Ruleset update: 4xx-2005-12-31 - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Dec 3^rd, 2008, 2:07pm

   Mischel Internet Security Forum
   TrojanHunter
   Ruleset Updates (Moderators: Helena, Gavin_Coe, Magnus)
   Ruleset update: 4xx-2005-12-31

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Ruleset update: 4xx-2005-12-31 (Read 923 times)

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2115

Ruleset update: 4xx-2005-12-31
« on: Dec 31^st, 2005, 12:22am »

Quote

Modify

This update could produce a false alarm, it is quite large Grin

Happy New Year to all

An updated TrojanHunter ruleset, containing 39328 ruleset entries, is available. This update adds 294 new trojan definitions:

Worm.Brontok.107
VB.127
VB.126
VB.125
Webdor
Worm.Bagle.178
Worm.Bobic.105
Worm.Locksky.115
Adware.BetterInternet.125
Adware.Delphin.102
Adware.LOP.151
Agent.393
Agent.392
Agent.391
Agent.390
Agobot.202
Agobot.201
Agobot.200
Agobot.199
Agobot.198
BiFrose.122
BiFrose.121
Botva.100
CIA.142
CIA.141
DarkMoon.419
Delf.152
Delf.151
Delf.150
Delf.149
Delf.148
Dumador.108
GrayBird.101
Hupigon.136
Hupigon.135
Hupigon.134
Hupigon.133
Hupigon.132
NetSnake.101
Optix.104
PcClient.109
PcClient.108
ProRat.203
Prosti.102
PWSteal.Agent.111
PWSteal.Agent.110
PWSteal.Mulin.100
TrojanDownloader.Agent.257
TrojanDownloader.Agent.256
TrojanDownloader.Agent.255
TrojanDownloader.Banload.137
TrojanDownloader.Banload.136
TrojanDownloader.Banload.135
TrojanDownloader.Banload.134
TrojanDownloader.Banload.133
TrojanDownloader.Banload.132
TrojanDownloader.Delf.130
TrojanDownloader.Delf.129
TrojanDownloader.Delf.128
TrojanDownloader.Delf.127
TrojanDownloader.Harnig.106
TrojanDownloader.PassAlert.109
TrojanDownloader.PassAlert.108
TrojanDownloader.PurityScan.102
TrojanDownloader.Small.177
TrojanDownloader.Small.176
TrojanDownloader.Small.175
TrojanDownloader.Tibs.109
TrojanDownloader.VB.112
TrojanDropper.Agent.146
TrojanDropper.Agent.145
TrojanDropper.Delf.130
TrojanDropper.Delf.129
TrojanDropper.Delf.128
TrojanDropper.Delf.127
TrojanDropper.Delf.126
TrojanDropper.Delf.125
TrojanDropper.Delf.124
TrojanDropper.Delf.123
TrojanDropper.Small.128
TrojanDropper.Small.127
TrojanDropper.Small.126
TrojanSpy.Banbra.115
TrojanSpy.Banbra.114
TrojanSpy.Banbra.113
TrojanSpy.Bancos.129
TrojanSpy.Bancos.128
TrojanSpy.Bancos.127
TrojanSpy.Bancos.126
TrojanSpy.Banker.180
TrojanSpy.Banker.179
TrojanSpy.Banker.178
TrojanSpy.Banker.177
TrojanSpy.Banker.176
TrojanSpy.Banker.175
TrojanSpy.Banker.174
TrojanSpy.Banker.173
TrojanSpy.Banker.172
TrojanSpy.Banker.171
TrojanSpy.Banker.170
TrojanSpy.Banker.169
TrojanSpy.Banker.168
TrojanSpy.Banker.167
TrojanSpy.Banker.166
TrojanSpy.Banker.165
TrojanSpy.Banker.164
TrojanSpy.Banker.163
TrojanSpy.Banker.162
TrojanSpy.Banpaes.104
TrojanSpy.Banpaes.103
TrojanSpy.Banpaes.102

(list too long)

Licensed TrojanHunter users can easily update using TrojanHunter's LiveUpdate utility. If you are using the trial version of TrojanHunter, please see http://www.misec.net/trojanhunter/updating/ for instructions on how to update to the latest ruleset.

IP Logged

hayc59
Original Gangster

Vood�� Child�

Gender:

Posts: 1428

Re: Ruleset update: 4xx-2005-12-31
« Reply #1 on: Dec 31^st, 2005, 12:55am »

Quote

Modify

Gavin Thanks!! Grin

Posted at the usual haunts
that are open Tongue

IP Logged

Brandon
Full Member

Gender:

Posts: 246

Re: Ruleset update: 4xx-2005-12-31
« Reply #2 on: Dec 31^st, 2005, 1:31am »

Quote

Modify

Posted at

5Star
MalwareBytes(About Buster)
Atribune
BestTechie
MntOlympus
PCtorium
Tech with DK
TomCoyote
247Fixes
SpyRemoval

IP Logged

ASAP member since 2006 : Malware Complaints : a-squared Team

redwolfe_98
Veteran

Gender:

Posts: 560

Re: Ruleset update: 4xx-2005-12-31
« Reply #3 on: Dec 31^st, 2005, 2:52am »

Quote

Modify

thanks gavin..

no "false-positives" here..

IP Logged

Mike45
Newbie

Where are we going and what's this handbasket for?

Posts: 17

Re: Ruleset update: 4xx-2005-12-31
« Reply #4 on: Dec 31^st, 2005, 2:57am »

Quote

Modify

Good on ya mate! Keep up the good work!

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5817

Re: Ruleset update: 4xx-2005-12-31
« Reply #5 on: Dec 31^st, 2005, 3:12am »

Quote

Modify

Hmmm... I'm only seeing 39325 trojans definitions after this update ? Huh

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

redwolfe_98
Veteran

Gender:

Posts: 560

Re: Ruleset update: 4xx-2005-12-31
« Reply #6 on: Dec 31^st, 2005, 3:16am »

Quote

Modify

me too, siliconman..

i sent gavin an email about this issue..

« Last Edit: Dec 31^st, 2005, 3:28am by redwolfe_98 »

IP Logged

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: Ruleset update: 4xx-2005-12-31
« Reply #7 on: Dec 31^st, 2005, 3:59am »

Quote

Modify

Posted at PCQ&A:
http://www.pcqanda.com/dc/dcboard.php?az=show_topic&forum=2&topi c_id=394002&mesg_id=394002&page=

chachazz Posted at Wilders:
http://www.wilderssecurity.com/showthread.php?t=113579

IP Logged

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2115

Re: Ruleset update: 4xx-2005-12-31
« Reply #8 on: Dec 31^st, 2005, 4:01am »

Quote

Modify

Manually download the update now ?

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5817

Re: Ruleset update: 4xx-2005-12-31
« Reply #9 on: Dec 31^st, 2005, 4:11am »

Quote

Modify

A manual download still only shows 39325 definitions

-- General ---------------------------------
Ruleset datestamp : Saturday, December 31, 2005
Scan kernel : 4.0 (Cobra)
Ruleset entries : 39325
Trojan definitions : 13205
Detection rules : 26120

+-- Loaded rulesets -------------------------
Number of loaded rulesets : 4
Rulesets :

0: Trojan detection rules 3
1: Trojan detection rules
2: Trojan detection rules 2
3: Custom detection rules

+-- Trojan definitions ----------------------
GTrojans.trf : 1886 definitions
Trojans.trf : 10534 definitions
ATrojans.trf : 785 definitions
CustomTrojans.trf : 0 definitions

+-- Registry checker ------------------------
Rule description : Registry Rules
Rule type : Registry
Number of rules : 2089
Loaded rule files :

GRegistryRules.trf 0 rules
RegistryRules.trf 1071 rules
ARegistryRules.trf 1018 rules
CustomRegistryRules.trf 0 rules

+-- Inifile checker -------------------------
Rule description : Inifile Rules
Rule type : Inifile
Number of rules : 71
Loaded rule files :

GInifileRules.trf 0 rules
InifileRules.trf 71 rules
AInifileRules.trf 0 rules
CustomInifileRules.trf 0 rules

+-- File checker ----------------------------
Rule description : File Rules
Rule type : File
Number of rules : 2745
Loaded rule files :

GFileRules.trf 248 rules
FileRules.trf 1947 rules
AFileRules.trf 550 rules
CustomFileRules.trf 0 rules

+-- Advanced File Checker -------------------
Rule description : Advanced File Rules
Rule type : NewFile
Number of rules : 16256
Loaded rule files :

GNewFileRules.trf 1654 rules
NewFileRules.trf 13255 rules
ANewFileRules.trf 1347 rules

+-- Port checker ----------------------------
Rule description : Port Rules
Rule type : Port
Number of rules : 591
Loaded rule files :

GPortRules.trf 0 rules
PortRules.trf 588 rules
APortRules.trf 3 rules
CustomPortRules.trf 0 rules

+-- Process checker -------------------------
Rule description : Process Rules
Rule type : Process
Number of rules : 4107
Loaded rule files :

GProcessRules.trf 0 rules
ProcessRules.trf 3051 rules
AProcessRules.trf 1056 rules
CustomProcessRules.trf 0 rules

+-- Script checker --------------------------
Rule description : Script Rules
Rule type : Script
Number of rules : 261
Loaded rule files :

GScriptRules.trf 2 rules
ScriptRules.trf 254 rules
AScriptRules.trf 5 rules
CustomScriptRules.trf 0 rules

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

Catweazle
Full Member

I love YaBB 1G - SP1!

Gender: male

Posts: 128

Re: Ruleset update: 4xx-2005-12-31
« Reply #10 on: Dec 31^st, 2005, 4:21am »

Quote

Modify

Sorry, i mustr ask again here .....?

I am uptodate this the TH Updates Huh

+-- General ---------------------------------
Ruleset datestamp : Samstag, 31. Dezember 2005
Scan kernel : 4.0 (Cobra)
Ruleset entries : 39325
Trojan definitions : 13205
Detection rules : 26120

+-- Loaded rulesets -------------------------
Number of loaded rulesets : 4
Rulesets :

0: Trojan detection rules 3
1: Trojan detection rules
2: Trojan detection rules 2
3: Custom detection rules

+-- Trojan definitions ----------------------
GTrojans.trf : 1886 definitions
Trojans.trf : 10534 definitions
ATrojans.trf : 785 definitions
CustomTrojans.trf : 0 definitions

+-- Registry checker ------------------------
Rule description : Registry Rules
Rule type : Registry
Number of rules : 2089
Loaded rule files :

GRegistryRules.trf 0 rules
RegistryRules.trf 1071 rules
ARegistryRules.trf 1018 rules
CustomRegistryRules.trf 0 rules

+-- Inifile checker -------------------------
Rule description : Inifile Rules
Rule type : Inifile
Number of rules : 71
Loaded rule files :

GInifileRules.trf 0 rules
InifileRules.trf 71 rules
AInifileRules.trf 0 rules
CustomInifileRules.trf 0 rules

+-- File checker ----------------------------
Rule description : File Rules
Rule type : File
Number of rules : 2745
Loaded rule files :

GFileRules.trf 248 rules
FileRules.trf 1947 rules
AFileRules.trf 550 rules
CustomFileRules.trf 0 rules

+-- Advanced File Checker -------------------
Rule description : Advanced File Rules
Rule type : NewFile
Number of rules : 16256
Loaded rule files :

GNewFileRules.trf 1654 rules
NewFileRules.trf 13255 rules
ANewFileRules.trf 1347 rules

+-- Port checker ----------------------------
Rule description : Port Rules
Rule type : Port
Number of rules : 591
Loaded rule files :

GPortRules.trf 0 rules
PortRules.trf 588 rules
APortRules.trf 3 rules
CustomPortRules.trf 0 rules

+-- Process checker -------------------------
Rule description : Process Rules
Rule type : Process
Number of rules : 4107
Loaded rule files :

GProcessRules.trf 0 rules
ProcessRules.trf 3051 rules
AProcessRules.trf 1056 rules
CustomProcessRules.trf 0 rules

+-- Script checker --------------------------
Rule description : Script Rules
Rule type : Script
Number of rules : 261
Loaded rule files :

GScriptRules.trf 2 rules
ScriptRules.trf 254 rules
AScriptRules.trf 5 rules
CustomScriptRules.trf 0 rules

Catweazle

IP Logged

redwolfe_98
Veteran

Gender:

Posts: 560

Re: Ruleset update: 4xx-2005-12-31
« Reply #11 on: Dec 31^st, 2005, 5:40am »

Quote

Modify

catweazle, it looks like you have the latest update , if that is what you are asking..

i don't think that there is anything to worry about.. another update will be put out, eventually..

IP Logged

roddy32
Original Gangster

Gender:

Posts: 1153

Re: Ruleset update: 4xx-2005-12-31
« Reply #12 on: Dec 31^st, 2005, 5:49am »

Quote

Modify

Thanks Gavin, Posted at numerous places.

IP Logged

Microsoft MVP - Windows Security

NICK_ADSL_UK
Senior Member

Gender:

Posts: 319

Re: Ruleset update: 4xx-2005-12-31
« Reply #13 on: Dec 31^st, 2005, 7:25am »

Quote

Modify

Many thanks Gavin!

Posted to major geeks and the official Microsoft windows xp forum

Happy new year to you all!

IP Logged

Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Gavin_Coe
Trojan Analyst

Gender:

Posts: 2115

Re: Ruleset update: 4xx-2005-12-31
« Reply #14 on: Dec 31^st, 2005, 10:34am »

Quote

Modify

Test update with JUST new rules, is available now.

This might work.. well, it should work fine. Like an incremental update too Wink

It seemingly contains nothing, but TH doesn't count new rules added to old trojan names. It actually has a few memory sigs since I now worked out how to do them pretty quickly. LOTS more memory sigs going into the guard soon

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register