Database Updates SpyHunter Threat Database Update 5.92

SpyHunter Threat Database Update 5.92

By Domesticus in Database Updates

SpyHunter defs version 5.92 (08/17/2007) Latest Program version: 2.9.5018 The following new parasites have been added: Bofra.A Bofra is a worm virus that propagates through email. Once executed, Bofra will collect any emails that it can find on your PC (from both the Outlook address book, and text files). The worm uses its own SMTP email engine to send itself via email to any addresses that it harvests on your PC. It may try to masquerade as an online greeting card, pornographic video, or as "funny photos". This worm also opens up a backdoor on your PC that allows a hacker to control your computer, steal data, and issue commands to the virus over IRC networks. The worm may also download and install additional malware. Worm.Fbound FBound is a worm virus that propagates through email. Once executed, FBound will collect any emails that it can find in your address book. The worm uses its own SMTP email engine to send itself via email to any addresses that it harvests on your PC. It masquerades as a file called patch.exe in outgoing emails. The worm will use a subject line written in Japanese if it sends to an email address ending in .jp. Worm.Gokar Gokar is a worm virus that propagates through email. Once executed, FBound will collect any emails that it can find in your Outlook address book. The worm will then send itself via email to any addresses that it harvested on your PC. Gokar also attempts to propagate via IRC by creating a mIRC script.ini file. It will also attempt to spread itself by creating a default page in the Microsoft IIS web server folder. If a user visits this page, they will be asked to download the worm. BackDoor.Deloder Deloder is a backdoor worm virus. It attempts to connect to remote Windows PCs using psexec.exe. Once it makes a successful connection, it will try to log on as Administrator, using a variety of pre-defined passwords. If the worm is able to login to Windows, it will connect through port 445 over TCP and will copy itself to the target computer. The worm will also delete several network shares on the infected PC. It will also install a separate backdoor exe, which will allow a hacker to connect to your computer via several access methods. This program opens up a huge security hole on your computer and is a very dangerous threat to the security of your personal and financial data. W95.Bodgy Bodgy is a virus that may come packaged with other Trojans, backdoors, and malicious programs. Once installed and executed, Bodgy will autostart with Windows. On the 31st of August, the virus will display the message: "ANTI-MICROSOFT: DAMN BILLGATE & MICROSOFT, FUCK YOU!!! DO NOT TRY TO MONOPOLIZE SOFTWARE MARKET!!!" X97M.Clonar.A X97M.Clonar is a virus that may come packaged with other Trojans, backdoors, and malicious programs. Once installed and executed, Clonar will autostart with Windows. It will disable certain menu options related to Microsoft Office macros and Visual Basic, and may modify the size of toolbar buttons. This virus can spread as a macro, and will inject itself into other documents when an infected document is opened. Email-Worm.Evaman.a Evaman is a worm virus that propagates through email. Once executed, Evaman will configure itself to automatically start when Windows starts. The worm will then try to connect to a list of SMTP servers (or your PCs default SMTP server). It will then randomly query email.people.yahoo.com and will gather email addresses from the results. It will then send itself to any emails that it is able to collect, as either an exe file or an scr file. It may masquerade as a delivery failure attempt email. W32.Dupator Dupator is a virus that injects itself directly into the Windows kernel32.dll system file. Once injected, it will add the string "DUPATOR" to the code of any executable file that is opened on the infected computer. TrojanDownloader.ConHook.l ConHook is a Windows Trojan downloader. Once installed on your PC, this parasite will load automatically as a Browser Helper Object each time you start Internet Explorer. ConHook will continuously download and install additional security risks, including Trojans, keyloggers, and rogue antispyware applications. Adware.TTC Adware.TTC installs itself as an Internet Explorer Browser Helper Object. Once installed, it will load each time you open IE, and will download and display numerous popup and pop-under adverts. The program installs itself without any license agreement or privacy policy. It also has the ability to auto-update itself over the web. Adware.Searchforit Searchforit is an adware program. Once installed, it will load each time you login to Widnows, and will download and display numerous popup and pop-under adverts. Advertisements will typically be for credit cards, dating sites, and affiliate shopping sites. Searchforit is known to install itself through drive-by-downloads and other nefarious mechanisms. PCSecureSystem PCSecureSystem is a rogue PC security application that is a clone of WinAntivirus Pro and WinFixer. The program attempts to get you to buy through the intentional use of false positives, as well as through misleading popups and "system alerts," claiming that your computer is infected with spyware. This program, which installs additional spyware apps and Trojans, is a serious security threat to your PC and should be removed immediately. CrisysTec Sentry CrisysTec Sentry is a rogue PC cleanup application. The program attempts to get you to buy through the intentional use of false positives, as well as through misleading "system alerts," claiming that your computer is infected with spyware. StealthWatcher StealthWatcher is a spyware keylogger application. This application records every keystroke that you type on your computer, and hides itself from the user by running in stealth mode. StealthWatcher can be configured to automatically take screenshots at a preset time interval. It can be configured to log every web page that you visit and will also record all keystrokes that you type, as well as any instant messenger and email conversations. This program is a severe violation of your privacy and the safety of your personal and financial data, including banking information and credit card numbers. MenaceFighter MenaceFighter is a rogue PC security application that is a clone of WinAntivirus Pro and WinFixer. The program attempts to get you to buy through the intentional use of false positives, as well as through misleading popups and "system alerts," claiming that your computer is infected with spyware. This program, which installs additional spyware apps and Trojans, is a serious security threat to your PC and should be removed immediately. The following threats were updated: Trojan.Downloader.Contravirus Ultimate Defender Trojan.Agent-CND Trojan.Vundo Zlob.Trojan PurityScan Trojan.Downloader.Agent-AFG DriveCleaner 2006 Trojan.Brave-A Trojan.Downloader-Small Trojan.Mezzia MagicAntiSpy Zeno Ultimate Cleaner 2006 NewDotNet AntivirusGold UltimateCleaner 2007 UltimateDefender PC Drive Tool AntivirusPCSuite WinAntiVirus Pro 2007 SpyGuard ADWareBazooka AdwarePunisher RazeSpyware RemedyAntispy VirusProtectPro

Loading...