14.11.2012 Dr.Web Anti-virus 8 for Windows delivers new advantages to users
Russian anti-virus vendor Doctor Web is pleased to announce therelease of the eighth version of Dr.Web for Windows and Dr.Web Security Space. The new installer, enhanced anti-rootkit, advanced preventive protection, instant web link checks, upgraded parental control, and new control center are available to all users starting today.
New installer. Dr.Web 8.0’s new installer does not use the Microsoft Windows Installer; no additional services are required to install the product. It not only protects the anti-virus from the moment when installation begins, but also reduces deployment time, since scanning is no longer performed during setup.
New anti-rootkit. Now the search for and neutralization of complex threats (rootkits, bootkits, etc.) is carried out in background mode. The resident background scan routines search for active threats among critical system objects and in the BIOS. An intelligent assessment of hardware capabilities ensures that scanning does not interfere with the user experience. The integration of the installation package (installer) with the updated anti-rootkit makes it possible to repel active threats and cure a PC during installation, even if the computer is infected with sophisticated malware.
Preventive protection sub-system. Now Dr.Web can block automatic modifications of critical Windows objects, thus ensuring preventive protection from infection. For various applications and services, a user can grant or deny access to certain Windows objects in real time and foil attempts by malware to make unwanted changes in a system.
The new service Dr.Web Cloud is implemented in the HTTP monitor and the Parental Control module of Dr.Web Security Space. It helps prevent infection even from malicious sites that have not yet been added to the Dr.Web database. When an attempt is made to go to an infected website, the URL is sent to the Doctor Web server for examination in real time.
Updated Parental Control. It is now possible to customize parental control settings individually for each computer user. Internet and PC usage time can also be set for each profile separately. The Parental Control also makes it possible to block access to devices and peripherals such as flash drives, printers, external hard disks, and USB devices which allows sensitive data to be protected from unauthorized access, copying, or deletion.
A single control center for all the components (except the scanner) is another innovation of Dr.Web 8.0. All component settings are available in a single window which makes it easier to adjust the application's parameters.
01.11.2012 Dr.Web emergency recovery products updated
Russian anti-virus company Doctor Web has updated its emergency recovery tools Dr.Web LiveCD and Dr.Web LiveUSB to version 6.0.2. The products incorporate an entire set of new features.
After booting up, users can edit the Windows Registry, whose branches and keys are available as files and directories, and make use of a utility that automatically fixes the Registry after it has been modified by malware.
The updated products also boast multi-thread scanning that speeds up a system check significantly. Boot sector are scanned too.
In the start menu, you can also choose between English and Russian interface languages.
26.10.2012 Dr.Web is Windows 8 ready
Russian anti-virus company Doctor Web is informing users that its Dr.Web products are fully compatible with Windows 8.
A recent update released for the seventh version of the home products, Dr.Web for Windows and Dr.Web Security Space, and also for the business products in Dr.Web Desktop Security Suite, which supports centralized administration, has already ensured Dr. Web’s compatibility with Windows 8. The installation process for Dr.Web under Windows 8 is no different from installing earlier versions of Microsoft OSs.
Doctor Web wishes its users the best-ever uninterrupted experience with Windows 8!
24.08.2012 Criminals fake Amazon.com to send malicious spam
Doctor Web is warning users about malicious spam, allegedly from Amazon.com, that has been spreading widely since October 22. These messages prompt the recipient to download a license for Microsoft Windows; however, by clicking on the link, the user infects the system with two malicious programs simultaneously (Trojan.Necurs.97 and BackDoor.Andromeda.22). They stand by for the criminals’ command to smuggle other malware onto victim machines.
The fake messages have the subject "Order N" (with “N” being a random number) and incorporate the following text:
You can download your Microsoft Windows License here.
Trojan.Necurs.97 is capable of self-replication and infects removable drives and shared network resources. When launched, the Trojan horse creates an executable file and makes changes to the Windows registry so that the file is launched at Windows startup. Then the Trojan searches the memory for running processes of Internet Explorer and Mozilla Firefox, and if successful, attempts to inject its code into them. After that Trojan.Necurs.97 attempts to copy itself to all available removable drives as a file with a random name, and creates an autorun.inf file in the drive's root folder to be launched automatically every time the device is plugged into a computer.
Trojan.Necurs.97 connects to remote servers controlled by attackers, reports its successful installation in the infected system, and waits for commands which include commands to download different applications to the compromised system and transfer files from the system to a remote host.
Doctor Web advises users to be careful and refrain from clicking on links in emails from unknown senders.
09.10.2012 Trojan.Proxy.23012 – universal spam machine
Russian anti-virus company Doctor Web is warning users about the malicious program Trojan.Proxy.23012, which is helping attackers carry out mass spam mailings. This Trojan has a number of features that distinguish it from other malware.
Trojan.Proxy.23012 is downloaded to infected computers by other malicious programs such as Trojan.PWS.Panda.2395. The Trojan executable file is compressed with the same viral packer that is used by Trojan.PWS.Panda programs, also known as Zeus and Zbot, so often it is detected by their signature.
-> more infoArchive (extract only):
28.02.2012 Android.Anzhu—new backdoor for Android devices
The Russian anti-virus vendor Doctor Web warns Internet users of a new backdoor for Android. Android.Anzhu can implement a variety of directives received from a remote server, covertly install other applications and change browser bookmarks. -more-
27.02.2012 Trojan.Tenagour.9 helps intruders launch DDoS-attacks
Doctor Web—the Russian anti-virus vendor—warns users of the Trojan.Tenagour.9 malware. This Trojan horse is an advanced tool for criminals willing to carry out DDoS-attacks. -more-
14.02.2012 Hunt for BackDoor.Volk underway
Doctor Web—the Russian anti-virus developer company—warns users of a Trojan horse family added to the Dr.Web virus database as BackDoor.Volk. These Trojan horses modify the hosts file and execute commands received from a remote server. Interestingly, the Trojan horses supposedly originate in South America. -more-
02.02.2012 New Trojan horse threatens Facebook users
Doctor Web—the Russian anti-virus vendor—warns users of a Trojan.OneX program that uses infected machines to send spam via Facebook and messaging clients. Currently, two modifications of this Trojan horse with similar features are found regularly in the wild. Given the spreading scheme the number of victims can be extremely large. -more-
27.01 Trojan.Winlock.5490 extorts money from French users
The Russian anti-virus vendor Doctor Web warns Internet users of the new malignant program that blocks access to Windows. This Trojan horse has been dubbed Trojan.Winlock.5490. The malicious application poses a danger to systems running Microsoft Windows with French locale set as default system language. -more-