
Win32.Backdoor.Banito
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredavi
Win32.Backdoor.Bredolab
Win32.Backdoor.Cetorp
Win32.Backdoor.Curioso
Win32.Backdoor.DSNX
Win32.Backdoor.Delf
Win32.Backdoor.Donbot
Win32.Backdoor.Dusta
Win32.Backdoor.Firstinj
Win32.Backdoor.Floder
Win32.Backdoor.GGDoor
Win32.Backdoor.Gbot
Win32.Backdoor.Goolbot
Win32.Backdoor.HttpBot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Inject
Win32.Backdoor.Ircnite
Win32.Backdoor.Iroffer
Win32.Backdoor.Jaan
Win32.Backdoor.Kbot
Win32.Backdoor.Koutodoor
Win32.Backdoor.Krafcot
Win32.Backdoor.Lolbot
Win32.Backdoor.MimimiBot
Win32.Backdoor.Moses
Win32.Backdoor.NBSpy
Win32.Backdoor.Nbdd
Win32.Backdoor.Oserdi
Win32.Backdoor.Papras
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Protector
Win32.Backdoor.RBot
Win32.Backdoor.RShot
Win32.Backdoor.Ripinip
Win32.Backdoor.SDBot
Win32.Backdoor.Samitvb
Win32.Backdoor.Shiz
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.Spammy
Win32.Backdoor.SubSeven
Win32.Backdoor.TDSS
Win32.Backdoor.Turkojan
Win32.Backdoor.Ulrbot
Win32.Backdoor.VB
Win32.Backdoor.VanBot
Win32.Backdoor.Whimoo
Win32.Backdoor.Xhaker
Win32.Backdoor.Xyligan
Win32.Backdoor.Yobdam
Win32.Backdoor.Yoddos
Win32.Backdoor.Zepfod
Win32.Backdoor.Zzslash
Win32.Backdoor.mIRC-based
Win32.Dialer.Agent
Win32.Flooder.Agent
Win32.Flooder.Delf
Win32.FraudTool.AdwareRemover
Win32.FraudTool.AntiMalwarePRO
Win32.FraudTool.RegistryBot
Win32.Hoax.ArchSMS
Win32.Hoax.Getpin
Win32.IMWorm.Sohanad
Win32.IMWorm.Vb
Win32.IMWorm.Yahos
Win32.IRCWorm.Small
Win32.Monitor.Agent
Win32.Monitor.Ardamax
Win32.Monitor.EliteKeylogger
Win32.Monitor.Hooker
Win32.Monitor.KGBSpy
Win32.Monitor.NeoSpy
Win32.Monitor.Perflogger
Win32.Monitor.PowerLogger
Win32.Monitor.SpectorPro
Win32.Monitor.XPCSpy
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Benjamin
Win32.P2PWorm.Kapucen
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.Rootkit.Agent
Win32.Rootkit.Bubnix
Win32.Rootkit.TDSS
Win32.Rootkit.Xanfpezes
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.Antavka
Win32.Trojan.Antavmu
Win32.Trojan.AntiAV
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Banepot
Win32.Trojan.Buzus
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cosmu
Win32.Trojan.Cosne
Win32.Trojan.Cospet
Win32.Trojan.Cossta
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Dialer
Win32.Trojan.Diple
Win32.Trojan.Disabler
Win32.Trojan.Exedot
Win32.Trojan.FakeAV
Win32.Trojan.Fakelogin
Win32.Trojan.Fakems
Win32.Trojan.Feedel
Win32.Trojan.FlyStudio
Win32.Trojan.FraudST
Win32.Trojan.Fraudpack
Win32.Trojan.Gabba
Win32.Trojan.Genome
Win32.Trojan.Gibi
Win32.Trojan.Hrup
Win32.Trojan.Inject
Win32.Trojan.Jeloge
Win32.Trojan.Jkfg
Win32.Trojan.Jorik
Win32.Trojan.KillAV
Win32.Trojan.Larwa
Win32.Trojan.Lebag
Win32.Trojan.Lexip
Win32.Trojan.Llac
Win32.Trojan.Mahato
Win32.Trojan.Menti
Win32.Trojan.Microfake
Win32.Trojan.Midgare
Win32.Trojan.Miser
Win32.Trojan.Monder
Win32.Trojan.Monderd
Win32.Trojan.Nosok
Win32.Trojan.Oficla
Win32.Trojan.Pakes
Win32.Trojan.Pasmu
Win32.Trojan.Pasta
Win32.Trojan.Phak
Win32.Trojan.Phires
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.Powp
Win32.Trojan.Qhost
Win32.Trojan.Redosdru
Win32.Trojan.Refroso
Win32.Trojan.Regrun
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Searches
Win32.Trojan.Sefnit
Win32.Trojan.Servstar
Win32.Trojan.Shutdowner
Win32.Trojan.Siscos
Win32.Trojan.Skillis
Win32.Trojan.Small
Win32.Trojan.Smardf
Win32.Trojan.Staget
Win32.Trojan.Starfield
Win32.Trojan.StartPage
Win32.Trojan.Starter
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Vkhost
Win32.Trojan.Vrdapi
Win32.Trojan.Webprefix
Win32.Trojan.Yoddos
Win32.Trojan.Zapchast
Win32.Trojan.Zmunik
Win32.TrojanClicker.Adclicer
Win32.TrojanClicker.Agent
Win32.TrojanClicker.AutoIT
Win32.TrojanClicker.Casu
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.VB
Win32.TrojanDDoS.Agent
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BaoFa
Win32.TrojanDownloader.Bhosta
Win32.TrojanDownloader.Braz
Win32.TrojanDownloader.Calac
Win32.TrojanDownloader.CcKrizCry
Win32.TrojanDownloader.Cntr
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Esplor
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.Fosniw
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Gamup
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Goo
Win32.TrojanDownloader.Hlink
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homa
Win32.TrojanDownloader.Icehart
Win32.TrojanDownloader.Imgdrop
Win32.TrojanDownloader.Kach
Win32.TrojanDownloader.Keenval
Win32.TrojanDownloader.Kido
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Myxa
Win32.TrojanDownloader.NSIS
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.QQHelper
Win32.TrojanDownloader.Qhost
Win32.TrojanDownloader.Refroso
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Suurch
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Wzhyk
Win32.TrojanDownloader.Zaccess
Win32.TrojanDownloader.Zlob
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Appis
Win32.TrojanDropper.Binder
Win32.TrojanDropper.Cadro
Win32.TrojanDropper.Clons
Win32.TrojanDropper.Decay
Win32.TrojanDropper.Delf
Win32.TrojanDropper.Drooptroop
Win32.TrojanDropper.FJoiner
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Frijoiner
Win32.TrojanDropper.Halk
Win32.TrojanDropper.HeliosBinder
Win32.TrojanDropper.Interlac
Win32.TrojanDropper.Javdrop
Win32.TrojanDropper.Joiner
Win32.TrojanDropper.Loring
Win32.TrojanDropper.Meno
Win32.TrojanDropper.Microjoin
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.NSIS
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Purityscan
Win32.TrojanDropper.Renum
Win32.TrojanDropper.Small
Win32.TrojanDropper.Startpage
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.Typic
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vidro
Win32.TrojanDropper.Yabinder
Win32.TrojanMailfinder.Delf
Win32.TrojanPWS.Agent
Win32.TrojanPWS.AutoVK
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Chisburg
Win32.TrojanPWS.Delf
Win32.TrojanPWS.Dybalom
Win32.TrojanPWS.Emelent
Win32.TrojanPWS.Firethief
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.MailRu
Win32.TrojanPWS.Mfirst
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.QQSender
Win32.TrojanPWS.Qbot
Win32.TrojanPWS.Qqfish
Win32.TrojanPWS.Rebnip
Win32.TrojanPWS.Ruftar
Win32.TrojanPWS.Taworm
Win32.TrojanPWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.Vkont
Win32.TrojanPWS.WOW
Win32.TrojanProxy.Daemonize
Win32.TrojanProxy.Glukelira
Win32.TrojanRansom.Agent
Win32.TrojanRansom.Gimemo
Win32.TrojanRansom.Hexzone
Win32.TrojanRansom.HmBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banker2
Win32.TrojanSpy.Banz
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Flystudio
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.MultiBanker
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.VB
Win32.TrojanSpy.Webmoner
Win32.TrojanSpy.Zbot
Win32.TrojanSpy.carberp
Win32.Worm.Agent
Win32.Worm.Ainfbot
Win32.Worm.Allaple
Win32.Worm.Aspxor
Win32.Worm.AutoIt
Win32.Worm.AutoTsifiri
Win32.Worm.Autorun
Win32.Worm.Bybz
Win32.Worm.Carrier
Win32.Worm.Chiviper
Win32.Worm.Ckbface
Win32.Worm.Fearso
Win32.Worm.Fesber
Win32.Worm.FlyStudio
Win32.Worm.Fujack
Win32.Worm.Heck
Win32.Worm.Hteibook
Win32.Worm.Joleee
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Mytob
Win32.Worm.Padobot
Win32.Worm.Pepex
Win32.Worm.RJump
Win32.Worm.Rokut
Win32.Worm.Sohanad
Win32.Worm.Stuxnet
Win32.Worm.Trafaret
Win32.Worm.VB
Win32.Worm.Vbna
Win32.Worm.Viking
Win32.Worm.Warezov
Win32.Worm.Yahos
Win32.Worm.Zeroll
MD5 checksum for Ad-Aware core.aawdef is 77b97c771af73151fc9a2705599bd5f2
fix errors on computer fix all pc errors fix pc error for free
Patch Tuesday March 2011
This month's patch Tuesday is comprised of three bulletins covering four vulnerabilities. Two bulletins affect Windows while the other affects Office. The Windows vulnerabilities affect all currently supported client OS’s. The only critical vulnerability of this month belongs to Windows Media. A maliciously crafted MS-DVR file can allow for remote code execution.
spyware malware adware anti spyware malware adware spyware malware
Warning: Surprise spam trojan on Facebook
Very bad news, with more bad news embedded
Malware writers never miss the chance to take advantage of big world events, no matter how tragic. The recent Japanese nuclear incident, caused by the devastating earthquakes, is their target this time.
The Microsoft Malware Protection Center has been tracking a new backdoor (detected as Backdoor:Win32/Sajdela.A, SHA1 0c3526c7e1d6b8a3d2f5c21986c03f1dc0d88480) that is distributed by utilizing Exploit:Win32/CVE-2010-3333 - code that exploits a previously-addressed RTF parser stack overflow vulnerability in Microsoft Word that may allow remote code execution. (See Microsoft Security Bulletin MS10-087 for additional details and the appropriate update).
The malware arrives on a victims' system appearing to be a Microsoft Word document (.doc), for example:
The name of this file is in Japanese characters; translated to English it would read "Japan nuclear leakage". In actual fact, the file is in RTF format.
The following picture illustrates the malicious shell code it contains:
The payload of this malware is an embedded executable file. But to elude a heuristic scanner, the malware erases the PE file signatures ('MZ' and 'PE').
After successful exploitation, the malware recovers this information before writing the PE file to disk and then executing it.
In order to mislead victims, the malware also drops a hidden Microsoft Word document to "c:\word.doc" and opens it. The content of this file is in Japanese, and is regarding the recent nuclear incident.
This file contains the following file properties:
(A clue to the identity of the malware authors perhaps?)
The backdoor component
Installing the backdoor component is the ultimate purpose of this malware. The backdoor component is an encrypted resource inside the malware. When the malware executes, it decrypts the resource and drops it to %SystemRoot\System32\csrls.dll.
The backdoor utilizes control servers at the following locations:
• 24.173.215.70
• 65.5.227.69
The backdoor allows unauthorized access and control of an affected computer, and can be used by a remote attacker to perform actions such as downloading and executing arbitrary files, capturing information and terminating processes.
Using social engineering in this manner to get users to perform actions of the attacker's choice (for example, opening a file) isn't news. But when confronted with such a catastrophe, the need for information and reassurance is strong. Don't forget that attackers will always try to take advantage of human nature. So be careful.
As for the good news – you can keep your system safe from these ill tidings by keeping your antivirus software up to date and ensuring that you apply security updates in a timely fashion.
We will continue to keep you posted.
--Zhitao Zhou, MMPC
fix computer errors how to fix pc errors fix pc errors freeware
New Adobe Zero-Day Under Attack
Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat.
This critical vulnerability has been assigned CVE-2011-0609.
Re: Norton Browser Protection: Protecting you from web attacks
I HAVE BEEN DESPERATELY TRYING TO GET THE TOOLBAR YOU SHOW�HOW TO ENTER THAT TOOLBAR WITH THE GREEN SAFE SEARCH WITH THE YELLOW LOGIN BUTTON INTO MY INTERNET TOOLBAR
Re: What's driving Norton Power Eraser?
Norton Power Eraser is very aggressive and needs to be used with care. If people would read before they act, they would know NPE itself says to use only as a last resort. Norton Antivirus should be the tool of choice, but it is not perfect and sometimes fails to fix�problems.�NPE runs more like a regestry checker or systym analysis than it does an anti virus.�NPE also allows the user to determine if they want to delete a suspicious file by giving a means to see the location, judge the�importance, and view the date of creation. If the suspicious file is in programs, root, or is a DLL file,�don't check the box.�If the creation date is older than the problem, don't check the box. NPE also takes a snapshot of your system (unless you say no) that allows the user to go to system restore�and undo harmful actions. When handled properly Norton Power Eraser is a great tool.�
Re: Norton Browser Protection: Protecting you from web attacks
There are many news reports from Pwn2Own contest in Vancouver this past week where hackers in seconds managed to compromise many major browsers. I have found no mention of what if any anti virus/anti malware packages any of the target machines were running. The questions are: a; were they running any internet suites, b; will any of the internet suites prevent the compromises, c; the Norton 360 I am using, does it provide me protection from the compromises detailed at Pwn2Own?
fix errors for free how to fix system errors fixing windows errors
The Streets of San Francisco
February 14 is right around the corner and that can mean only one thing- it's time for the RSA conference in San Francisco. This year, Scott Charney, Corporate Vice President of Trustworthy Computing, will present a keynote Tuesday morning at 9am on Collective Defense: Collaborating to Create a Safer Internet. Scott's talk will highlight a number of computing trends and the evolution of online threats while sharing Microsoft's vision of how we can work together to improve the safety for everyone on the Internet.
Also, our General Manager, Vinny Gullotto will be presenting on Monday for those new to RSA and security in a terrific full day session featuring industry luminaries from RSA, Cigital, AT&T Labs Research, Qualys and People Security.
A number of us will also be around throughout the week so don't be shy about reaching out if there's something you want to discuss.
-Jeff Williams
Principal Group Program Manager
remove spyware spyware search and destroy security tool virus removal
Your very own personal ?(Wiki)leaks?
The word ‘leak’ has become rather popular in recent times, but few of us actually realize just how likely it is that our own personal information could be leaked. We protect our computers, our mobile devices, keep up to speed with the latest security issues, but there are still times when we become careless. In particular, I’m speaking about public computers like this one here:
This is a genuine public access computer I came across in a hotel I was staying at last week during a short vacation. I had to use the Internet quite urgently, and of course I understood that my personal data wasn’t completely safe and could end up in someone else’s hands. I decided to try a little experiment and the results clearly demonstrated that any of us could quite easily fall victim to our own personal ‘(Wiki)leaks’:
- The computer was infected with several malicious programs that a rather well known up-to-date antivirus solution had not detected. There was a backdoor that stole the passwords for the online banking systems of five banks - four Brazilian and one Spanish. Closer inspection showed that the computer had been infected via the Orkut social networking website on 11 July 2010. Since then the malicious program had been gathering bank account passwords from goodness knows how many people. There was also a downloader based on Java technology.
- The option to ‘save passwords’ was ticked in the browser settings. Of course, users were not informed about it. All the passwords entered on the computer were saved under a master password that was obviously only known to the person who activated the setting.
- In the My Documents and Downloads folders there were lots of files and photographs that users had downloaded from the Internet or their email accounts and forgotten to delete. Here are a few examples of the things I found:
- Documents about legal proceedings and a court subpoena.
- A report about configuration work carried out on a series of computers at an organization.
- The schedule for a business event at a company.
- Personal photos of people with their friends and family.
- A property deed of conveyance.
- A work timetable.
I’m sure very few people would want their documents, especially of this nature, falling into the hands of strangers, competitors or cybercriminals.
So, if you want to experience your own (Wiki)leaks, all you have to do is use public access computers on a regular basis at airports, in hotels, cafes, libraries etc. If you really have to use a public computer and you know a thing or two about IT security, check first of all to see if the computer is infected. Remember that antivirus scanning results don’t always reflect the real picture.
Secondly, check if the ‘save passwords’ option is activated in the browser.
Thirdly, if you are working with documents or photographs, try not to download them. Many of today’s email services allow you to work with them directly from your email account. If you do download something, don’t forget to delete it afterwards and clear it from the Recycle Bin.
It’s also worth looking at the computer itself to ensure that there are no devices between the port where the keyboard is plugged in and the keyboard itself. These devices can gather information and look something like this:
Other precautionary measures include either cleaning your Internet Activity History or, before going online, switching on the privacy mode that is included in numerous browsers these days.
I cleaned up the aforementioned computer and informed the hotel administration. I didn’t get a discount, but the hotel management was very grateful and promised that no more cybercriminals would be stealing money from their customers (although I’m not so sure about that).
2011年3月27日星期日
Carberp hits ZeuS and AV software
We have talked in the last blog post about how SpyEye trojan evolved during the time, illustrating some of its technical features and the encryption algorithm used by the trojan to decrypt the configuration file. Yesterday we have uploaded a new technical video that shows how to unpack this new variant of SpyEye in just few minutes with the help of a free debugger.
While SpyEye goes ahead and quickly becomes yet more widespread after the SpyEye-ZeuS joint-venture, we should focus on another threat which is silently raising its status in the ranking of the infostealing trojan family.
Carberp quietly appeared in Q3/Q4 2010 (even if some traces of its code could be found in the months before) and immediately showed great potential. It appears that the team behind this trojan has been very active as of late.
This trojan shows great potential and a modular architecture used to easily and quickly expand its features. All plugins downloaded from the C&C are encrypted with a custom encryption algorithm to evade from classic antivirus scanners. Its features include a module able to disable a list of antivirus software and an antivirus-like module that cleans the infected PC from other infostealing trojan families.
We have written an in depth analysis of the Carberp trojan, illustrating all the technical features of the malware. The paper can be downloaded from the link below:
Building Reputation with Microsoft Security Essentials
Internet Explorer 9 includes a great new application reputation feature driven by SmartScreen. As described in this Building Reputation blog post by Ryan Colvin, SmartScreen uses file hashes and Authenticode signatures to identify publishers and applications.
Microsoft Security Essentials has included reputation features since its initial release as well, although the reputation features aren't visible to the user. Like SmartScreen, Microsoft Security Essentials (and its siblings Forefront Endpoint Protection and Windows Intune) uses Authenticode signatures and file hashes for reputation, but instead of identifying programs to the user, it identifies programs to the Microsoft Antimalware Engine. And our engine does some very interesting things.
Microsoft Security Essentials needs to be fast, and the fastest way to scan a file is to actually not scan the file at all - reputation helps it do just that. When Microsoft Security Essentials first encounters a file, it performs a malware scan using all the technologies it needs to determine if the file is malicious. If the file is not malicious (which is hopefully the case), there's a background check that happens later, using idle cycles to see if the file's Authenticode signature or hash matches an internal list of trusted publishers and known clean files. If the file is on the list, it will be skipped in future scans, either on access or on demand.
Next, Microsoft Security Essentials uses its internal reputation lists to control what information on unknown files it sends back to Microsoft, or what files it may ask users to submit to Microsoft for further analysis. Under the hood is a sophisticated runtime behavior-monitoring system, which looks for software acting suspiciously, like modifying an autorun.inf file to AutoPlay. The system is hooked up to our Dynamic Signature Service on the Internet, which can deliver detections as needed for fast-moving threats. Because of the need for speed and the fact that legitimate software will sometimes share behaviors with malware, that system will use the reputation lists to bypass files based on reputation.
Finally, the Microsoft Malware Protection Center monitors our Authenticode certificate and file hash lists for malware detections. In the exceedingly rare event of a detection of a file on our lists, we investigate and may adjust our lists or work with vendors and Certificate Authorities as needed.
How can developers get their applications added to the Microsoft Security Essentials reputation lists? The best way is using Authenticode signing on all binary files and download packages. For more information on signing, please see Eric Lawrence's excellent post Everything you need to know about Authenticode Code Signing.
Authenticode signing is key because it aggregates reputation for all your files, and applies your reputation to brand new files as well. Further, the Microsoft Malware Protection Center uses our telemetry to determine what to add to our reputation lists only.
Authenticode signing doesn't explicitly say anything about the safety of the signed code, as we in the MMPC know well, but it's invaluable for determining reputation and separating legitimate code from known publishers from potentially dangerous code. As more code is signed, reputation-based systems like SmartScreen and that in Microsoft Security Essentials get better and better, and hiding malicious software gets harder and harder. So please, help your customers by signing your code and building reputation.
Joe Faulhaber
remove spyware adware malware best anti spyware malware malware removers
XSS Vulnerabilities in Russian Social Networking Site ?VKontakte?
A short while ago, I decided to prepare a presentation on web vulnerabilities and specifically on XSS attacks. This involved studying the way today’s filtration systems work.
I selected the most popular Russian social networking website, VKontakte.ru, as a test bed. One thing that grabbed my attention was the updated user status system.
The HTML code in the part of the page where users edit their status messages is shown below:
As you can see, filtering is performed by the infoCheck() function. The status itself is located in this string:
What we have here is two-step filtration. The first step is performed when the user enters the status message. The second step involves converting the status message to text and returning it to the page in the shape in which other users will see it.
While the second step definitely works well and it would clearly be impossible to convert to active XSS, things are not as simple where the first step is concerned, so it is that step that we will look at in greater detail.
Predictably, the simple <script>alert()</script> did not work, and the status remained empty. Other ‘script-like’ attempts didn’t work, either - it seems that this particular string is explicitly filtered.
However, the <script> tag is not essential for a script to be executed. The first vulnerability is introduced on the user’s machine by using the <img> tag: by entering the string <img src=1.gif onerror=some_function> as the user’s status, we can get that function to be executed. For example, we can call the function profile.infoSave(), which is called with an empty parameter to clear the status, but use a parameter of our choice. Thus, if we enter <img src=1.gif onerror=profile.infoSave('XSS')>, we get the string “XSS” as our status message:
Another interesting vulnerability associated with the filter is that the tag <A> is not filtered. If we enter <A HREF="http://www.securelist.com/en//www.google.com/">XSS</A> as our status, we get… a hyperlink clicking on which brings up a status editing window and, a moment later, opens google.com.
As we all remember, XSS = cross site scripting, so I decided to test the next vulnerability using a third-party website with a script loaded on it. In addition to the tags mentioned above not being filtered, the <iframe> tag also successfully passed the filter. As a result, entering <iframe src="yoursite.com" width="100%" height="300"> in the status line will produce an iframe which will launch the above-mentioned script loaded on the page. Below is an example of what the iframe can look like:
This is a more serious vulnerability than the other two. One way of exploiting it is by creating a URL to change user status and sending it to the victim user in the hope that the user will click on it. The script will be executed on the user’s page even before the status message is published. This is a classic example of passive XSS.
These vulnerabilities existed from 01 August, 2010 - the time when the new user status system was introduced. We notified VKontakte’s administration on 01 March, 2011 and the vulnerabilities were closed on 03 March.
Ransomware: Fake Federal German Police (BKA) notice
Kaspersky Lab is still monitoring malicious websites involved in the recent Japan spam campaigns.
For those who may have missed the two first blogs, you can read them here and here However, today we discovered than some of the payloads were not the usual Trojan-Downloader.Win32.CodecPack.*.
spyware and malware removal spyware malware remover remove spyware malware
Your Federal Tax Payment has been rejected
Highly advanced worm for sabotage nuclear facilities
fix my computer pc repair software fix pc errors free download
Re: What's driving Norton Power Eraser?
Hi, Norton Community. I have a couple of questions regarding Norton Power Eraser:
�
UPD
6.�How stable is NPE when malware controls TCP/IP stack of network protocols(i.e. when network connection is not flat and may be terminated by malware).
A Web of (Mis)Trust?
Our speculation was partly driven by the abuse of trust that Kaspersky Lab monitored and prevented by the stolen Stuxnet digital certificates.
Greetings from sunny Barcelona
This year's Black Hat Europe Conference 2011, with Microsoft as one of the sponsors, was held in Barcelona Spain. The first briefings were held March 17th, when speakers began to present various research papers on a lot of very interesting topics. This is also a good opportunity to meet other researchers, to exchange ideas and to find out new and exciting things.
The first day was a full day (good thing that I saw Camp Nou, home of FC Barcelona, when I first arrived :)), with presentations that delve right into the "kernel" of things. For example there was a talk on by Patroklos Argyroudis & Dimitrios Glynos on 'Kernel Exploitation Mitigations' that showed ways to defeat kernel exploits for various operating systems. Another VERY interesting presentation was 'Rootkit Detection via Kernel Tunneling', where Mihai Chiriac presented a custom dynamic instrumentation framework that analyzes execution flow and helps in detection/cleaning of active rootkits by "disarming" the malicious code. The day ended with a great presentation from Bruce Schneier about 'Cyberwar' and targeted attacks.
The second day was also very sunny and warm, and as a cherry on top of the cake, there were some awesome presentations. Just to name two, we had 'Cutting-edge denial of service mitigation', where Yuri Gushin and Alex Behar talked about some cool mitigation steps against denial of service attacks, mainly for HTTP servers, by using a non-interactive challenge/response mechanism.
There was also a good presentation by George Hedfors that showed how a Cisco 7000-series based on NX-OS can be "0wned" by using an old remotely exploitable buffer overflow and then how to break out of the CLI environment using some undocumented features.
Having seen really interesting things and ideas, it's time to head back and put some of the knowledge gained here to good use. Signing off from Black Hat Europe 2011.-
Andrei Saygo
My Facebook profile has been visited more than 15.000 times!
A Web of (Mis)Trust?
Our speculation was partly driven by the abuse of trust that Kaspersky Lab monitored and prevented by the stolen Stuxnet digital certificates.
2011年3月26日星期六
Japan Quake Spam leads to Malware
Kaspersky Lab has detected a malicious spam campaign using the recent earthquake in Japan to infect users. These emails contain malicious URLs:
Another round of bots for MSRT
This month we add another bot to the MSRT family list – Win32/Cycbot. Cycbot was discovered in August 2010 and has quickly become prevalent.
It seems that Cycbot’s creators called it “Gbot”, as it used this name as an identifier in the reports it would send back to its controllers. Recent variants of the malware have stopped using this identifier, possibly in an attempt to make detection more difficult, but the functionality hasn’t changed much. All of Cycbot’s communications are done using HTTP, including the retrieval of backdoor commands. As a backdoor, it’s functionality is limited to capabilities like updating itself and downloading and running other malware; we’ve seen it download Rogue:Win32/FakePAV in the past. Its main purpose, however, is more subtle.
Cycbot sets itself up as an HTTP proxy for any machine it affects. It does this by listening on a TCP port such as 54141 (this number varies), and then changing the browser’s proxy settings to point to this port on the local host. It can do this for Internet Explorer, Firefox and Opera.
By acting as proxy, Cycbot can intercept all HTTP traffic to and from the browser, which enables it to direct your browser wherever it wants. For example, it will take a search term you enter into your search engine and pass it to what is effectively an imitation search site - a site that directs you to anywhere that will pay them money for the referral. At best, this will lead to an advertisement that is unrelated to what you were searching for; however, often it leads to more malware. Right now, several of the “search” results that Cycbot loads attempt to install malware, including one page that looks quite familiar.
Spending as much time as I do looking at rogues, I am all too familiar with this kind of sham. This one is currently pushing Rogue:Win32/Winwebsec.
Cycbot is a type of “intermediate” malware – a means to an end, in many ways reminiscent of Win32/Renos. Controlling the browser can provide its creators with diverse ways of exploiting an affected user, while causing the user various kinds of pain.
-- Hamish O'Dea
Trojan downloader Chepvil on the UPSwing
A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I. The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor:Win32/Hostil.gen!A (was Backdoor:Win32/Hostil.F). More specific signatures (TrojanDownloader:Win32/Chepvil.I and TrojanDownloader:Win32/Chepvil.J) were added on March 22nd 2011.
Win32/Chepvil is a trojan that downloads other malware such as Rogue:Win32/Winwebsec, Rogue:Win32/FakeRean, Backdoor:Win32/Cycbot.B and VirTool:Win32/Injector.gen!BG. The retrieved malware is saved to the %TEMP% folder and then executed. Microsoft Malware Protection Center has noticed that detections over the past few days have gone from a handful to around 400k per day.
The majority of these detections are coming from the antimalware technology protecting our Hotmail customers, clearly indicating the vector – spam. At the time of this blog writing, we received a few reports of other online email service account holders receiving this trojan via spam email as well.
Below is a chart indicating observed telemetry of this trojan over a short period of time:
Image 1 – Chepvil telemetry
Nearly all of the attached files are named “United Parcel Service document.zip”.
The most prevalent SHA1s for the .ZIP attachment are:
0610CE22DF47B3D9C69DC63387705FD666C7205A
151755454A9D443A8A60996F3F1DC4E0C68A9B5D
2C25B6B2764E4DA5EC0A7D57017DFA5FF2A10873
The most prevalent SHA1s for the .EXE trojan within the .ZIP archive are:
0FB63DFF83DB643C9EE42EFE617BDD539A5FFB8F
142E8b00AA24954f9A4AA2271B8A49C445B87587
DA65B7B277540B88918076949A28E8307AD7E41A
Our geographical data from our endpoint protection products show a heavy focus on the United States:
Image 2 – Chepvil telemetry by geography
Below is one example of a spammed message containing the Chepvil trojan.
Image 3 – Sample of Chepvil trojan attachment
MMPC customers have detection for this issue through the signature TrojanDownloader:Win32/Chepvil.I.
- Holly Stewart, Joe Faulhaber, Jaime Wong & Patrick Nolan
Spam Campaign on Twitter Leads to Adware
Definition file update for Ad-Aware.
149.649 is now available, new definition file for Ad-Aware 8.2.
150.334 is now available, new definition file for Ad-Aware 9.x, 8.3.
New definitions:
====================
Updated definitions:
====================
MSIL.Backdoor.Agent
MSIL.Trojan.Agent
MSIL.TrojanDropper.Agent
MSIL.TrojanDropper.StubRC
MSIL.TrojanPWS.Agent
MSIL.TrojanSpy.Agent
MSIL.TrojanSpy.KeyLogger
MSIL.TrojanSpy.Zbot
NSIS.TrojanDownloader.Agent
NSIS.TrojanDropper.Agent
VBS.TrojanClicker.Agent
Win32.Adware.Adnur
Win32.Adware.BHO
Win32.Adware.Cinmus
Win32.Adware.EzuLa
Win32.Adware.Gaba
Win32.Adware.Ksg
Win32.Adware.PurityScan
Win32.Adware.RON
Win32.Backdoor.Agent
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bredolab
Win32.Backdoor.Clemag
Win32.Backdoor.Dusta
Win32.Backdoor.Floder
Win32.Backdoor.Gbot
Win32.Backdoor.Hupigon
Win32.Backdoor.IRCBot
Win32.Backdoor.Krafcot
Win32.Backdoor.Nbdd
Win32.Backdoor.Papras
Win32.Backdoor.Poison
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.RBot
Win32.Backdoor.Ripinip
Win32.Backdoor.SDBot
Win32.Backdoor.Turkojan
Win32.Backdoor.VB
Win32.Backdoor.Yobdam
Win32.Backdoor.Yoddos
Win32.Dialer.Megadial
Win32.Hoax.ArchSMS
Win32.Monitor.Ardamax
Win32.Monitor.EliteKeylogger
Win32.Monitor.FreeKeylogger
Win32.Monitor.Perflogger
Win32.Monitor.PowerSpy
Win32.P2PWorm.Bacteraloh
Win32.P2PWorm.Palevo
Win32.P2PWorm.Polip
Win32.Rootkit.Agent
Win32.Rootkit.TDSS
Win32.Trojan.Agent
Win32.Trojan.Agent2
Win32.Trojan.AntiAV
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Chifrax
Win32.Trojan.Chydo
Win32.Trojan.Cosmu
Win32.Trojan.Cospet
Win32.Trojan.Cossta
Win32.Trojan.Delf
Win32.Trojan.Delfinject
Win32.Trojan.Diple
Win32.Trojan.FakeAV
Win32.Trojan.Fakewarn
Win32.Trojan.Fraudpack
Win32.Trojan.Gabba
Win32.Trojan.Genome
Win32.Trojan.Inject
Win32.Trojan.Jorik
Win32.Trojan.Krament
Win32.Trojan.Llac
Win32.Trojan.Logoninvader
Win32.Trojan.Mahato
Win32.Trojan.Menti
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Oner
Win32.Trojan.Pasmu
Win32.Trojan.Pasta
Win32.Trojan.Pincav
Win32.Trojan.Pirminay
Win32.Trojan.Refroso
Win32.Trojan.Regie
Win32.Trojan.Sasfis
Win32.Trojan.Scar
Win32.Trojan.Searches
Win32.Trojan.Sefnit
Win32.Trojan.Siscos
Win32.Trojan.Small
Win32.Trojan.Swisyn
Win32.Trojan.Tdss
Win32.Trojan.VB
Win32.Trojan.Vaklik
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Trojan.Webprefix
Win32.Trojan.Zapchast
Win32.Trojan.Zmunik
Win32.TrojanClicker.Cycler
Win32.TrojanClicker.VB
Win32.TrojanClicker.VBiframe
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Exchanger
Win32.TrojanDownloader.Fraudload
Win32.TrojanDownloader.Genome
Win32.TrojanDownloader.Geral
Win32.TrojanDownloader.Kido
Win32.TrojanDownloader.Lipler
Win32.TrojanDownloader.Mufanom
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Pher
Win32.TrojanDownloader.Qhost
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.VB
Win32.TrojanDropper.Agent
Win32.TrojanDropper.Cadro
Win32.TrojanDropper.Clons
Win32.TrojanDropper.HeliosBinder
Win32.TrojanDropper.Microjoin
Win32.TrojanDropper.MuDrop
Win32.TrojanDropper.Renum
Win32.TrojanDropper.SennaOneMaker
Win32.TrojanDropper.Small
Win32.TrojanDropper.TDSS
Win32.TrojanDropper.VB
Win32.TrojanDropper.Vedio
Win32.TrojanMailfinder.Delf
Win32.TrojanPWS.Alipay
Win32.TrojanPWS.Bjlog
Win32.TrojanPWS.Kykymber
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.TrojanPWS.Nilage
Win32.TrojanPWS.Novlog
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Qbot
Win32.TrojanPWS.Ruftar
Win32.TrojanPWS.VB
Win32.TrojanProxy.Slaper
Win32.TrojanRansom.Fakeinstaller
Win32.TrojanRansom.HmBlocker
Win32.TrojanRansom.PornoBlocker
Win32.TrojanSpy.Agent
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Flystudio
Win32.TrojanSpy.Qhost
Win32.TrojanSpy.SpyEyes
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Allaple
Win32.Worm.Aspxor
Win32.Worm.AutoIt
Win32.Worm.AutoTsifiri
Win32.Worm.Autorun
Win32.Worm.Ckbface
Win32.Worm.Fearso
Win32.Worm.Fujack
Win32.Worm.Joleee
Win32.Worm.Kido
Win32.Worm.Kolab
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Mytob
Win32.Worm.Vbna
MD5 checksum for Ad-Aware core.aawdef is 0998e331649d0dafd028f7d139a7545b