Attor is a spyware that is very low on the malware radar, and it has been targeting high profile Russian speaking individuals for the past 7 years. In case there still are some Russian ClamWin users (perhaps on a server somewhere), below are signatures for this malware.

The MDB signatures are for current versions of the main malware that drop the real infection on a computer. Copy the MDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature(s) to an existing MDB file you already have there. Do not save the file(s) with a .txt or .text extension on the end of the name. Save the file()s as Sigfile.mdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. Signatures may last from one week to a couple of weeks depending upon how lazy the malware authors are about changing their version. MDB signatures may last a bit longer. MDB signatures for a targeted threat like Attor may last a long time--from one month to six months perhaps.

2718720:5f15319a06bf2d71be0011f64259a91f:Win.Trojan.Attor-101119.1355
2609152:e9e62dc54c247274a34f936f1a86c591:Win.Trojan.Attor-101119.1351
2607616:ce0b52f4ca84f06cf5490c0bde92b774:Win.Trojan.Attor-101119.1349
461608:cd2e1b3707a02f4850130ddd1188966a:Win.Trojan.Attor-101119.1346
461824:02f633563ba4490bfa402e535d166c41:Win.Trojan.Attor-101119.1341

Regards,