Below are some more HDB signatures for Russian data wipers. Copy the signature(s) to a new Notepad or similar text writer file, and save the file in the ClamWin database folder as a file named Sigfile.hdb with a file type of “All Files”. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin will give you an error upon scanning files so named.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works—I don't have ClamWin on this Linux computer, and sometimes I make a mistake. Delete this signature file from the database folder if you get a scan error. You can add signatures to the top of an existing HDB signature file (just add one blank line and copy/paste the signatures there—any lines needed will be added if there is more than one signature line. If you add to the bottom of an existing signature file, you will get a scanning error. Before saving, delete any blank lines in the new signature file—that will also give a scanning error.

Delete MDB or HDB signatures after a month—the malware is usually updated by then, but MDB hashes may be reused in more malware.

Regards,

a952e288a1ead66490b3275a807f52e5:11119:Win.Trojan.Killdisk-030522.1609
231b3385ac17e41c5bb1b1fcb59599c4:9904:Zip.Trojan.Killdisk-030522.1612
095a1678021b034903c85dd5acb447ad:10956:Zip.Trojan.Killdisk-030522.1614
eb845b7a16ed82bd248e395d9852f467:9626:Zip.Trojan.Killdisk-030522.1616