Below are two MDB signatures of Russian malware intended to wipe Ukranian computers. Copy the signature(s) to a new Notepad or similar text writer file, and save the file as a file named Sigfile.mdb with a file type of “All Files” in the ClamWin database folder. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin will give you an error upon scanning files so named.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works—I don't have ClamWin on this Linux computer, and sometimes I make a mistake. Delete this signature file from the database folder if you get a scan error. You can add signatures to the top of an existing MDB signature file (just add one blank line and copy the signatures there—any lines needed will be added if there is more than one signature}. If you add to the bottom of an existing signature file, you will get a scanning error. Delete any blank lines between this signature and the old signatures—that will also give a scanning error.

I hope this helps someone. Signatures last for about a month. Delete them from the database folder after that.

11776:2036a3ec8d69332516af7a45bd0e95d1:Win.Trojan.MBRkiller.022522.0846
16896:70b9a687312dfd4588103a2ed8985fdb:Win.Trojan.Downloader.022522.0848

Regards,