Below are MDB signatures for the BlackGuard infostealer, a new, cheap malware with many uses.

Copy the signature(s) to a new Notepad or similar text writer file, and save it in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Do not save it as a text file. The file name should be Sigfile.mdb and nothing else. The date and time are the last two items in the signature.

For multiple signatures, put each signature on a separate line in a Notepad file. You can add multiple signatures to the top of an existing MDB signature file. Copy the signatures, add one blank line to the top of the file and paste the signatures there—any additional lines needed will be added. Do not add to the bottom of an existing signature file or you will likely get a ClamWin scanning error. Delete any blank lines between signatures in the file before saving.

After you save the signature file in the ClamWin database folder, scan something with ClamWin to make sure the signature(s) work. If you get a scan error, accept my apology, and delete the signature file from the database folder or delete only the signatures that you just posted to an existing MDB file and re-save it after removing any blank lines in the signature file.

After 4 weeks, the malware will probably have been updated, so you can delete signatures then.

1838592:abf800937c42d9906e4f4a9c546c0fec:Win.Infostealer.BlackGuard-040122.1227
1873216:b0e7c7327ca8944e6295b0d3dd430ea2:Win.Infostealer.BalckGuard-040122.1235
1837568:5beca0abd05008f26258d3254fdc3904:Win.Infostealer.BlackGuard-040122.1237
1797120:8e625cb159c9576f9a3a49d8a7ac13bc:Win.Infostealer.BlackGuard-040122.1240
1353728:f88b4145373cb818dcdc50e7efb66d18:Win.Infostealer.BlackGuard-040122.1241
1915904:44b22da1a662ffa5d68ec96b256fe018:Win.Infostealer.BlackGuard-040122.1243
1408000:b0d67618e900e306dce2a56ccb811995:Win.Infostealer.BlackGuard-040122.1244

Regards,