Ruleset update: 4xx-2006-01-09 - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Jan 6^th, 2009, 6:25pm

   Mischel Internet Security Forum
   TrojanHunter
   Ruleset Updates (Moderators: Helena, Gavin_Coe, Magnus)
   Ruleset update: 4xx-2006-01-09

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Ruleset update: 4xx-2006-01-09 (Read 838 times)

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2161

Ruleset update: 4xx-2006-01-09
« on: Jan 10^th, 2006, 7:50am »

Quote

Modify

An updated TrojanHunter ruleset, containing 41540 ruleset entries, is available. This update adds 186 new trojan definitions:

Agent.423
Agent.422
Agent.421
Agobot.215
Agobot.214
Agobot.213
AphexSpy.100
Bandito.128
BAT.KillFiles.101
BiFrose.132
BiFrose.131
BiFrose.130
Codbot.136
CX2.100
Delf.175
Delf.174
Delf.173
Delf.172
Dragonbot.101
Dumador.112
EggDrop.173
IRCBot.174
IRCBot.173
IRCBot.172
IRCBot.171
Keylogger.SC.225
Landis.103
Leniv.100
Monitor.Ardamax.117
NinjaSpy.100
PcClient.120
PG.100
ProAgent.127
Protux.100
PWSteal.Agent.122
PWSteal.Delf.107
PWSteal.Delf.106
PWSteal.Hangame.101
PWSteal.LdPinch.117
PWSteal.Lineage.122
PWSteal.Maha.102
PWSteal.Maha.101
PWSteal.Sagic.104
TrojanClicker.Small.115
TrojanDownloader.Agent.298
TrojanDownloader.Agent.297
TrojanDownloader.Banload.174
TrojanDownloader.PassAlert.119
TrojanDownloader.PassAlert.118
TrojanDownloader.PassAlert.117
TrojanDownloader.PassAlert.116
TrojanDownloader.Small.219
TrojanDownloader.VB.126
TrojanDropper.Agent.169
TrojanDropper.Agent.168
TrojanDropper.Agent.167
TrojanDropper.Delf.150
TrojanDropper.Small.146
TrojanDropper.VBS.Inor
TrojanProxy.Small.109
TrojanSpy.Banbra.124
TrojanSpy.Bancos.160
TrojanSpy.Bancos.159
TrojanSpy.Banker.260
TrojanSpy.Banker.259
TrojanSpy.Banker.258
TrojanSpy.Banker.257
TrojanSpy.Delf.111
TrojanSpy.Outside.120
TrojanClicker.Small.114
TrojanDownloader.Delf.153
TrojanDownloader.Delf.152
TrojanDownloader.Delf.151
TrojanDownloader.Harnig.112
TrojanDownloader.Qoologic.116
TrojanDownloader.Small.218
TrojanDownloader.Small.217
TrojanDownloader.Small.216
TrojanDownloader.Small.215
TrojanDownloader.VB.125
TrojanDownloader.VB.124
TrojanDownloader.WMS.103
TrojanDropper.Cool.100
TrojanDropper.Joiner.108
TrojanDropper.Junta.109
TrojanDropper.Junta.108
TrojanDropper.Pakes.102
TrojanDropper.SE.100
TrojanDropper.Small.145
TrojanProxy.Agent.132
TrojanProxy.Inspir.100
TrojanSpy.Agent.120
TrojanSpy.Agent.119
TrojanSpy.Agent.118
TrojanSpy.Banker.256
TrojanSpy.Goldun.123
TrojanSpy.Hookit.100
TrojanSpy.IAmBigBrother.101
TrojanSpy.KaiserLog.100
TrojanSpy.KeyGhost.100
TrojanSpy.Keylogger.111
TrojanSpy.RemoteKeyLog.100
TrojanSpy.Small.114

(list too long)

Licensed TrojanHunter users can easily update using TrojanHunter's LiveUpdate utility. If you are using the trial version of TrojanHunter, please see http://www.misec.net/trojanhunter/updating/ for instructions on how to update to the latest ruleset.

IP Logged

hayc59
Original Gangster

Vood�� Child�

Gender:

Posts: 1430

Re: Ruleset update: 4xx-2006-01-09
« Reply #1 on: Jan 10^th, 2006, 8:16am »

Quote

Modify

Thanks Gavin Grin

Posted at the usual spots

IP Logged

roddy32
Original Gangster

Gender:

Posts: 1188

Re: Ruleset update: 4xx-2006-01-09
« Reply #2 on: Jan 10^th, 2006, 9:27am »

Quote

Modify

Thanks Gavin, also posted at the usual places.

IP Logged

Microsoft MVP - Windows Security

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: Ruleset update: 4xx-2006-01-09
« Reply #3 on: Jan 10^th, 2006, 9:36am »

Quote

Modify

Posted to PCQandA:
http://www.pcqanda.com/dc/dcboard.php?az=show_topic&forum=2&topi c_id=395406&mesg_id=395406&page=

roddy Posted to Wilders:
http://www.wilderssecurity.com/showthread.php?t=115088

IP Logged

teanick
Newbie

Gender:

Posts: 17

Re: Ruleset update: 4xx-2006-01-09
« Reply #4 on: Jan 10^th, 2006, 9:38am »

Quote

Modify

The 2006-01-09 Update detected at C:\windows\system, a file "actmovie.exe", which Trojan Hunter shows as being
worm.finaldo.100

I understand that "actmovie.exe" is a legitmate process, Microsoft Active Movie.

This looks like a false positive in the latest TH ruleset.

I am using Windows 98.

IP Logged

''When one door closes another door opens; but we so often look so long and so regretfully upon the closed door that we do not see the ones which open for us.'' - Alexander Graham Bell

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: Ruleset update: 4xx-2006-01-09
« Reply #5 on: Jan 10^th, 2006, 10:11am »

Quote

Modify

on Jan 10^th, 2006, 9:38am, teanick wrote:

This looks like a false positive in the latest TH ruleset.

Hello teanick, I sent Gavin/Magnus an email about your post; hopefully the f.p. {if that is what it is} will be fixed shortly.

For the future, it might be better {more easily noticed} to start a thread in the TH Scanner forum than to post here where threads are normally just for new ruleset announcements. Thanks Wink