Below is another MDB signature for Russian malware intended to wipe Ukranian computers. Copy the signature(s) to a new Notepad or similar text writer file, and save the file in the ClamWin database folder as a file named Sigfile.mdb with a file type of “All Files”. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin will give you an error upon scanning files so named.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works—I don't have ClamWin on this Linux computer, and sometimes I make a mistake. Delete this signature file from the database folder if you get a scan error. You can add signatures to the top of an existing MDB signature file (just add one blank line and copy/paste the signatures there—any lines needed will be added if there is more than one signature line. If you add to the bottom of an existing signature file, you will get a scanning error. Delete any blank lines in the new signature file—that will also give a scanning error.


Delete MDB or HDB signatures after a month—the malware is updated by then.

115465:1ca8bd2ab668c88c77b2c039c9a21e20:Win.Trojan.HermeticWiper-022722.1300


Regards,