Below is a new HDB signature for another Russian data wiper targeted to Ukraine.

Copy the signature to a new Notepad or similar text writer file, and save the file in the ClamWin database folder as a file named Sigfile.hdb with a file type of “All Files”. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin will give you an error upon scanning files so named.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works—I can sometimes make a mistake. Delete this signature file from the database folder if you get a scan error. You can add signatures to the top of an existing HDB signature file (just add one blank line and copy/paste the signatures there—any lines needed will be added if there is more than one signature line. If you add to the bottom of an existing signature file, you will get a scanning error. Delete any blank lines in the new signature file—that will also give a scanning error.

Delete HDB signatures after a month—the malware probably has been updated by then.

b3370eb3c5ef6c536195b3bea0120929:280064:Win.Trojan.DiskKill-030622.1601

Regards,