McAfee AVERT Stinger 2.5.9
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
This version of Stinger includes detection for all known variants, as of November 22, 2005:
We have just released a beta refresh for Windows AntiSpyware (build 1.0.701) onto the download center. This build extends the Windows AntiSpyware (Beta) expiration date to July 31, 2006.
We will be turning on the software update notification early next week, but
you can download the latest beta refresh manually at :
For more information, please monitor the Microsoft anti-malware blog at
Mike Chan [MSFT]
Technical Product Manager (Windows Defender)
Spyware Blaster Update 21.11.05
4988 Total Items in the database = 10 New IE Restricted Sites.
Use the online updating utility within Spyware Blaster to obtain the latest updates.
Ensure that you enable all the latest protection once installed.
According to Microsoft’s Anti-Malware team, definitions 5777 will detect WinNT/F4IRootkit (that’s their name for the rookit that have been shipped as part of hot “Sony’s XCP software”). The Malicious Software Removal Tool will have the detection for this rootkit too and it will be released as scheduled – 2nd Tuesday next month. Read more below:
More here: Sony XPC Rootkit – Key Info & list of 52 CDs
Courtesy MVP Harry Waldron:
One of my friends in the security field shared an excellent summary of the failed attempt by Sony BMG to better protect their music from Copyright violations. As an ethical individual, I respect the intellectual property rights of those in the music industry. The approach Sony used created harm and potential security issues for innocent loyal customers, who purchased their CDs in good faith.
The rootkit may have appeared to be a good technical solution on the drawing board for better protecting digital rights. However, they didn’t exercise risk management and plan well for things that could go wrong, including opening up the customer’s PC to emerging security risks based on new malware that takes advantage of the rootkit architecture.
The following provides an update for this issue with several related links:
|Sony/BMG has just recalled 52 music CDs, all of which came with software which will install “rootkit” spyware programs on your Windows computer. If you have any of these CDs and have played them on your Windows PCs, your computers may be infected with some truly nasty software. This problem does NOT affect Macs or Lunix computers and may not have affected you if you run a secure Windows setup. More than 500,000 computers are known to be infected worldwide. |
List of 52 infected Sony CDs being recalled
More on Sony’s recall notice to replace these CDs at no charge to the owner
The Sony/BMG website has an uninstall program that is supposed to clean up the infection. HOWEVER, as of today, their uninstall program leaves your computer MORE VULNERABLE than before! Check with your anti-virus vendor to see if your AV can clean up this problem.
Microsoft is upgrading their Malicious Software Removal Tool, which is updated once a month. It will soon be updated to remove the XCP modifications that Sony/BMG put on your computer, but it’s not available currently. More information can be found at these sites:
Sony BMG’s copy-protection problems grow
Mark’s Sysinternals Blog Victory!
Sony’s DRM Rootkit: The Real Story
US CERT Advisory
Security issues may surface using Sony’s XCP uninstall tools
Security issues may surface using Sony’s uninstall for SunnComm MediaMax (another DRM)
Rootkits could mean a complete rebuild for your PC
How do we remove rootkits? — There is only one guaranteed way to remove a rootkit. You destroy the system and then rebuild it. There is no other way to reliable remove a rootkit — no other way whatsoever. You can’t delete the file or even reinstall the operating system over the top of the existing OS — which is a horrible practice anyway. It is super important to nuke the system because a rootkit’s primary function is stealth — what is it hiding? Do you know? Usually not. How can you reliably know what it was hiding, what it was compromising or what it was removing?
Key Advice for now: Please do not play CDs using your PC until this issue is fully addressed (or if you do play CDs not on the list, still be vigilant and cautious). It could require rebuilding your PC.
Ideas for Infected Users: If you are currently infected with the XCP software, some standalone tools and removers are available. Do not try to remove this manually unless you have complete directions and you are highly skilled as a computer technician. Your CD-ROM or PC may no longer work properly if you fail to remove the rootkit properly. I believe further “help is on the way“ and infected users might be better served to wait a little while longer until better tools are published.
CWShedder Update [v2.19]
You may obtain the update only by clicking on the update button within your current build to get the zipped new build.
The new build fixes the Apple QuickTime false-positive CWS.Qttask.
NOTE TO USERS OF *ANY* CUSTOM HOSTS FILE, IT MAY BE DESTROYED.