 |
 | MDB Signature File For Current Malware |  |
|
GuitarBob
|
|
Below are several MDB signatures for Moriya rootkit/spy malware and one for Ryuk ransomware. These are primarily used to infect organizations, businesses, and government offices (not individuals). Clam AV does not have signatures for these versions of malware-especially Moriya, so I'm going to put them up for any users that would like them.
Copy the MDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing MDB file if you already have one in the folder. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text from being used at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the signature file if it does not or remove the signature from an existing MDB file if you put it there. Signatures may last up to a week or longer, depending upon how lazy the malware authors are about changing their version. MDB signatures are signatures for a section of a malware file, and they can sometimes last up to a month, especially if the section is re-used in another malware. You can probably delete these signatures after about a month--the last section of each signature tell the month/date/time the signature was prepared (such as May 8 2021 at 9:30 pm. 77312:514c2bd05e020356fa0e46edde549460:Win.Trojan.Agent-050821.2130 1536:d415c50ef27bfe26468d1b4530ed57cb:Win.Trojan.Agent-050821.2128 20480:96941c31369560400603095ed3b94c5a:Win.Trojan.Agent-050821.2126 43944:7cb2ac0e159a483529b3a2c85ad8e786:Win.Trojan.Agent-050821.2124 129024:4342a740b1dbadebd6c1bd103a77541c:Win.Trojan.Inject-050821.2122 24576:b302ea1f2176ebe7f43de6edc7971598:Win.Trojan.Agent-050821.2119 12288:6aed0c8aff373de1d07bff8a849ac7b0:Win.Trojan.Agent-050821.2117 62976:346b8312643c72d2d4b5b6fd7af19c90:Win.Trojan.Moriya-050821.2113 84992:9adcf3a14aca561770b7a71de27b3a84:Win.Trojan.Ryuk-050821.1333 Regards, |
|||||||||||
|
|||||||||||||
 |
 | MDB Signature File For Current Malware | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.