Below is a MDB signature for a new Russian trojan designed for Ukraine. This one is a fake DDOS tool designed to infect the new Ukraine IT army. Copy the signature(s) to a new Notepad or similar text writer file, and save them in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Make sure the system does not name this file as anything other than Sigfile.mdb because ClamWin will give you an error upon scanning otherwise. Nothing but .mdb should go on the end of the filename.

You can add signatures to the top of an existing MDB signature file (just add one blank line and copy/paste the signatures there—any lines needed will be added if there is more than one signature line). Delete any blank lines between signatures. If you add to the bottom of an existing signature file, you will get a scanning error.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature(s) work. Delete this signature file from the database folder if you get a scan error.

Delete MDB signatures after they are about 6 weeks old because they will be updated by then. The date and time are the last 2 items of the signature.

20480:3a9db37ae76bb4186f2f9960c306937a:Win.Trojan.Fragtor-031022.1656
76288:03b1734765b089f6261eecdb17040c37:Win.Trojan.Fragtor-031022.1653

Regards,