ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
New Grand Crab Ransom Version Attacking South Korean Users
GuitarBob


Joined: 09 Jul 2006
Posts: 4376
Location: USA
Reply with quote
If there are any South Korean ClamWin users, there is a new version of the Grand Crab ransomware that is attacking that country. The malware is in .EGG archive files, so you should include *.egg in your list of extensions for ClamWin to scan. Clam AV has a signature for the main executable, but it does not have signatures for a couple of link files that are also involved. Copy the signatures below into a Notepad file and save it as Sigfile.hdb. Do not save it as a text file. Paste the Sigfile.hdb into the ClamWin DB folder. Keep it for about 4 weeks, and then delete it--by then there will probably be a new version of the malware.

37795ac41c9b35035457a927978fcdd3:1163:Win.Trojan.Agent-082218.1044
8e5f4903cad2b129eef0beb7001db3d7:133081:Win.Trojan.Agent-082218.1048

Regards,
View user's profileSend private message
New Grand Crab Ransom Version Attacking South Korean Users
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic