ClamWin Free Antivirus :: View topic - MDB Signatures For New North Korean Malware

Posted: Sat Feb 15, 2020 2:54 am

Below are several signatures for new North Korean malware for ClamWin/Clam Sentinel users who might be in danger from them--primarily businesses/organizations/users that have information on their computers that might be of interest to North Korea. I suppose this applies to USA, South Korea, Japan, Taiwan, Australia and some others.

Copy the MDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature(s) to an existing MDB file you already have there. Do not save the signature(s) with a .txt or .text extension on the end of the name. Save the file(s) as Sigfile.mdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the file/entry if it does not. Signatures may last from one week to a couple of weeks depending upon how lazy the malware authors are about changing their version. MDB signatures may last longer--up to a month say.

51712:d7c48cf554eae1f467a10903d05d84fc:Win.Trojan.Agent_NK-021420-1846
73728:70a3e4024020c2792542fcb13130235f:Win.Trojan.Agent_NK-021420-1844
80896:8480a50e20d57bcb86fa649691ca9e0c:Win.Trojan.Agent_NK-021420-1842
89088:88425c71e7e293d43db9868e4693b365:Win.Trojan.Agent_NK-021420-1840

Regards,

Posted: Sun Oct 31, 2021 1:18 pm

GuitarBob wrote:

Below are several signatures for new North Korean malware for ClamWin/Clam Sentinel users who might be in danger from them--primarily businesses/organizations/users that have information on their computers that might be of interest to North Korea. I suppose this applies to USA, South Korea, Japan, Taiwan, Australia and some others.

Copy the MDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signatu https://mobdro.onl/ re(s) to an existing MDB file you already have there. Do not save the signature(s) with a .txt or .text extension on the end of the name. Save the file(s) as Sigfile.mdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with Cla https://vidmate.onl/ mWin to make sure the signature works--delete the file/entry if it does not. Signatures may last from one week to a couple of weeks depending upon how lazy the
malware authors are about changing their version. MDB signatures may last longer--up to a month say.

51712:d7c48cf554eae1f467a10903d05d84fc:Win.Trojan.Agent_NK-021420-1846
73728:70a3e4024020c2792542fcb13130235f:Win.Trojan.Agent_NK-021420-1844
80896:8480a50e20d57bcb86fa649691ca9e0c:Win.Trojan.Agent_NK-021420-1842
89088:88425c71e7e293d43db9868e4693b365:Win.Trojan.Agent_NK-021420-1840

Regards,

I have just installed ClamWinAV and I am unable to update the daily virus signature updates or the main updates. I keep getting failed getfile messages in the textbox.

What is the url to download updates from? I am located on the West Coast of USA. I changed the url to one I found on the forum after doing a search, but it's not working either (it's from 2006.)

Posted: Mon Nov 01, 2021 6:46 pm

The URL for the Clam AV signatures is in the ClamWin Internet updates tab, but it is in every ClamWin copy that is downloaded and set up. There are many Clam AV mirrors that push the signatures out to users, including ClamWin users, so that should not be the problem.

Set the ClamWin update preference to hourly and wait a couple of hours to see if you are updated. If that doesn't work, then delete everything in the Clam AV signature database and then perform a manual update. That usually works.

Let us know how it goes.

Thanks for using ClamWin!

Regards,