McAfee Avert Stinger Thread

Status
Not open for further replies.

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
McLovin said:
Is this really updated everyday?

It usually updates at least twice weekly, sometimes more often depending on the new malware discovered in the wild by McAfee and the other AV partners (VirusBuster, Avira, Microsoft, Sophos).

Thanks.:D
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Littlebits said:
It usually updates at least twice weekly, sometimes more often depending on the new malware discovered in the wild by McAfee and the other AV partners (VirusBuster, Avira, Microsoft, Sophos).

Thanks.:D

In a way it's good that they have an up to date virus tool compared to some AV companies that don't have theirs up to date. :-/
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.857 released:
Build Date: 02-Nov-2012

MD5: F7936050715B793ECCBC21CFFE67BF1C
SHA1: E793605127C411DEEA070D47CBF3CB40EB72427F

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.gg
• FakeAlert-SecurityTool.gh
• Generic BackDoor.acz
• Generic BackDoor.afj
• Generic FakeAlert.me
• Generic PWS.fh
• Generic PWS.fi
• Generic PWS.fj
• Generic PWS.fk
• Generic PWS.fl
• Generic PWS.fm
• Generic PWS.fn
• Generic PWS.fo
• Generic PWS.fp
• Generic PWS.fq
• Generic PWS.fr
• Generic PWS.ft
• Generic PWS.fu
• Generic PWS.fv
• Generic PWS.fw
• Generic PWS.fx
• Generic PWS.fy
• Generic PWS.fz
• Generic PWS.ga
• Generic PWS.gc
• Generic PWS.gd
• JS/Exploit-Blacole.ig
• JS/Exploit-Blacole.ih
• JS/Exploit-Blacole.ii
• PWS-BankSun
• PWS-HookGina
• PWS-HookGina.a
• PWS-OnlineGames.kn
• PWS-OnlineGames.ko
• PWS-OnlineGames.kp
• PWS-OnlineGames.kq
• PWS-OnlineGames.kr
• PWS-OnlineGames.ks
• PWS-OnlineGames.kt
• PWS-OnlineGames.ku
• PWS-OnlineGames.kv
• PWS-OnlineGames.kw
• PWS-OnlineGames.kx
• PWS-OnlineGames.kz
• PWS-OnlineGames.la
• PWS-OnlineGames.lb
• PWS-OnlineGames.lc
• PWS-OnlineGames.ld
• PWS-OnlineGames.le
• PWS-OnlineGames.lf
• PWS-OnlineGames.lg
• PWS-OnlineGames.lh
• PWS-OnlineGames.lj
• PWS-OnlineGames.lk
• PWS-OnlineGames.ll
• PWS-OnlineGames.lm
• PWS-OnlineGames.ln
• PWS-OnlineGames.lo
• PWS-OnlineGames.lp
• PWS-Yunsip
• PWS-Yunsip.gen.a
• PWS-Yunsip.gen.b
• PWS-ZMutex
• PWS-Zbot.gen.aad
• PWS-Zbot.gen.aae
• PWS-Zbot.gen.aaf
• PWS-Zbot.gen.aag
• PWS-Zbot.gen.aah
• PWS-Zbot.gen.aai
• PWS-Zbot.gen.aaj
• PWS-Zbot.gen.aak
• PWS-Zbot.gen.aal
• PWS-Zbot.gen.aam
• PWS-Zbot.gen.aan
• PWS-Zbot.gen.aao
• PWS-Zbot.gen.aap
• PWS-Zbot.gen.aaq
• PWS-Zbot.gen.aar
• PWS-Zbot.gen.aas
• PWS-Zbot.gen.aat
• PWS-Zbot.gen.aau
• PWS-Zbot.gen.aav
• PWS-Zbot.gen.aaw
• PWS-Zbot.gen.aax
• PWS-Zbot.gen.aay
• PWS-Zbot.gen.aaz
• PWS-Zbot.gen.aba
• PWS-Zbot.gen.abb
• PWS-Zbot.gen.abc
• PWS-Zbot.gen.abd
• PWS-Zbot.gen.abe
• PWS-Zbot.gen.abf
• PWS-Zbot.gen.abg
• PWS-Zbot.gen.abh
• PWS-Zbot.gen.abi
• PWS-Zbot.gen.abj
• PWS-Zbot.gen.abk
• PWS-Zbot.gen.abl
• PWS-Zbot.gen.abm
• PWS-Zbot.gen.abn
• PWS-Zbot.gen.abo
• PWS-Zbot.gen.abp
• PWS-Zbot.gen.abq
• PWS-Zbot.gen.abr
• PWS-Zbot.gen.abs
• PWS-Zbot.gen.abt
• PWS-Zbot.gen.abu
• PWS-Zbot.gen.abv
• PWS-Zbot.gen.abw
• PWS-Zbot.gen.abx
• PWS-Zbot.gen.aby
• PWS-Zbot.gen.abz
• PWS-Zbot.gen.aca
• PWS-Zbot.gen.acb
• PWS-Zbot.gen.acc
• PWS-Zbot.gen.acd
• PWS-Zbot.gen.ace
• PWS-Zbot.gen.acg
• PWS-Zbot.gen.ach
• PWS-Zbot.gen.aci
• PWS-Zbot.gen.acj
• PWS-Zbot.gen.ack
• PWS-Zbot.gen.acl
• PWS-Zbot.gen.acm
• PWS-Zbot.gen.acn
• PWS-Zbot.gen.aco
• PWS-Zbot.gen.acq
• PWS-Zbot.gen.acr
• PWS-Zbot.gen.acs
• PWS-Zbot.gen.act
• PWS-Zbot.gen.acu
• PWS-Zbot.gen.acv
• PWS-Zbot.gen.acw
• PWS-Zbot.gen.acx
• PWS-Zbot.gen.acy
• PWS-Zbot.gen.acz
• PWS-Zbot.gen.ada
• PWS-Zbot.gen.adb
• PWS-Zbot.gen.adc
• PWS-Zbot.gen.add
• PWS-Zbot.gen.ade
• PWS-Zbot.gen.adf
• PWS-Zbot.gen.adg
• PWS-Zbot.gen.adh
• PWS-Zbot.gen.adi
• PWS-Zbot.gen.adj
• PWS-Zbot.gen.adl
• PWS-Zbot.gen.adm
• PWS-Zbot.gen.adn
• PWS-Zbot.gen.ado
• PWS-Zbot.gen.adp
• PWS-Zbot.gen.adr
• PWS-Zbot.gen.ads
• PWS-Zbot.gen.adt
• PWS-Zbot.gen.adu
• PWS-Zbot.gen.adv
• PWS-Zbot.gen.adw
• PWS-Zbot.gen.adx
• PWS-Zbot.gen.ady
• PWS-Zbot.gen.adz
• PWS-Zbot.gen.aea
• PWS-Zbot.gen.aeb
• PWS-Zbot.gen.aec
• PWS-Zbot.gen.aed
• PWS-Zbot.gen.aee
• PWS-Zbot.gen.aef
• PWS-Zbot.gen.aeg
• PWS-Zbot.gen.aeh
• PWS-Zbot.gen.aei
• PWS-Zbot.gen.aej
• PWS-Zbot.gen.ael
• PWS-Zbot.gen.aem
• PWS-Zbot.gen.aen
• PWS-Zbot.gen.aeo
• PWS-Zbot.gen.aep
• PWS-Zbot.gen.aeq
• PWS-Zbot.gen.aer
• PWS-Zbot.gen.aes
• PWS-Zbot.gen.aet
• PWS-Zbot.gen.aeu
• PWS-Zbot.gen.aev
• PWS-Zbot.gen.aew
• PWS-Zbot.gen.aex
• PWS-Zbot.gen.aey
• PWS-Zbot.gen.aez
• PWS-Zbot.gen.afa
• PWS-Zbot.gen.afb
• PWS-Zbot.gen.afd
• PWS-Zbot.gen.afe
• PWS-Zbot.gen.aff
• PWS-Zbot.gen.afg
• PWS-Zbot.gen.afh
• PWS-Zbot.gen.afi
• PWS-Zbot.gen.afj
• PWS-Zbot.gen.afk
• PWS-Zbot.gen.afl
• PWS-Zbot.gen.afm
• PWS-Zbot.gen.afn
• PWS-Zbot.gen.afo
• PWS-Zbot.gen.afp
• PWS-Zbot.gen.afq
• PWS-Zbot.gen.afs
• PWS-Zbot.gen.aft
• PWS-Zbot.gen.afu
• PWS-Zbot.gen.afv
• PWS-Zbot.gen.afw
• PWS-Zbot.gen.afx
• PWS-Zbot.gen.afy
• PWS-Zbot.gen.afz
• PWS-Zbot.gen.aga
• PWS-Zbot.gen.agb
• PWS-Zbot.gen.agc
• PWS-Zbot.gen.agd
• PWS-Zbot.gen.age
• PWS-Zbot.gen.agk
• PWS-Zbot.gen.agn
• PWS-Zbot.gen.ago
• PWS-Zbot.gen.agp
• PWS-Zbot.gen.agq
• PWS-Zbot.gen.agr
• PWS-Zbot.gen.ags
• PWS-Zbot.gen.agt
• PWS-Zbot.gen.agu
• PWS-Zbot.gen.agv
• PWS-Zbot.gen.agw
• PWS-Zbot.gen.agx
• PWS-Zbot.gen.agy
• PWS-Zbot.gen.ahb
• PWS-Zbot.gen.ahc
• PWS-Zbot.gen.ahd
• PWS-Zbot.gen.ahe
• PWS-Zbot.gen.ahf
• PWS-Zbot.gen.ahg
• PWS-Zbot.gen.ahh
• PWS-Zbot.gen.ahi
• PWS-Zbot.gen.ahj
• PWS-Zbot.gen.ahk
• PWS-Zbot.gen.ahl
• PWS-Zbot.gen.ahm
• PWS-Zbot.gen.ahn
• PWS-Zbot.gen.aho
• PWS-Zbot.gen.ahp
• PWS-Zbot.gen.ahq
• PWS-Zbot.gen.ahr
• PWS-Zbot.gen.ahs
• PWS-Zbot.gen.aht
• PWS-Zbot.gen.ahu
• PWS-Zbot.gen.ahv
• PWS-Zbot.gen.ahw
• PWS-Zbot.gen.ahx
• PWS-Zbot.gen.ahy
• PWS-Zbot.gen.ahy!pk
• PWS-Zbot.gen.ahz
• PWS-Zbot.gen.aia
• PWS-Zbot.gen.aib
• PWS-Zbot.gen.aic
• PWS-Zbot.gen.aid
• PWS-Zbot.gen.aie
• PWS-Zbot.gen.aif
• PWS-Zbot.gen.aig
• PWS-Zbot.gen.aih
• PWS-Zbot.gen.aii
• PWS-Zbot.gen.aij
• PWS-Zbot.gen.aik
• PWS-Zbot.gen.ail
• PWS-Zbot.gen.aim
• PWS-Zbot.gen.ain
• PWS-Zbot.gen.aio
• PWS-Zbot.gen.aiq
• PWS-Zbot.gen.air
• PWS-Zbot.gen.ais
• PWS-Zbot.gen.ait
• PWS-Zbot.gen.aiu
• PWS-Zbot.gen.aiv
• PWS-Zbot.gen.aiw
• PWS-Zbot.gen.aix
• PWS-Zbot.gen.aiy
• PWS-Zbot.gen.aiz
• PWS-Zbot.gen.aja
• PWS-Zbot.gen.ajb
• PWS-Zbot.gen.ajc
• PWS-Zbot.gen.ajd
• PWS-Zbot.gen.aje
• PWS-Zbot.gen.ajf
• PWS-Zbot.gen.ajg
• PWS-Zbot.gen.ajh
• PWS-Zbot.gen.aji
• PWS-Zbot.gen.ajj
• PWS-Zbot.gen.ajk
• PWS-Zbot.gen.ajm
• PWS-Zbot.gen.ajn
• PWS-Zbot.gen.ajo
• PWS-Zbot.gen.ajp
• PWS-Zbot.gen.ajq
• PWS-Zbot.gen.ajr
• PWS-Zbot.gen.ajs
• PWS-Zbot.gen.ajt
• PWS-Zbot.gen.aju
• PWS-Zbot.gen.ajv
• PWS-Zbot.gen.ajw
• PWS-Zbot.gen.ajx
• PWS-Zbot.gen.ajy
• PWS-Zbot.gen.ajz
• PWS-Zbot.gen.aka
• PWS-Zbot.gen.akb
• PWS-Zbot.gen.akc
• PWS-Zbot.gen.akd
• PWS-Zbot.gen.ake
• PWS-Zbot.gen.akf
• PWS-Zbot.gen.akg
• PWS-Zbot.gen.akh
• PWS-Zbot.gen.aki
• PWS-Zbot.gen.akj
• PWS-Zbot.gen.akk
• PWS-Zbot.gen.akl
• PWS-Zbot.gen.akm
• PWS-Zbot.gen.akn
• PWS-Zbot.gen.ako
• PWS-Zbot.gen.akp
• PWS-Zbot.gen.akq
• PWS-Zbot.gen.akr
• PWS-Zbot.gen.aks
• PWS-Zbot.gen.akt
• PWS-Zbot.gen.aku
• PWS-Zbot.gen.akv
• PWS-Zbot.gen.akw
• PWS-Zbot.gen.akx
• PWS-Zbot.gen.aky
• PWS-Zbot.gen.akz
• PWS-Zbot.gen.ala
• PWS-Zbot.gen.alb
• PWS-Zbot.gen.alc
• PWS-Zbot.gen.ald
• PWS-Zbot.gen.alh
• PWS-Zbot.gen.ali
• PWS-Zbot.gen.alj
• PWS-Zbot.gen.alk
• PWS-Zbot.gen.all
• PWS-Zbot.gen.alm
• PWS-Zbot.gen.alu!dam
• PWS-Zbot.gen.alv
• PWS-Zbot.gen.alw
• PWS-Zbot.gen.alx
• PWS-Zbot.gen.aly
• PWS-Zbot.gen.alz
• PWS-Zbot.gen.ama
• PWS-Zbot.gen.amb
• PWS-Zbot.gen.amc
• PWS-Zbot.gen.amd
• PWS-Zbot.gen.ame
• PWS-Zbot.gen.amf
• PWS-Zbot.gen.amg
• PWS-Zbot.gen.amh
• PWS-Zbot.gen.ami
• PWS-Zbot.gen.amj
• PWS-Zbot.gen.aml
• PWS-Zbot.gen.amn
• PWS-Zbot.gen.amo
• PWS-Zbot.gen.amp
• PWS-Zbot.gen.amq
• PWS-Zbot.gen.amr
• PWS-Zbot.gen.ams
• PWS-Zbot.gen.amt
• PWS-Zbot.gen.amu
• PWS-Zbot.gen.amv
• PWS-Zbot.gen.amw
• PWS-Zbot.gen.amy
• PWS-Zbot.gen.amz
• PWS-Zbot.gen.ana
• PWS-Zbot.gen.anb
• PWS-Zbot.gen.anc
• PWS-Zbot.gen.and
• PWS-Zbot.gen.ane
• PWS-Zbot.gen.anf
• PWS-Zbot.gen.ang
• PWS-Zbot.gen.apf
• PWS-Zbot.gen.apg
• PWS-Zbot.gen.aph
• PWS-Zbot.gen.api
• PWS-Zbot.gen.apj
• PWS-Zbot.gen.apk
• PWS-Zbot.gen.jr
• PWS-Zbot.gen.ko
• PWS-Zhengtu
• PWS-Zhengtu.dll
• PWS-Zhengtu.dr
• PWS-Zhliu
• PWS-Zimenok
• PWS-Zipper
• PWS-Zombie
• PWS-Zombie.dr
• PWS-Zuten
• Vundo.gen.hi
• W32/Chir
• W32/Chir.gen!remnants
• W32/Chir.gen@MM
• W32/Chir.gen@MM!remanants
• W32/Edar
• W32/Edar.dr
• W32/Xpaj.dr
• W32/Xpaj.dr.a
• W32/Xpaj.dr.b
• ZeroAccess.hu


Enhanced Detections:
• BackDoor-FHI
• Exploit-CVE2010-0188
• FakeAlert-SecurityTool.ga
• FakeAlert-SysDef.av
• Generic Downloader.nx
• Generic Downloader.z
• Generic FakeAlert.gp
• Generic PWS.agx
• Generic PWS.fp
• JS/Exploit-Blacole.em
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gg
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.gs
• JS/Exploit-Blacole.hv
• PWS-BankSun
• PWS-HookGina
• PWS-OnlineGames.kw
• PWS-Zbot.gen.aad
• PWS-Zbot.gen.aae
• PWS-Zbot.gen.adc
• PWS-Zbot.gen.adi
• PWS-Zbot.gen.adj
• PWS-Zbot.gen.adm
• PWS-Zbot.gen.adn
• PWS-Zbot.gen.adx
• PWS-Zbot.gen.aez
• PWS-Zbot.gen.afr
• PWS-Zbot.gen.aft
• PWS-Zbot.gen.afv
• PWS-Zbot.gen.agf
• PWS-Zbot.gen.agg
• PWS-Zbot.gen.agh
• PWS-Zbot.gen.agi
• PWS-Zbot.gen.agj
• PWS-Zbot.gen.agl
• PWS-Zbot.gen.agm
• PWS-Zbot.gen.aha
• PWS-Zbot.gen.ahc
• PWS-Zbot.gen.ahk
• PWS-Zbot.gen.ahl
• PWS-Zbot.gen.aho
• PWS-Zbot.gen.ahu
• PWS-Zbot.gen.ahz
• PWS-Zbot.gen.aik
• PWS-Zbot.gen.ail
• PWS-Zbot.gen.aim
• PWS-Zbot.gen.aip
• PWS-Zbot.gen.air
• PWS-Zbot.gen.aiy
• PWS-Zbot.gen.ake
• PWS-Zbot.gen.akj
• PWS-Zbot.gen.ala
• PWS-Zbot.gen.alb
• PWS-Zbot.gen.alh
• PWS-Zbot.gen.aln
• PWS-Zbot.gen.alu!dam
• PWS-Zbot.gen.amx
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.aob
• PWS-Zbot.gen.aoh
• PWS-Zbot.gen.aol
• PWS-Zbot.gen.aoy
• PWS-Zbot.gen.api
• PWS-Zhengtu
• PWS-Zombie
• PWS-Zuten
• W32/Autorun.worm.bgh
• W32/Autorun.worm.c
• W32/Autorun.worm.gu
• W32/Chir.gen!remnants
• W32/Xpaj
• W32/Xpaj.b
• W32/Xpaj.c
• ZeroAccess
• ZeroAccess.he
• ZeroAccess.hq
• ZeroAccess.hr
• ZeroAccess.hs
• ZeroAccess.ht

Enjoy!!:D
 

Syntax

Level 1
Feb 4, 2012
248
That's a long update (if this forum only has spoiler tag). I will add this program to my flash drive.
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.858 released:
Build Date: 05-Nov-2012

MD5: 050AED8D7DF1469B8F987133028C5164
SHA1: 341666FEFF9883B88A75604B3FF0CBA1CBDEA37C

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• PWS-Zbot.gen.apm
• PWS-Zbot.gen.apn
• PWS-Zbot.gen.apo

Enhanced Detections:
• BackDoor-FHI
• Exploit-CVE2012-0158!rtf
• FakeAlert-KW.g
• FakeAlert-SysDef.at
• Generic Downloader.z
• Generic FakeAlert.kw
• JS/Exploit-Blacole.eq
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.hv
• JS/Exploit-Blacole.ie
• JV/Exploit-Blacole.t
• PWS-OnlineGames.lj
• PWS-Zbot
• PWS-Zbot.gen.aey
• PWS-Zbot.gen.akb
• PWS-Zbot.gen.aln
• PWS-Zbot.gen.aow
• PWS-Zbot.gen.aoy
• PWS-Zbot.gen.apa
• PWS-Zbot.gen.apc
• PWS-Zbot.gen.apf
• PWS-Zbot.gen.api
• W32/Autorun.worm.c
• W32/Autorun.worm.cj
• W32/Autorun.worm.eu
• W32/Expiro.gen.h
• ZeroAccess
• ZeroAccess.hq

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.867 released:
Build Date: 06-Nov-2012

MD5: 0C42EE3BFFE3780921BE4ED8BA268283
SHA1: 8081AB800AC75AF5A9CC3699F4C308157B575A70

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic Downloader.rl
• PWS-Zbot.gen.app

Enhanced Detections:
• FakeAlert-SecurityTool.fz
• Generic Downloader.pr

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.869 released:
Build Date: 08-Nov-2012

MD5: 3405E7F3B709436F128A1A74ED87503E
SHA1: 7980F71A7206B257114CC1557D7E26B1C8B98049

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.gi
• FakeAlert-SecurityTool.gk
• PWS-OnlineGames.lr
• PWS-Zbot.gen.aps
• PWS-Zbot.gen.apt
• PWS-Zbot.gen.apu

Enhanced Detections:
• Exploit-CVE2012-0158!rtf
• FakeAlert-AB
• FakeAlert-AVPSec!env.g
• FakeAlert-SecurityTool.ga
• FakeAlert-SysDef
• FakeAlert-SysDef.at
• Generic Downloader.hl
• Generic Downloader.z
• Generic FakeAlert
• Generic FakeAlert.me
• Generic PWS.agn
• Generic.jy
• PWS-Zbot.gen.any
• PWS-Zbot.gen.anz
• PWS-Zbot.gen.aot
• PWS-Zbot.gen.aoy
• PWS-Zbot.gen.api
• PWS-Zbot.gen.apj
• PWS-Zbot.gen.apm
• PWS-Zbot.gen.apo
• PWS-Zbot.gen.apu
• VBobfus.eq
• W32/Autorun.worm.aaco
• W32/Autorun.worm.c
• W32/Autorun.worm.eu
• ZeroAccess.hq
• ZeroAccess.hu

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.870 released:
Build Date: 09-Nov-2012

MD5: BDC1F9B16005891774ED96E6B4860C40
SHA1: EBF37CD618F104D573F0D23DB4240EEC5B299301

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
� FakeAlert-SecurityTool.gl
� Festi.b
� Generic Downloader.rv
� Generic FakeAlert.mf
� JS/Exploit-Blacole.il
� JS/Exploit-Blacole.im
� New PornDial-b
� PWS-Zbot.gen.apv
� Sefnit.ag
� Spam-Tedroo.gen.f
� W32/PatchLoad.d

Enhanced Detections:
� BackDoor-FHI
� Darkwalt.d
� Exploit-CVE2012-0158.f!rtf
� FakeAlert-SecurityTool
� FakeAlert-SecurityTool.fr
� FakeAlert-SecurityTool.ga
� FakeAlert-SecurityTool.gf
� FakeAlert-SysDef.at
� FakeAlert-XPAntivirus
� Generic FakeAlert.gp
� Generic VB.jb
� JS/Exploit-Blacole.gq
� JS/Exploit-Blacole.ht
� JV/Exploit-Blacole
� PWS-Zbot
� PWS-Zbot.gen.aln
� PWS-Zbot.gen.alu!dam
� PWS-Zbot.gen.aow
� PWS-Zbot.gen.apq
� Vundo.gen.fg
� W32/Autorun.worm.c
� ZeroAccess
� ZeroAccess.hr
� ZeroAccess.ht

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.879 Released
Build Date: 14-Nov-2012

MD5: DFB8563BA756D73E21C8D23BC45FEFB5
SHA1: BD6BE1904ECF82811A8EB91C33E9A91D199D0345

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• PWS-Zbot.gen.aqc
• PWS-Zbot.gen.aqd

Enhanced Detections:
• FakeAlert-SecurityTool.gg
• FakeAlert-SecurityTool.gh
• Generic FakeAlert.mf
• JS/Exploit-Blacole.eu
• PWS-Zbot.gen.aln
• PWS-Zbot.gen.ant
• PWS-Zbot.gen.anv
• PWS-Zbot.gen.aou
• PWS-Zbot.gen.aow
• PWS-Zbot.gen.apr
• PWS-Zbot.gen.aps
• PWS-Zbot.gen.apt
• PWS-Zbot.gen.apw
• PWS-Zbot.gen.apx
• PWS-Zbot.gen.apy
• PWS-Zbot.gen.aqa
• W32/Autorun.worm.aacp
• W32/Autorun.worm.aacq

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.883 released:
Build Date: 16-Nov-2012

MD5: 71B0BB61F041CD97C398A9341409D377
SHA1: 1943624FEF70DA902F5C4FBAB905A582C955CEE3

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic PWS.agz
• JS/Exploit-Blacole.io
• JS/Exploit-Blacole.ip
• JS/Exploit-Blacole.iq
• W32/Autorun.worm.aacr

Enhanced Detections:
• BackDoor-FHI
• Exploit-CVE2012-0507
• Exploit-PDF
• Exploit-PDF.bl.gen
• FakeAlert-SecurityTool.gi
• FakeAlert-SecurityTool.gl
• Generic Downloader.gm
• Generic Downloader.z
• Generic FakeAlert
• Generic.iw
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.hu
• JS/Exploit-Blacole.ie
• JV/Exploit-Blacole.t
• PWS-OnlineGames.lr
• PWS-Zbot.gen.aha
• Vundo.gen.fg
• W32/Autorun.worm.c

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.888 released:
Build Date: 21-Nov-2012

MD5: EC07808084D8B82FCDC598B65CF5AFC8
SHA1: FCDF0B3EBD8E51028E1460F4C7D005BFEDDE9923

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• JS/Exploit-Blacole.it
• JS/Exploit-Blacole.iu
• JS/Exploit-Blacole.iv
• JS/FakeAV
• PWS-OnlineGames.ky
• PWS-Zbot.gen.aqs
• PWS-Zbot.gen.aqt
• PWS-Zbot.gen.aqu

Enhanced Detections:
• Exploit-CVE2012-0158
• Exploit-PDF
• FakeAlert-SecurityTool.gf
• Generic Downloader.z
• Generic FakeAlert.gp
• Generic PWS.zw
• Generic.jy
• Generic.mt
• PWS-OnlineGames.lf
• PWS-Zbot.gen.aln
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.apu
• PWS-Zbot.gen.aqc
• PWS-Zbot.gen.aql
• PWS-Zbot.gen.aqm
• PWS-Zbot.gen.aqo
• PWS-Zbot.gen.aqp
• PWS-Zbot.gen.aqq
• PWS-Zbot.gen.aqr
• VBS/Autorun.worm.k
• W32/Autorun.worm.aacp
• W32/Autorun.worm.c
• W32/Autorun.worm.g
• ZeroAccess.hr

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.889 released:
Build Date: 22-Nov-2012

MD5: 4D03AF2BC2A9A2A65684F4F86C304679
SHA1: 621C1AA616B1D3363E91D6508BE486E2AB008F9B

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.gm
• JS/Exploit-Blacole.iw
• JS/Exploit-Blacole.ix
• JS/Exploit-Blacole.iy
• PWS-ProxyChanger
• PWS-ZBot.gen.ahb
• PWS-Zbot.gen.aqv
• PWS-Zbot.gen.aqw
• PWS-Zbot.gen.aqx
• PWS-Zbot.gen.aqy
• W32/Autorun.worm.aacs

Enhanced Detections:
• BackDoor-EXZ
• BackDoor-FHI
• Exploit-CVE2012-0158
• Exploit-CVE2012-0158!rtf
• Exploit-PDF
• Exploit-PDF.rn.gen
• Exploit-PDF.rp.gen
• FakeAlert-SecurityTool.gf
• Generic PWS.aas
• JS/Exploit-Blacole.em
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gg
• JS/Exploit-Blacole.gs
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.hv
• JS/Exploit-Blacole.ie
• JS/Exploit-Blacole.if
• JS/Exploit-Blacole.io
• JV/Exploit-Blacole
• JV/Exploit-Blacole.b
• JV/Exploit-Blacole.t
• PWS-Zbot.gen.ant
• PWS-Zbot.gen.aqc
• SWF/Exploit-CVE-2012-0754
• Vundo
• W32/Autorun.worm.aacr
• W32/Autorun.worm.bgj
• W32/Autorun.worm.c
• W32/Autorun.worm.h
• W32/Rimecud

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.892 released:
Build Date: 23-Nov-2012

MD5: CD4D14F5E98D56794FA411E294AE43FA
SHA1: 1BB59278DD73F2156F3B640F789253ED86B4587C

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-StareSpoon
• FakeAlert-SysDef.ax
• PWS-VBClavos
• PWS-Zbot.gen.aqz
• PWS-Zbot.gen.ara
• W32/DNSChanger.cw

Enhanced Detections:
• AlertUp
• BackDoor-FHI
• Exploit-PDF.ca
• FakeAlert-Gen.c!lnk
• FakeAlert-SecurityTool
• FakeAlert-SecurityTool.gf
• FakeAlert-SysDef.av
• FakeAlert-SysDef.aw
• Generic Downloader.po
• Generic Downloader.z
• Generic PWS.agn
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.iy
• JV/Exploit-Blacole.i
• PWS-Zbot.gen.afa
• PWS-Zbot.gen.ahr
• PWS-Zbot.gen.ano
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.anv
• PWS-Zbot.gen.any
• PWS-Zbot.gen.anz
• PWS-Zbot.gen.apm
• PWS-Zbot.gen.aqc
• PWS-Zbot.gen.aqj
• PWS-Zbot.gen.aqn
• PWS-Zbot.gen.aqs
• PWS-Zbot.gen.aqt
• PWS-Zbot.gen.aqu
• Vundo.gen.gi
• W32/Autorun.worm.c
• W32/Autorun.worm.eu
• ZeroAccess!cfg
• ZeroAccess.dr
• ZeroAccess.hr
• ZeroAccess.ht
• ZeroAccess.hv
• ZeroAccess.hw

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.894 released:
Build Date: 26-Nov-2012

MD5: 32E9861B05E5D740E4FFAFBF4A721660
SHA1: 517006B69DE98AD435A4A65DB102226A3577DBD1

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.gn
• JS/Blacole-Redirect.w
• JS/Exploit-Blacole.iz
• JS/Exploit-Blacole.ja
• JS/Exploit-Blacole.jb
• PWS-Zbot.gen.arb
• PWS-Zbot.gen.arc
• PWS-Zbot.gen.ard
• PWS-Zbot.gen.are
• PWS-Zbot.gen.arf
• PWS-Zbot.gen.arg
• PWS-Zbot.gen.arh
• PWS-Zbot.gen.ari
• W32/DNSChanger.cx

Enhanced Detections:
• BackDoor-FHI
• DNSChanger.di
• Exploit-CVE2012-0158!rtf
• Exploit-CVE2012-0507
• FakeAlert-SecurityTool.ew
• FakeAlert-SecurityTool.ga
• FakeAlert-SecurityTool.gf
• FakeAlert-SecurityTool.gk
• FakeAlert-SecurityTool.gm
• FakeAlert-SysDef.au
• FakeAlert-SysDef.ax
• Generic Downloader.pi.gen.a
• Generic VB.jb
• Generic.jy
• JS/Blacole-Redirect.w
• JS/Exploit-Blacole.gf
• JS/Exploit-Blacole.gq
• Medfos.e
• PWS-Zbot
• PWS-Zbot.gen.als
• PWS-Zbot.gen.any
• PWS-Zbot.gen.aob
• PWS-Zbot.gen.aoi
• PWS-Zbot.gen.aos
• PWS-Zbot.gen.apk
• PWS-Zbot.gen.apm
• PWS-Zbot.gen.aql
• PWS-Zbot.gen.aqz
• PWS-Zbot.gen.arh
• W32/Rimecud
• W32/Rimecud.gen.cu
• W32/Rimecud.gen.do
• ZeroAccess.hi
• ZeroAccess.hq
• ZeroAccess.hr

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.895 released:
Build Date: 27-Nov-2012

MD5: 87BE31CF5CD6B31072960ABF8CECF985
SHA1: 9F700CA9E1009D226FA8E9257EB3F8A832D1680B

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Enhanced Detections:
• PWS-Zbot.gen.aqt
• PWS-Zbot.gen.aqv
• PWS-Zbot.gen.aqw
• PWS-Zbot.gen.aqx
• PWS-Zbot.gen.aqy
• PWS-Zbot.gen.aqz
• PWS-Zbot.gen.ara
• PWS-Zbot.gen.arb
• PWS-Zbot.gen.arc
• PWS-Zbot.gen.ard
• ZeroAccess.dr

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.896 released:
Build Date: 28-Nov-2012

MD5: 56D8722A397408795BB2A08F62EEB066
SHA1: BE2A3EE5FE9E21F671122FEF3A762C32EAA5E902

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-Rena.dd
• Generic PWS.aha
• PWS-Zbot.gen.arj
• PWS-Zbot.gen.ark
• PWS-Zbot.gen.arl
• PWS-Zbot.gen.arm
• PWS-Zbot.gen.arn

Enhanced Detections:
• Backdoor-BAC
• DNSChanger.dx
• Darkwalt.d
• Downloader-CJX.gen.ae
• Exploit-PDF.bl.gen
• FakeAlert-SecurityTool.ga
• FakeAlert-SysDef
• FakeAlert-SysDef.ax
• Generic Downloader.z
• Generic PWS.agz
• JS/Exploit-Blacole.em
• JS/Exploit-Blacole.eq
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gg
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.hv
• JS/Exploit-Blacole.ig
• JS/Exploit-Blacole.ih
• JS/Exploit-Blacole.ii
• JS/Exploit-Blacole.ij
• JS/Exploit-Blacole.iy
• JS/Redirector
• Nagyo
• PWS-OnlineGames.lj
• PWS-Zbot.gen.aha
• PWS-Zbot.gen.ajv
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.apc
• PWS-Zbot.gen.aqu
• PWS-Zbot.gen.ard
• PWS-Zbot.gen.arf
• PWS-Zbot.gen.arg
• PWS-Zbot.gen.arh
• W32/Autorun.worm.aacs
• W32/Autorun.worm.bx
• W32/Autorun.worm.g
• W32/Rimecud
• ZeroAccess.dr
• ZeroAccess.hr

http://downloadcenter.mcafee.com/products/mcafee-avert/stinger/Readme.txt

Enjoy!!:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.898 released:
Build Date: 29-Nov-2012

MD5: ACE87BDA671CF19BB746C82DA106FB6F
SHA1: 1EF5C1A1E751938AFCAB9DBDA53F0192991ABD51

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• JS/Exploit-Blacole.jc
• JS/Exploit-Blacole.jd
• PWS-Zbot.gen.aro
• PWS-Zbot.gen.arp
• PWS-Zbot.gen.arq
• PWS-Zbot.gen.arr

Enhanced Detections:
• FakeAlert-SecurityTool
• FakeAlert-SecurityTool.gf
• FakeAlert-SecurityTool.gh
• Generic FakeAlert.mc
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.im
• PWS-Banker.gen.gh
• PWS-Banker.gen.gi
• PWS-OnlineGames.lj
• PWS-XyzLogger
• PWS-ZBot.gen.ahb
• PWS-Zbot.gen.agm
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.any
• PWS-Zbot.gen.aol
• PWS-Zbot.gen.apc
• PWS-Zbot.gen.apq
• PWS-Zbot.gen.aqu
• PWS-Zbot.gen.are
• VBObfus.ei
• Vundo
• Vundo.gen.hi
• W32/Autorun.worm.aacp
• W32/Rimecud
• ZeroAccess.gi
• ZeroAccess.hq

http://downloadcenter.mcafee.com/products/mcafee-avert/stinger/Readme.txt

Enjoy!!:D
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
For the last 2-3 days I am getting some ZeroAccess cases where Combo Fix not fixing the issue. Same time Combo Fix Scan taking around 1-2 hours also to complete the scan....... I didn't try Stinger... Will Stinger Detect and remove the new ZeroAccess?

Another Case where we are not able to Run Combo Fix and TdssKiller. It is Just Flashing the screen and going. Nothing other.... I try to rename the files with Services.exe, iexplorer.exe, 1.com etc.. But that one also not working out.......
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
kuttus said:
For the last 2-3 days I am getting some ZeroAccess cases where Combo Fix not fixing the issue. Same time Combo Fix Scan taking around 1-2 hours also to complete the scan....... I didn't try Stinger... Will Stinger Detect and remove the new ZeroAccess?

Another Case where we are not able to Run Combo Fix and TdssKiller. It is Just Flashing the screen and going. Nothing other.... I try to rename the files with Services.exe, iexplorer.exe, 1.com etc.. But that one also not working out.......

I have easily removed several ZeroAcces infections with McAfee Stinger. It is fast and simple and doesn't mess with the system like Combofix.

It must be ran in Windows Safe Mode to be successful. If Windows Safe Mode is corrupt you will have to repair it first with registry scripts or Windows disk.

Personally I don't recommend using Combofix for any reason. It states on the download sites and on their site that it should only be used with the guidance of a professional. However all the computer professionals that I know don't recommend using it period. What kind of proof that anyone is a professional that recommends it can you get online?

Combofix is full of bugs and even if it does remove the infection, it will corrupt Windows OS most of the time requiring a complete reinstall of Windows. I don't understand why anyone would recommend using it on a malware removal guide. There are much better options available.

Combofix is one of the worst removal tools to use- people please don't recommend it, try other options first. It causes more harm than good.

Good day.:D
 

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Build Number: 10.2.0.902 released:
Build Date: 30-Nov-2012

MD5: E0970AAAB4D875F6EEF3913D8D4DB590
SHA1: 8575687ACA13172906D8A5F81648288A16D2A301

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic PWS.ahb
• PWS-OnlineGames.ls
• PWS-ZBot.gen.ahc
• PWS-Zbot.gen.ars
• PWS-Zbot.gen.art
• PWS-Zbot.gen.aru
• PWS-Zbot.gen.arv
• Vundo.gen.hj
• W32/Autorun.worm.aaeb
• W32/Autorun.worm.aaec
• W32/Autorun.worm.aaed
• W32/Autorun.worm.aaee
• W32/Autorun.worm.aaef
• W32/Autorun.worm.aaeg
• W32/Autorun.worm.aaeh
• W32/Autorun.worm.aaei
• W32/Autorun.worm.aaek

Enhanced Detections:
• Exploit-CVE2012-0158!rtf
• Exploit-PDF.rr.gen
• Exploit-PDF.rs.gen
• FakeAlert-SecurityTool.ew
• FakeAlert-SecurityTool.ga
• FakeAlert-SecurityTool.gf
• FakeAlert-SecurityTool.gm
• FakeAlert-SecurityTool.gn
• FakeAlert-SysDef
• Generic FakeAlert.gp
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.hu
• PWS-Zbot.gen.ale
• PWS-Zbot.gen.aqt
• PWS-Zbot.gen.arg
• W32/Autorun.worm.aaeb
• W32/Autorun.worm.aaed
• W32/Autorun.worm.aaef
• W32/Autorun.worm.aaeh
• W32/Autorun.worm.g
• ZeroAccess.dr
• ZeroAccess.hr

Enjoy!!:D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top