# VIRUS-PATTERNS.RC
#
# Contains recipes for specific viruses that propogate
# via email. These recipes are written to match strings
# from the actual virus code rather than matching header
# and text message patterns, so there should be zero
# false positives.
#
# NOTE: These recipes are *NOT* a substitute for a good
# antivirus on your workstation or laptop -- they catch
# *only* email viruses, and there are a lot of other
# viruses out there. These recipes are here because
# email viruses are also spam and can fill up your mailbox
# quickly, especially during a virus outbreak.
#
# Last Updated 10/29/05
# AdClicker-FB Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ABEICACJVAD0[^ ]*$
* 300^0 ^[^ ]*IAIp4AEpZcP8[^ ]*$
* 300^0 ^[^ ]*CgICACKdAAbG[^ ]*$
* 300^0 ^[^ ]*2AjRP8ICAD9k[^ ]*$
* 300^0 ^[^ ]*X1NJTktfQWRk[^ ]*$
{
SBLOG="A1S-AdClicker-FB Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Aliz Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 400^0 ^[^ ]*Z48GGVZ[^ ]*$
* 400^0 ^[^ ]*kZ8x\+Ak[^ ]*$
* 400^0 ^[^ ]*QCCZAWJ[^ ]*$
{
SBLOG="A1S-Aliz Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Anset Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 400^0 ^webmaster@avnetwork\.de$
* 400^0 ^http://www\.ants-online\.de$
* 1100^0 name=\"ants3set\.exe\"
* 500^0 ^[^ ]*MABVUFghDAkFCBULeXJUtAuIOwsHAJqkAgAAqAYAJh4AYFtm/v8EEEAAAwdC[^ ]*$
* 500^0 ^[^ ]*b29sZWFuAQAJKgVG+9/e/2Fsc2UEVHJ1ZY0bLCIBB0ludGVnZXIEQs3K72+A[^ ]*$
* 500^0 ^[^ ]*/wF/i8BELgRCeW//aUZ+tgaQWCdXb3JkA/9s5rd3+QhDYWlurwUv//+QhHb7[^ ]*$
* 500^0 ^[^ ]*7fsKBlN0ci1nkBYLCldpZGUfoGbNFNzlDAdWaWHvBvgBthz2Bj4EF6g4tAbN[^ ]*$
{
SBLOG="A1S-Anset Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Apost Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZnBPD2Y[^ ]*$
* 300^0 ^[^ ]*AABWQjU[^ ]*$
* 300^0 ^[^ ]*ZgBFAHg[^ ]*$
* 300^0 ^[^ ]*AGUAYwB[^ ]*$
* 300^0 ^[^ ]*dmJhSHJ[^ ]*$
{
SBLOG="A1S-Apost Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Avron (Lirva) Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*IHBhY2t[^ ]*$
* 300^0 ^[^ ]*Yiudflj[^ ]*$
* 300^0 ^[^ ]*UEKOkBE[^ ]*$
* 300^0 ^[^ ]*BQolLDs[^ ]*$
* 300^0 ^[^ ]*OIxrCMs[^ ]*$
* 300^0 ^[^ ]*LHR6U3d[^ ]*$
* 300^0 ^[^ ]*726CDaY[^ ]*$
* 300^0 ^[^ ]*bGoqNFm[^ ]*$
* 300^0 ^[^ ]*zMzMzMz[^ ]*$
* 300^0 ^[^ ]*fbi5EgA[^ ]*$
* 300^0 ^[^ ]*RcZFxUb[^ ]*$
* 300^0 ^[^ ]*/wAAAMH[^ ]*$
* 300^0 ^[^ ]*/1D/FTA[^ ]*$
{
SBLOG="A1S-Avron/Lirva Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Backdoor Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*mcp85VnoHnJD[^ ]*$
* 300^0 ^[^ ]*jaH4qduQ60wM[^ ]*$
* 300^0 ^[^ ]*tK8fGFZ0gbii[^ ]*$
* 300^0 ^[^ ]*T6KtZkWDRuyN[^ ]*$
* 300^0 ^[^ ]*3TIAiYHwNAPW[^ ]*$
* 300^0 ^[^ ]*vGfwrj4VlgqR[^ ]*$
* 300^0 ^[^ ]*NsNYr0AeHBvn[^ ]*$
* 300^0 ^[^ ]*2EpL8ptnBqnC[^ ]*$
* 300^0 ^[^ ]*aGO624PCJQ8Y[^ ]*$
* 300^0 ^[^ ]*VTN29Avyb2ms[^ ]*$
* 300^0 ^[^ ]*PcOvsMWvqaf0[^ ]*$
* 300^0 ^[^ ]*VJqN9IBBTqDj[^ ]*$
* 300^0 ^[^ ]*r8RP0E5yrHbh[^ ]*$
* 300^0 ^[^ ]*U4LBsQg82bv0[^ ]*$
* 300^0 ^[^ ]*FGJr0ZY6msyD[^ ]*$
{
SBLOG="A1S-Backdoor Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# BadTrans II
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*bXcD6Ga[^ ]*$
* 300^0 ^[^ ]*Yz1rtU0[^ ]*$
* 300^0 ^[^ ]*VHRSPOb[^ ]*$
* 300^0 ^[^ ]*\+aZQuxC[^ ]*$
* 300^0 ^[^ ]*O/h0c4s[^ ]*$
{
SBLOG="A1S-BadTrans II Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-A Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*oHQAAx0X[^ ]*$
* 300^0 ^[^ ]*F8FDoyhs[^ ]*$
* 300^0 ^[^ ]*yDxOxWU2[^ ]*$
* 300^0 ^[^ ]*9e6yEKwH[^ ]*$
* 300^0 ^[^ ]*l0Boveis[^ ]*$
{
SBLOG="A1S-Bagle-A Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*t34Phvc0XS[^ ]*$
* 300^0 ^[^ ]*RwTR3g5Te[^ ]*$
* 300^0 ^[^ ]*QpjEWJLZXn[^ ]*$
* 300^0 ^[^ ]*dHSJxQHbd[^ ]*$
* 300^0 ^[^ ]*QYXJhbXMA[^ ]*$
{
SBLOG="A1S-Bagle-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-C Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Zikj7gPnoJ9N[^ ]*$
* 300^0 ^[^ ]*QNJLIOMjgHvR[^ ]*$
* 300^0 ^[^ ]*5y5VueRAvkIA[^ ]*$
* 300^0 ^[^ ]*foHgdNjkVUWz[^ ]*$
* 300^0 ^[^ ]*N7LoRergSyWW[^ ]*$
{
SBLOG="A1S-Bagle-C Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-D Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*IEWrN17AUDGK[^ ]*$
* 300^0 ^[^ ]*7uzvwTWByWAV[^ ]*$
* 300^0 ^[^ ]*woZowHgVaOla[^ ]*$
* 300^0 ^[^ ]*3SejXD7ALUCb[^ ]*$
* 300^0 ^[^ ]*7gXrMkKNZUPo[^ ]*$
{
SBLOG="A1S-Bagle-D Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle Dropper Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZWN0KCIiU2Ny[^ ]*$
* 300^0 ^[^ ]*LDAsMCwyLDAs[^ ]*$
* 300^0 ^[^ ]*DE5NSwxMywxL[^ ]*$
* 300^0 ^[^ ]*MjYsMTgzLDQx[^ ]*$
* 300^0 ^[^ ]*MjI1LDIzNCw5[^ ]*$
{
SBLOG="A1S-Bagle Dropper Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-E Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*GQrhPcisc5NZ[^ ]*$
* 300^0 ^[^ ]*Kjk5aoiMaU7l[^ ]*$
* 300^0 ^[^ ]*0kDMsQft4g78[^ ]*$
* 300^0 ^[^ ]*NmpCyG5fjMvH[^ ]*$
* 300^0 ^[^ ]*N4ijn6xXBjpa[^ ]*$
{
SBLOG="A1S-Bagle-E Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-F Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Qfk4iYHxlul0[^ ]*$
* 300^0 ^[^ ]*AyJ3BiWAyGyX[^ ]*$
* 300^0 ^[^ ]*vSjd3Hum25ds[^ ]*$
* 300^0 ^[^ ]*1N0kukmuMG6s[^ ]*$
* 300^0 ^[^ ]*obeaCvArns9i[^ ]*$
{
SBLOG="A1S-Bagle-F Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-G Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*eZ9JaJ8phf4I[^ ]*$
* 300^0 ^[^ ]*xSaWxfPHHTqM[^ ]*$
* 300^0 ^[^ ]*mHBpZzm3ypag[^ ]*$
* 300^0 ^[^ ]*HxNvkGxawuUs[^ ]*$
* 300^0 ^[^ ]*XN7PSx865QbB[^ ]*$
{
SBLOG="A1S-Bagle-G Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-H Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*wioXr1qauxku[^ ]*$
* 300^0 ^[^ ]*zzmCb8FxZj9r[^ ]*$
* 300^0 ^[^ ]*JUr088jAzWFI[^ ]*$
* 300^0 ^[^ ]*wet73PqMtoL5[^ ]*$
* 300^0 ^[^ ]*jzRkKL5w56vx[^ ]*$
* 300^0 ^[^ ]*Fhbe7jPmlEiI[^ ]*$
* 300^0 ^[^ ]*MGd2F2ItSFU1[^ ]*$
* 300^0 ^[^ ]*XJtbfQnp6gJk[^ ]*$
* 300^0 ^[^ ]*D0WBkgfs1R12[^ ]*$
* 300^0 ^[^ ]*4f7ZJzsQtOnu[^ ]*$
* 300^0 ^[^ ]*mbicbkSxngu2[^ ]*$
* 300^0 ^[^ ]*Nn0R11HEeQCR[^ ]*$
* 300^0 ^[^ ]*o4E1ylIjZVvC[^ ]*$
* 300^0 ^[^ ]*jyO91a1eB5XM[^ ]*$
* 300^0 ^[^ ]*cvuMbKHOYcbk[^ ]*$
* 300^0 ^[^ ]*LTfK2EhuzLne[^ ]*$
* 300^0 ^[^ ]*1OjgNFVNm2H5[^ ]*$
* 300^0 ^[^ ]*pBnlBSj6zZ9K[^ ]*$
* 300^0 ^[^ ]*JcESmFM7hEKA[^ ]*$
* 300^0 ^[^ ]*ZtYNgDEdHexk[^ ]*$
* 300^0 ^[^ ]*ULRBaGQv5OJk[^ ]*$
* 300^0 ^[^ ]*MwCcnHNIawGB[^ ]*$
* 300^0 ^[^ ]*f4LajlVKSASd[^ ]*$
* 300^0 ^[^ ]*Cwi9KQl3Hzge[^ ]*$
* 300^0 ^[^ ]*1DLO1p2JHHyG[^ ]*$
{
SBLOG="A1S-Bagle-H Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-J Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*u6zrBzWsCsB1[^ ]*$
* 300^0 ^[^ ]*dwGSMmbqkEjP[^ ]*$
* 300^0 ^[^ ]*BUrWjnoI5hlb[^ ]*$
* 300^0 ^[^ ]*gA6d4AR7tTEB[^ ]*$
* 300^0 ^[^ ]*qbDpLS2oxiwC[^ ]*$
* 300^0 ^[^ ]*dLuv4aFR4XTt[^ ]*$
* 300^0 ^[^ ]*hpmWO9krc0fO[^ ]*$
* 300^0 ^[^ ]*cNOV48AxD4VV[^ ]*$
* 300^0 ^[^ ]*Zpn1KjlHNvqQ[^ ]*$
* 300^0 ^[^ ]*7AEKEN4hBaH1[^ ]*$
* 300^0 ^[^ ]*w4oADU0PYP1t[^ ]*$
* 300^0 ^[^ ]*XpT3MGbZy7ei[^ ]*$
* 300^0 ^[^ ]*TrvAm1zMjFFI[^ ]*$
* 300^0 ^[^ ]*lGVEPXkJ8X9x[^ ]*$
* 300^0 ^[^ ]*Nxo2EoK7hI5U[^ ]*$
* 300^0 ^[^ ]*OHcrP5fXEJls[^ ]*$
* 300^0 ^[^ ]*E6Miz093tRvo[^ ]*$
* 300^0 ^[^ ]*jmkYCgD1004P[^ ]*$
* 300^0 ^[^ ]*jBOT7fnBGud5[^ ]*$
* 300^0 ^[^ ]*9PlWRa2rJqTB[^ ]*$
{
SBLOG="A1S-Bagle-J Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-K Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AS3teNv38T0C[^ ]*$
* 300^0 ^[^ ]*XbiBFExeB3YN[^ ]*$
* 300^0 ^[^ ]*Kn4D4Oj8xE08[^ ]*$
* 300^0 ^[^ ]*mbLBhbAAaNN8[^ ]*$
* 300^0 ^[^ ]*6Qp8ve2TB1lR[^ ]*$
{
SBLOG="A1S-Bagle-K Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-N Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^Hello user of [0-9a-zA-Z][-_0-9a-zA-Z.]* e-mail server,
$
* 200^0 ^
from your email account, you may use our free anti-virus tool to clean up$
* 200^0 ^For more information see the attached file\.
$
* 200^0 ^
Password: ![](\"cid:[a-z]+\.(gif|jpe?g)\")
$
* 400^0 ^----------[a-z]+$\
Content-Type: image/(gif|jpe?g); name=\"[a-z]+\.(gif|jpe?g)\"$\
Content-Transfer-Encoding: base64$\
Content-Disposition: attachment; filename=\"[a-z]+\.(gif|jpe?g)\"$\
Content-ID: <[a-z]+\.(gif|jpe?g)>$$\
[^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]+$\
[^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]+$
* 300^0 ^[^ ]*xD8foFr6UnsK[^ ]*$
* 300^0 ^[^ ]*ITUkxyTwMiNf[^ ]*$
* 300^0 ^[^ ]*fHfORvdDNkqO[^ ]*$
* 300^0 ^[^ ]*YE0tNyC2WJlv[^ ]*$
* 300^0 ^[^ ]*uB7vwVg5dXl1[^ ]*$
{
SBLOG="A1S-Bagle-N Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-O Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*pJofH2vmG1LH[^ ]*$
* 300^0 ^[^ ]*ApBuYekD6blu[^ ]*$
* 300^0 ^[^ ]*43Gcv7sqgR7C[^ ]*$
* 300^0 ^[^ ]*9tfOVC55jv0M[^ ]*$
* 300^0 ^[^ ]*w4IMMs6GRpYV[^ ]*$
{
SBLOG="A1S-Bagle-O Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-Q/Bagle-R Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 1100^0 ^$\
()$\
()$
{
SBLOG="A1S-Bagle-Q/R Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-U Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*b1RGeRUF6YWp[^ ]*$
* 300^0 ^[^ ]*OjOBAGsw7NNT[^ ]*$
* 300^0 ^[^ ]*YRPhaEEBoyCv[^ ]*$
* 300^0 ^[^ ]*GUc2aZeUhFc1[^ ]*$
* 300^0 ^[^ ]*8x5elVIJlBpx[^ ]*$
{
SBLOG="A1S-Bagle-U Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-Y Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*GYpBPQIFDrZB[^ ]*$
* 300^0 ^[^ ]*TpbPkLDlEWt9[^ ]*$
* 300^0 ^[^ ]*XLY3BZFrH3zX[^ ]*$
* 300^0 ^[^ ]*cWV1CEGBeSZ0[^ ]*$
* 300^0 ^[^ ]*GBGGCZEHEfwb[^ ]*$
* 300^0 ^[^ ]*7pH59emRW0P1[^ ]*$
* 300^0 ^[^ ]*vgAdQqtZwkJA[^ ]*$
* 300^0 ^[^ ]*76J5ugfObcPY[^ ]*$
* 300^0 ^[^ ]*qRAlbfQig8gA[^ ]*$
* 300^0 ^[^ ]*MsOikd5F6cbF[^ ]*$
{
SBLOG="A1S-Bagle-Y Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-Z Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*OgbkxqchJQ37[^ ]*$
* 300^0 ^[^ ]*Rz2yDjBbsEsH[^ ]*$
* 300^0 ^[^ ]*Rz2yDjBbsEsH[^ ]*$
* 300^0 ^[^ ]*Wr1b9fsOd6fY[^ ]*$
* 300^0 ^[^ ]*MowkJd0duw97[^ ]*$
* 300^0 ^[^ ]*hxJX9Sb07G25[^ ]*$
* 300^0 ^[^ ]*GWov1pLPdw4J[^ ]*$
* 300^0 ^[^ ]*mO60dUUGy95U[^ ]*$
* 300^0 ^[^ ]*RDRtPB2w5ycN[^ ]*$
* 300^0 ^[^ ]*YD44KDWLm7ER[^ ]*$
{
SBLOG="A1S-Bagle-Z Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AA Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*NCwyMjQsMzQs[^ ]*$
* 300^0 ^[^ ]*OCw0OSwyOSw3[^ ]*$
* 300^0 ^[^ ]*wxOTQsMTkxLD[^ ]*$
* 300^0 ^[^ ]*MTUsNCw2MSw2[^ ]*$
* 300^0 ^[^ ]*DE5NCwyMDksM[^ ]*$
* 300^0 ^[^ ]*MjgsMTg2LDQs[^ ]*$
* 300^0 ^[^ ]*c4LDE3NywyMT[^ ]*$
* 300^0 ^[^ ]*Tg0LDEwNywyM[^ ]*$
* 300^0 ^[^ ]*jAsMiw1LDEyM[^ ]*$
* 300^0 ^[^ ]*0OSwyMDIsMTE[^ ]*$
* 300^0 ^[^ ]*MTY3LDI0Niwz[^ ]*$
* 300^0 ^[^ ]*yNDYsMTE5LDI[^ ]*$
* 300^0 ^[^ ]*LDE1Myw2LDM2[^ ]*$
* 300^0 ^[^ ]*wxMCwxOTMsOD[^ ]*$
* 300^0 ^[^ ]*MTc2LDEwMCwx[^ ]*$
* 300^0 ^[^ ]*LDAsMjAxLDY2[^ ]*$
* 300^0 ^[^ ]*NCwxOCw5OSwy[^ ]*$
* 300^0 ^[^ ]*MTM5LDE2LDI2[^ ]*$
* 300^0 ^[^ ]*LDIzOCwyNTEs[^ ]*$
* 300^0 ^[^ ]*NDYsMjEzLDE0[^ ]*$
{
SBLOG="A1S-Bagle-AA Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AF Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*WVmAJvoT4y7W[^ ]*$
* 300^0 ^[^ ]*3gcGyMln7IZC[^ ]*$
* 300^0 ^[^ ]*pFZNDECrtKK2[^ ]*$
* 300^0 ^[^ ]*7NRni3xvoT1Q[^ ]*$
* 300^0 ^[^ ]*sdjY16Z6klpP[^ ]*$
* 300^0 ^[^ ]*cYgALHklvjoK[^ ]*$
* 300^0 ^[^ ]*AjTAD3urG6nR[^ ]*$
* 300^0 ^[^ ]*PU9HhPBMwYuZ[^ ]*$
* 300^0 ^[^ ]*5XoPbYbAdRgq[^ ]*$
* 300^0 ^[^ ]*XkWWOnQQgwcU[^ ]*$
* 300^0 ^[^ ]*pf7WYT8H2Trl[^ ]*$
* 300^0 ^[^ ]*rHPpGni82Io4[^ ]*$
* 300^0 ^[^ ]*gVi0Y3S8YMQC[^ ]*$
* 300^0 ^[^ ]*4TYL8tLDcaxL[^ ]*$
* 300^0 ^[^ ]*Mld6bbM1fRRb[^ ]*$
* 300^0 ^[^ ]*wzXeCDO0HJhc[^ ]*$
* 300^0 ^[^ ]*2To3s5RGTiWB[^ ]*$
* 300^0 ^[^ ]*tBt9Id75XsAK[^ ]*$
* 300^0 ^[^ ]*uILCJAwLqByR[^ ]*$
* 300^0 ^[^ ]*5vBAB60qeSeJ[^ ]*$
* 300^0 ^[^ ]*hNUHQSPKHkdw[^ ]*$
* 300^0 ^[^ ]*iwSj1Cz0ZD4Y[^ ]*$
* 300^0 ^[^ ]*YpK61RgsfHd9[^ ]*$
* 300^0 ^[^ ]*vq9qv6uLbrin[^ ]*$
* 300^0 ^[^ ]*MvMqsO6E3Xh4[^ ]*$
* 300^0 ^[^ ]*c7oSZEvyEzs7[^ ]*$
* 300^0 ^[^ ]*MLiQTNXPwDpI[^ ]*$
* 300^0 ^[^ ]*3AfOAbVYrA6a[^ ]*$
* 300^0 ^[^ ]*t95dMGc6hgHf[^ ]*$
* 300^0 ^[^ ]*Q3QWNPdWNBVU[^ ]*$
* 300^0 ^[^ ]*bvsXnNJ0e2az[^ ]*$
* 300^0 ^[^ ]*ULa0gva8ewZb[^ ]*$
* 300^0 ^[^ ]*6QH6w77wGcho[^ ]*$
* 300^0 ^[^ ]*ORmwejkWgfXw[^ ]*$
* 300^0 ^[^ ]*lXVwpOdoZuBU[^ ]*$
* 300^0 ^[^ ]*dcuOctkaKbKM[^ ]*$
* 300^0 ^[^ ]*2YkVSyrrzwm7[^ ]*$
* 300^0 ^[^ ]*H1hM9CIwuYJH[^ ]*$
* 300^0 ^[^ ]*jdFlpSKvMse3[^ ]*$
* 300^0 ^[^ ]*sQlmOlGjz3Tt[^ ]*$
* 300^0 ^[^ ]*8ISeHsPFPGNP[^ ]*$
* 300^0 ^[^ ]*NDHb6QbD5LmH[^ ]*$
* 300^0 ^[^ ]*hJYiTV3kWrqM[^ ]*$
* 300^0 ^[^ ]*6u7gbss8ePMK[^ ]*$
* 300^0 ^[^ ]*KxTOqieLfI5B[^ ]*$
* 300^0 ^[^ ]*VgP7MftLUgb3[^ ]*$
* 300^0 ^[^ ]*8ewZbcXCJzpi[^ ]*$
* 300^0 ^[^ ]*0UTPpBfrpkqT[^ ]*$
* 300^0 ^[^ ]*uUGc0UuBgqND[^ ]*$
* 300^0 ^[^ ]*iMUlB0RAjcUz[^ ]*$
{
SBLOG="A1S-Bagle-AF Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AG Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dsnh8bmFoTuT[^ ]*$
* 300^0 ^[^ ]*cuVvRZ0DDP3p[^ ]*$
* 300^0 ^[^ ]*0yBWQukv6k0i[^ ]*$
* 300^0 ^[^ ]*yvm69k7s8wVy[^ ]*$
* 300^0 ^[^ ]*Z5lmLaO8vydT[^ ]*$
{
SBLOG="A1S-Bagle-AG Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AH Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*i2Bp4yi7Wqwi[^ ]*$
* 300^0 ^[^ ]*UOOUxP97YvS7[^ ]*$
* 300^0 ^[^ ]*7HCEuSme86Wp[^ ]*$
* 300^0 ^[^ ]*jBjCFpN9LRqy[^ ]*$
* 300^0 ^[^ ]*kBNWPGOY8NmK[^ ]*$
{
SBLOG="A1S-Bagle-AH Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AI Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*t2ZLJmXZ0FTi[^ ]*$
* 300^0 ^[^ ]*TQvcKESTGUs8[^ ]*$
* 300^0 ^[^ ]*TQvcKESTGUs8[^ ]*$
* 300^0 ^[^ ]*YSihje9EHAFy[^ ]*$
* 300^0 ^[^ ]*4B6YJrNBx81V[^ ]*$
* 300^0 ^[^ ]*HH0gSRabWmaO[^ ]*$
* 300^0 ^[^ ]*UDNheB7ngdW2[^ ]*$
* 300^0 ^[^ ]*RlfBF3BAKGhR[^ ]*$
* 300^0 ^[^ ]*SkyYTxRctVdK[^ ]*$
* 300^0 ^[^ ]*BfEDYW2AUC8b[^ ]*$
* 300^0 ^[^ ]*wKjMEm2Dj0WT[^ ]*$
* 300^0 ^[^ ]*8TQvcKESTGUs[^ ]*$
* 300^0 ^[^ ]*rMiDVG0b6DZR[^ ]*$
* 300^0 ^[^ ]*JqypSZB4PkvP[^ ]*$
* 300^0 ^[^ ]*9Ndc4RhKP8pL[^ ]*$
* 300^0 ^[^ ]*oTHHDthxfIoF[^ ]*$
* 300^0 ^[^ ]*cpTOzEJQqyWg[^ ]*$
* 300^0 ^[^ ]*kRGBFcGmxewx[^ ]*$
* 300^0 ^[^ ]*yXNXbdN62hBU[^ ]*$
* 300^0 ^[^ ]*9jHJpFGSWUq5[^ ]*$
* 300^0 ^[^ ]*cWgRsNW7yWoo[^ ]*$
* 300^0 ^[^ ]*W3q14lOoqqVv[^ ]*$
* 300^0 ^[^ ]*4H2q4e2ohKtF[^ ]*$
* 300^0 ^[^ ]*BBxbQNdMFlmi[^ ]*$
* 300^0 ^[^ ]*GDA6t0NDy0CH[^ ]*$
* 300^0 ^[^ ]*wKjMEm2Dj0WT[^ ]*$
* 300^0 ^[^ ]*g9emkPaBIdRG[^ ]*$
* 300^0 ^[^ ]*751pCFoxg7Nl[^ ]*$
* 300^0 ^[^ ]*Hgp9Y9vG6xYS[^ ]*$
* 300^0 ^[^ ]*0aSUlvq4xvzy[^ ]*$
* 300^0 ^[^ ]*IUVmgSEplthD[^ ]*$
* 300^0 ^[^ ]*lqWW1OXVcws8[^ ]*$
* 300^0 ^[^ ]*jOQsNRvlpVvS[^ ]*$
* 300^0 ^[^ ]*2ne2H92HTbwH[^ ]*$
* 300^0 ^[^ ]*Fr9LjW7pf3uW[^ ]*$
* 300^0 ^[^ ]*YKgk836dHBQW[^ ]*$
* 300^0 ^[^ ]*3XuEE3VbcPkL[^ ]*$
* 300^0 ^[^ ]*4H2q4e2ohKtF[^ ]*$
* 300^0 ^[^ ]*TavHToCfvzUX[^ ]*$
* 300^0 ^[^ ]*2cMdsjstlaZH[^ ]*$
* 300^0 ^[^ ]*WaGqSOYoBRdz[^ ]*$
* 300^0 ^[^ ]*Izd6ilspI6yA[^ ]*$
* 300^0 ^[^ ]*1EM0beGA3RgJ[^ ]*$
* 300^0 ^[^ ]*iagqimEm9r5p[^ ]*$
* 300^0 ^[^ ]*IWHz8U157TZ5[^ ]*$
* 300^0 ^[^ ]*cEf761CLvW48[^ ]*$
* 300^0 ^[^ ]*jkBqb70xrz2J[^ ]*$
* 300^0 ^[^ ]*wqKcbDYoFs0I[^ ]*$
* 300^0 ^[^ ]*dEYdXOTbt67R[^ ]*$
* 300^0 ^[^ ]*bGaao8yW0LdE[^ ]*$
* 300^0 ^[^ ]*BAJQ6JUBAABm[^ ]*$
* 300^0 ^[^ ]*8YrKMpmsR74w[^ ]*$
* 300^0 ^[^ ]*jmZckpJ1YdVG[^ ]*$
* 300^0 ^[^ ]*0MBLYgPstc8j[^ ]*$
* 300^0 ^[^ ]*4d5VqYiyImSx[^ ]*$
{
SBLOG="A1S-Bagle-AI Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AM Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Jg37UkWTUOFJ[^ ]*$
* 300^0 ^[^ ]*0pojHyyxeBtQ[^ ]*$
* 300^0 ^[^ ]*1EdMcFbZKUti[^ ]*$
* 300^0 ^[^ ]*Y4NWoJdyzn96[^ ]*$
* 300^0 ^[^ ]*Rg2B06kDcGBL[^ ]*$
{
SBLOG="A1S-Bagle-AM Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AP Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*jXodHaOtXcc6[^ ]*$
* 300^0 ^[^ ]*YkRSo15ED88w[^ ]*$
* 300^0 ^[^ ]*aRFvFxiv8X9n[^ ]*$
* 300^0 ^[^ ]*eS8skGtIvhhc[^ ]*$
* 300^0 ^[^ ]*Vp55Kytn3Xr1[^ ]*$
* 300^0 ^[^ ]*bEdEYK52VU0A[^ ]*$
* 300^0 ^[^ ]*JwIzLbtmtaHx[^ ]*$
* 300^0 ^[^ ]*bX2iFOW8cAEj[^ ]*$
* 300^0 ^[^ ]*jYuR7faX4GtK[^ ]*$
* 300^0 ^[^ ]*gXXqlMAIJWi5[^ ]*$
{
SBLOG="A1S-Bagle-AP Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AQ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*oeWacmfITmUf[^ ]*$
* 300^0 ^[^ ]*tggboV873M3E[^ ]*$
* 300^0 ^[^ ]*f6UCPBWexuG3[^ ]*$
* 300^0 ^[^ ]*WBRHf0RST1RG[^ ]*$
* 300^0 ^[^ ]*wfelLzaP2ny6[^ ]*$
* 300^0 ^[^ ]*geupaFrpYpUn[^ ]*$
* 300^0 ^[^ ]*LBbKZUj0Bl0j[^ ]*$
* 300^0 ^[^ ]*DRByiCzvov0R[^ ]*$
* 300^0 ^[^ ]*iPDLV6cQmdvF[^ ]*$
* 300^0 ^[^ ]*B08HDj9NbFQE[^ ]*$
{
SBLOG="A1S-Bagle-AQ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-AZ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*g4kAOINs11D5[^ ]*$
* 300^0 ^[^ ]*f4O7HBzLP8VM[^ ]*$
* 300^0 ^[^ ]*IT3ceYRD8V66[^ ]*$
* 300^0 ^[^ ]*kiH0aeroUwel[^ ]*$
* 300^0 ^[^ ]*aG6WMnRbJw6u[^ ]*$
{
SBLOG="A1S-Bagle-AZ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-BB Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*F2VIXuW2QtHU[^ ]*$
* 300^0 ^[^ ]*99GaRLetoQNq[^ ]*$
* 300^0 ^[^ ]*XX6hHIhuLSSX[^ ]*$
* 300^0 ^[^ ]*SOdnXMxxfsbK[^ ]*$
* 300^0 ^[^ ]*PGu5jmlD2Z9D[^ ]*$
{
SBLOG="A1S-Bagle-BB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-BC Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*jKRg4Kk4FmDJ[^ ]*$
* 300^0 ^[^ ]*7qRTWebJDlRZ[^ ]*$
* 300^0 ^[^ ]*HazmqjwaBqzc[^ ]*$
* 300^0 ^[^ ]*8SoauQVunwCN[^ ]*$
* 300^0 ^[^ ]*ZEALjghfqu0p[^ ]*$
* 300^0 ^[^ ]*nu3WWVEGFMhl[^ ]*$
* 300^0 ^[^ ]*YApHFnTGsoGl[^ ]*$
* 300^0 ^[^ ]*KzxQt81eh6l0[^ ]*$
* 300^0 ^[^ ]*7EuQcm9GG9Qd[^ ]*$
* 300^0 ^[^ ]*8nppvEWZzVU5[^ ]*$
{
SBLOG="A1S-Bagle-BC Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-BK Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*mEHPMo4fl6Sr[^ ]*$
* 300^0 ^[^ ]*3Vq96XLWENeQ[^ ]*$
* 300^0 ^[^ ]*0FiV62Eja5YK[^ ]*$
* 300^0 ^[^ ]*xQaFU57C4sjz[^ ]*$
* 300^0 ^[^ ]*RiDwU14aHvie[^ ]*$
{
SBLOG="A1S-Bagle-BK Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-CG Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*CRGyLIBOoacW[^ ]*$
* 300^0 ^[^ ]*QYDQaJHmBYPz[^ ]*$
* 300^0 ^[^ ]*mMMiOXtIVHSU[^ ]*$
* 300^0 ^[^ ]*1BhLScH0Lkp4[^ ]*$
* 300^0 ^[^ ]*IIwGpK5OQzJB[^ ]*$
* 300^0 ^[^ ]*CRDrCJiMgghl[^ ]*$
* 300^0 ^[^ ]*cMYgNN12NNYl[^ ]*$
* 300^0 ^[^ ]*Cm4x1DLgVAsc[^ ]*$
* 300^0 ^[^ ]*wER3yJW7ArsG[^ ]*$
* 300^0 ^[^ ]*Mxf45kQSRWA2[^ ]*$
* 300^0 ^[^ ]*9GPQQHsOKGjW[^ ]*$
* 300^0 ^[^ ]*isJR8ZHUEP4E[^ ]*$
* 300^0 ^[^ ]*UfBku3DVoCm4[^ ]*$
* 300^0 ^[^ ]*18YRTxQSCmQg[^ ]*$
* 300^0 ^[^ ]*EoSkrOLSeCEA[^ ]*$
* 300^0 ^[^ ]*9GPQQHsOKGjW[^ ]*$
* 300^0 ^[^ ]*3bFLTlUhcO4a[^ ]*$
* 300^0 ^[^ ]*3mZw8C0N5Nos[^ ]*$
* 300^0 ^[^ ]*EHXxOVFjH1ZQ[^ ]*$
* 300^0 ^[^ ]*KcvElU6AVrVt[^ ]*$
* 300^0 ^[^ ]*UGoZYKTRHAkp[^ ]*$
* 300^0 ^[^ ]*MINxxYmXIEym[^ ]*$
* 300^0 ^[^ ]*DkMFoJGmc5Dt[^ ]*$
* 300^0 ^[^ ]*PHkATBJKcjU7[^ ]*$
* 300^0 ^[^ ]*JfMBUHzqEjk6[^ ]*$
* 300^0 ^[^ ]*iSZm4VwijJBo[^ ]*$
* 300^0 ^[^ ]*D5RtbbYYqSQw[^ ]*$
* 300^0 ^[^ ]*rcvE0aJiML3C[^ ]*$
* 300^0 ^[^ ]*VrnYHiQKTkEQ[^ ]*$
* 300^0 ^[^ ]*FLpRLhySBbgE[^ ]*$
* 300^0 ^[^ ]*JxgPMJuS9hwu[^ ]*$
* 300^0 ^[^ ]*hngxxnk5JoeA[^ ]*$
* 300^0 ^[^ ]*4kZAgY8qh0IL[^ ]*$
* 300^0 ^[^ ]*oa2CJmhWAnwd[^ ]*$
* 300^0 ^[^ ]*mMaAmrSLACwj[^ ]*$
{
SBLOG="A1S-Bagle-CG Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bagle-gen Virus/Worm Dropper
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MTYsMTI1LDEy[^ ]*$
* 300^0 ^[^ ]*NywxMDAsNjgs[^ ]*$
* 300^0 ^[^ ]*SwxNzgsMjM3L[^ ]*$
* 300^0 ^[^ ]*MjM1LDIzMSwy[^ ]*$
* 300^0 ^[^ ]*iwyNDUsMTkyL[^ ]*$
{
SBLOG="A1S-Bagle-gen Virus/Worm Dropper"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Blaster (Lovesan) Worm/Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*VhAAAD2[^ ]*$
* 300^0 ^[^ ]*jYXo/f/[^ ]*$
* 300^0 ^[^ ]*DMeF7Or[^ ]*$
* 300^0 ^[^ ]*NSQxQAD[^ ]*$
* 300^0 ^[^ ]*/A\+3hX7[^ ]*$
{
SBLOG="A1S-Blaster Worm/Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ClAkHg0[^ ]*$
* 300^0 ^[^ ]*xvggHV9[^ ]*$
* 300^0 ^[^ ]*UUT8AZj[^ ]*$
* 300^0 ^[^ ]*rboHqPQ[^ ]*$
* 300^0 ^[^ ]*fgAlaS4[^ ]*$
{
SBLOG="A1S-Blaster Worm/Virus (UPX Compressed)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Breatel-A Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Q3VyeM5sVp3k[^ ]*$
* 300^0 ^[^ ]*2uAbj9kDzbDi[^ ]*$
* 300^0 ^[^ ]*ZkFUgwtAMPeI[^ ]*$
* 300^0 ^[^ ]*hZ7MRxGZanGW[^ ]*$
* 300^0 ^[^ ]*2jzlPXEfp6Ny[^ ]*$
{
SBLOG="A1S-Breatel-A Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Breatel-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*hf9THE1CciJ5[^ ]*$
* 300^0 ^[^ ]*CohcycbpNiq5[^ ]*$
* 300^0 ^[^ ]*YXIVYNRvQbhd[^ ]*$
* 300^0 ^[^ ]*ssSx6MgsNQlo[^ ]*$
* 300^0 ^[^ ]*H6x4nx0fFZ8O[^ ]*$
{
SBLOG="A1S-Breatel-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Brit Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 400^0 ^[^ ]*JyaXRuZX[^ ]*$
* 300^0 ^[^ ]*L1RyYW5[^ ]*$
* 300^0 ^[^ ]*YcR4Zy8[^ ]*$
* 300^0 ^[^ ]*YZe9JUh[^ ]*$
* 300^0 ^[^ ]*UV86KO6[^ ]*$
* 300^0 ^[^ ]*vizHnV8[^ ]*$
* 300^0 ^[^ ]*NRd\+6wN[^ ]*$
* 300^0 ^[^ ]*yWfUfsz[^ ]*$
* 300^0 ^[^ ]*Wob4L\+Y[^ ]*$
* 300^0 ^[^ ]*Sf/SWMh[^ ]*$
* 300^0 ^[^ ]*yRGhgd3[^ ]*$
* 300^0 ^[^ ]*xlLW/PZ[^ ]*$
* 400^0 ^[^ ]*NIQUtJUk[^ ]*$
* 300^0 ^[^ ]*F5fz68l[^ ]*$
* 300^0 ^[^ ]*oEiP4kk[^ ]*$
* 300^0 ^[^ ]*rPJ9vjy[^ ]*$
* 400^0 ^[^ ]*NBSUZBTkV[^ ]*$
* 300^0 ^[^ ]*Sxn5Ang[^ ]*$
* 300^0 ^[^ ]*TCZ/0VX[^ ]*$
* 300^0 ^[^ ]*WCV3cE+[^ ]*$
{
SBLOG="A1S-Brit Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Bugbear Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*7e/5O/C[^ ]*$
* 300^0 ^[^ ]*UDcmGDo[^ ]*$
* 300^0 ^[^ ]*MogGcs9[^ ]*$
* 300^0 ^[^ ]*hXIFBoO[^ ]*$
* 300^0 ^[^ ]*rw5Qdfi[^ ]*$
* 1100^0 C$?^?C$?^?n$?^?Y$?^?h$?^?q$?^?0$?^?w$?^?f$?^?H$?^?k$?^?M$?^?3$?^?x$?^?\+$?^?0$?^?H$?^?A$?^?B$?^?U$?^?R$?^?A$?^?Q$?^?A$?^?A$?^?k$?^?A$?^?I$?^?A$?^?J$?^?g$?^?s$?^?A$?^?J$?^?L
* 300^0 ^[^ ]*^qNaGJAD[^ ]*$
* 300^0 ^[^ ]*\+4JY8\+P[^ ]*$
* 300^0 ^[^ ]*6\+UYghj[^ ]*$
* 300^0 ^[^ ]*68n1Ghj[^ ]*$
* 300^0 ^[^ ]*YqjWZmB[^ ]*$
* 300^0 ^[^ ]*ghTr7RQ[^ ]*$
{
SBLOG="A1S-Bugbear Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# CodeGreen-A Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*V4k3g8c[^ ]*$
* 300^0 ^[^ ]*AGoA/5U[^ ]*$
* 300^0 ^[^ ]*WYP4/3Q[^ ]*$
* 300^0 ^[^ ]*AABzb2N[^ ]*$
* 300^0 ^[^ ]*OTAldTk[^ ]*$
{
SBLOG="A1S-CodeGreen-A Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Dandi Worm/Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 500^0 ^[^ ]*TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAA[^ ]*$
* 500^0 ^[^ ]*AAAAAAAAAAAAAAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dy[^ ]*$
* 500^0 ^[^ ]*YW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAA[^ ]*$
* 500^0 ^[^ ]*AAAAAAAA4ACOoQsBAhkAkAMAABAAAACABQDgGQkAAJAFAAAgCQAAAEAAABAA[^ ]*$
{
SBLOG="A1S-Dandi Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Darby Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*F6Zp5jn[^ ]*$
* 300^0 ^[^ ]*kGDH9mH[^ ]*$
* 300^0 ^[^ ]*MsgrHhH[^ ]*$
* 300^0 ^[^ ]*jOsqjbJ[^ ]*$
* 300^0 ^[^ ]*rrMljqb[^ ]*$
{
SBLOG="A1S-Darby Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Darby-N Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*4HjaDhFAiIpj[^ ]*$
* 300^0 ^[^ ]*fehsBRWxQrto[^ ]*$
* 300^0 ^[^ ]*SJSsnJE0BMHd[^ ]*$
* 300^0 ^[^ ]*BdkHVWpi8D3C[^ ]*$
* 300^0 ^[^ ]*L0twzwqVCtMn[^ ]*$
{
SBLOG="A1S-Darby-N Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-COB Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*\+uQlvmxDSbiS1[^ ]*$
* 300^0 ^[^ ]*\+HG6FC4eC5sMN[^ ]*$
* 300^0 ^[^ ]*\+zoNolntDPIav[^ ]*$
* 300^0 ^[^ ]*\+AEZUMve7P6GK[^ ]*$
* 300^0 ^[^ ]*\+tBYiGff5gQOP[^ ]*$
{
SBLOG="A1S-Downloader-COB Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-CVY Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*YByLdCR9sLn1[^ ]*$
* 300^0 ^[^ ]*oXzChFVPIMK8[^ ]*$
* 300^0 ^[^ ]*WEIv6V1HtkW4[^ ]*$
* 300^0 ^[^ ]*aCOOYxX8UIBq[^ ]*$
* 300^0 ^[^ ]*vd0FEQiALVGh[^ ]*$
{
SBLOG="A1S-Downloader-CVY Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-CVZ Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*KAMFoAboE6Qq[^ ]*$
* 300^0 ^[^ ]*iB28obV0J5Ep[^ ]*$
* 300^0 ^[^ ]*MFoAboE6Qqo7[^ ]*$
* 300^0 ^[^ ]*ybo4FZzogQ28[^ ]*$
* 300^0 ^[^ ]*ZaZAYFRFTVCA[^ ]*$
{
SBLOG="A1S-Downloader-CVZ Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-FHD Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*CAgICAgICKU5[^ ]*$
* 300^0 ^[^ ]*4EoZ9MxC8FDk[^ ]*$
* 300^0 ^[^ ]*98pD4BqqhocX[^ ]*$
* 300^0 ^[^ ]*w0Me3JONP4dW[^ ]*$
* 300^0 ^[^ ]*dXJHZW50dm8I[^ ]*$
{
SBLOG="A1S-Downloader-FHD Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-GXD Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*7XrfGQlRSAOi[^ ]*$
* 300^0 ^[^ ]*NDUzbGxkG29v[^ ]*$
* 300^0 ^[^ ]*x85vbWtva2ln[^ ]*$
* 300^0 ^[^ ]*IBwcHBgYFBQU[^ ]*$
* 300^0 ^[^ ]*TG9hZExpYnJh[^ ]*$
{
SBLOG="A1S-Downloader-GXD Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Downloader-HWP Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ICBvIBoaGhUH[^ ]*$
* 300^0 ^[^ ]*FNwaswFAwkBY[^ ]*$
* 300^0 ^[^ ]*wrEcQ8hufsSM[^ ]*$
* 300^0 ^[^ ]*6QoTdciKEARC[^ ]*$
* 300^0 ^[^ ]*q2TxQSRwqIYv[^ ]*$
{
SBLOG="A1S-Downloader-HWP Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Dumador-Y Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*kt58NypQ1ZSI[^ ]*$
* 300^0 ^[^ ]*UbMGpdN9Hkio[^ ]*$
* 300^0 ^[^ ]*eh8MbF6FRtbu[^ ]*$
* 300^0 ^[^ ]*32VBxYIBiLQi[^ ]*$
* 300^0 ^[^ ]*0H6x6lwAzb43[^ ]*$
{
SBLOG="A1S-Dumador-Y Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Dumador-CD Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*OYVbTrxch1sQ[^ ]*$
* 300^0 ^[^ ]*stDhkXTHR2IZ[^ ]*$
* 300^0 ^[^ ]*xy6CNdSP4y5N[^ ]*$
* 300^0 ^[^ ]*hjDH1yEBwCtN[^ ]*$
* 300^0 ^[^ ]*Jyb3IAEnybSm[^ ]*$
{
SBLOG="A1S-Dumador-CD Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Dumaru Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*\+Wju6sA[^ ]*$
* 300^0 ^[^ ]*gEzZBBs[^ ]*$
* 300^0 ^[^ ]*L7XUF5A[^ ]*$
* 300^0 ^[^ ]*vB4dxDv[^ ]*$
* 300^0 ^[^ ]*TAEEAOw[^ ]*$
* 300^0 ^[^ ]*AP3z6ADj[^ ]*$
* 300^0 ^[^ ]*AQEBAQEB2d[^ ]*$
* 300^0 ^[^ ]*XiZkAPpP2[^ ]*$
* 300^0 ^[^ ]*QsULoVU3z[^ ]*$
* 300^0 ^[^ ]*SwMviyI1f[^ ]*$
{
SBLOG="A1S-Dumaru Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Elkern Virus
:0 BD
* -1000^0
* 300^0 ^[^ ]*0EPA6gQ[^ ]*$
* 300^0 ^[^ ]*fnwDQOv[^ ]*$
* 300^0 ^[^ ]*AFlZ6xZ[^ ]*$
* 300^0 ^[^ ]*oAEAAGo[^ ]*$
* 300^0 ^[^ ]*zyvIUVB[^ ]*$
* 300^0 ^[^ ]*AIPEDOm[^ ]*$
* 300^0 ^[^ ]*FUAAAxV[^ ]*$
* 300^0 ^[^ ]*lKBAAOg[^ ]*$
* 300^0 ^[^ ]*DKGsoEA[^ ]*$
* 300^0 ^[^ ]*zMzMzMz[^ ]*$
* 300^0 ^[^ ]*P\+VR\+9c[^ ]*$
* 300^0 ^[^ ]*6b25uWg[^ ]*$
* 300^0 ^[^ ]*uSmvKqe[^ ]*$
* 400^0 ^[^ ]*qHWNqPQ[^ ]*$
{
SBLOG="A1S-Elkern Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Energy Virus/Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*LCF\+amA[^ ]*$
* 300^0 ^[^ ]*4Z5EEkX[^ ]*$
* 300^0 ^[^ ]*Xs\+bVnx[^ ]*$
* 300^0 ^[^ ]*/80esdu[^ ]*$
* 300^0 ^[^ ]*w4ySLg9[^ ]*$
{
SBLOG="A1S-Energy Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Eyeveg-J Virus/Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*hOrOJ8zIXq0z[^ ]*$
* 300^0 ^[^ ]*thozJ9ZbVmNm[^ ]*$
* 300^0 ^[^ ]*sKpNJYlKw3qU[^ ]*$
* 300^0 ^[^ ]*EQyZs6XQ3MoU[^ ]*$
* 300^0 ^[^ ]*65vJQy4zopiJ[^ ]*$
{
SBLOG="A1S-Eyeveg-J Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Eyeveg-L Virus/Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*7uegVc38JNOn[^ ]*$
* 300^0 ^[^ ]*zMRHl7bcBIIB[^ ]*$
* 300^0 ^[^ ]*z4lM9LNm4BJd[^ ]*$
* 300^0 ^[^ ]*CUYSohpsTA60[^ ]*$
* 300^0 ^[^ ]*t6MD2pYelImd[^ ]*$
{
SBLOG="A1S-Eyeveg-L Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Frethem Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*OxLRTfB[^ ]*$
* 300^0 ^[^ ]*aHZdo72[^ ]*$
* 300^0 ^[^ ]*KPwdNsG[^ ]*$
* 300^0 ^[^ ]*/OzCsbg[^ ]*$
* 300^0 ^[^ ]*zRhz7Px[^ ]*$
{
SBLOG="A1S-Frethem Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# FunLove.4099 Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UWRmeuKC0wa3[^ ]*$
* 300^0 ^[^ ]*At7VbFaU161B[^ ]*$
* 300^0 ^[^ ]*11KeIcFTyIYN[^ ]*$
* 300^0 ^[^ ]*JJD2925Z22M2[^ ]*$
* 300^0 ^[^ ]*eSL637N5UniH[^ ]*$
* 300^0 ^[^ ]*gg7GUlMzp9Ze[^ ]*$
* 300^0 ^[^ ]*KD9By32kt367[^ ]*$
* 300^0 ^[^ ]*QE9c7Zt85iyr[^ ]*$
* 300^0 ^[^ ]*GcSffYCuZM5p[^ ]*$
* 300^0 ^[^ ]*eMHpkweMMxSk[^ ]*$
{
SBLOG="A1S-FunLove.4099 Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# FunnyPics Virus/Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*aWxsQmF[^ ]*$
* 300^0 ^[^ ]*/3X06L0[^ ]*$
* 300^0 ^[^ ]*PAF0CIP[^ ]*$
* 300^0 ^[^ ]*cFIAAHp[^ ]*$
* 300^0 ^[^ ]*Q29tbWF[^ ]*$
{
SBLOG="A1S-FunnyPics Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Ganda Virus/Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*oEAAjT1[^ ]*$
* 300^0 ^[^ ]*ECcAAGj[^ ]*$
* 300^0 ^[^ ]*AP8145R[^ ]*$
* 300^0 ^[^ ]*SMHgBYP[^ ]*$
* 300^0 ^[^ ]*AOibBAA[^ ]*$
{
SBLOG="A1S-Ganda Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Gedza-A VBS Script Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*rwNwsFC63VSZ[^ ]*$
* 300^0 ^[^ ]*6E9PNyg1wtku[^ ]*$
* 300^0 ^[^ ]*YqmrPuFcFlhu[^ ]*$
* 300^0 ^[^ ]*MZo55cpqmNwg[^ ]*$
* 300^0 ^[^ ]*RnOVYWbdhbWM[^ ]*$
{
SBLOG="A1S-Gedza-A VBS Script Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Generic Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*QAAdskA[^ ]*$
* 300^0 ^[^ ]*AP8lCBB[^ ]*$
* 300^0 ^[^ ]*EAAAAQA[^ ]*$
* 300^0 ^[^ ]*AAERGHd[^ ]*$
{
SBLOG="A1S-Generic Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Gibe Worm
:0 BD
* -1000^0
* 300^0 ^[^ ]*EEAA/yV[^ ]*$
* 300^0 ^[^ ]*uSIRQAD[^ ]*$
* 300^0 ^[^ ]*ChFAABA[^ ]*$
* 300^0 ^[^ ]*ABYAAAB[^ ]*$
* 300^0 ^[^ ]*Z1NldFZ[^ ]*$
{
SBLOG="A1S-Gibe Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# GOPWorm-153
:0 BD
* -1000^0
* 200^0 ^[^ ]*pxvNrb0[^ ]*$
* 200^0 ^[^ ]*mA9QXdN[^ ]*$
* 200^0 ^[^ ]*bUUw4oQ[^ ]*$
* 200^0 ^[^ ]*K8qezQE[^ ]*$
* 200^0 ^[^ ]*AcIuJ1u[^ ]*$
{
SBLOG="A1S-GOPWorm-153 Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Goldun-X Trojan
:0 BD
* -1000^0
* 300^0 ^[^ ]*lSRRv8kusJph[^ ]*$
* 300^0 ^[^ ]*IgEdTvIRdjZe[^ ]*$
* 300^0 ^[^ ]*Vkme5rTCr4lp[^ ]*$
* 300^0 ^[^ ]*B3rNQq9S5qdC[^ ]*$
* 300^0 ^[^ ]*JyxMIdg1EYYd[^ ]*$
{
SBLOG="A1S-Goldun-X Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Goldun-AD Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dQaJiANldbEE[^ ]*$
* 300^0 ^[^ ]*qSvKV1bdZ5M7[^ ]*$
* 300^0 ^[^ ]*FdmHXmmk1GY2[^ ]*$
* 300^0 ^[^ ]*Y6sbauzotlh0[^ ]*$
* 300^0 ^[^ ]*HZHDhITKWPWC[^ ]*$
{
SBLOG="A1S-Goldun-AD Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Goldun-AV Trojan
#
# 5/19/05:
# Sent out as "replacement" for current E-Gold interface,
# almost certainly a trojan program although probably
# not *technically* a virus.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*uQGEXqCBwCiO[^ ]*$
* 300^0 ^[^ ]*kSVcBbVkzwBy[^ ]*$
* 300^0 ^[^ ]*YNJTAqxznUNZ[^ ]*$
* 300^0 ^[^ ]*EQoFUxInQcMY[^ ]*$
* 300^0 ^[^ ]*wRAeyIRejSIU[^ ]*$
{
SBLOG="A1S-Goldun-AV Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Gollum Trojan
:0 BD
* -1000^0
* 200^0 ^[^ ]*XoJChxJCtL[^ ]*$
* 200^0 ^[^ ]*Y5wbYWMM8[^ ]*$
* 200^0 ^[^ ]*SEwknbHQ8A[^ ]*$
* 200^0 ^[^ ]*3cIPBwapM[^ ]*$
* 200^0 ^[^ ]*XgKXbObkG[^ ]*$
* 200^0 ^[^ ]*0CYaVGVdvL[^ ]*$
{
SBLOG="A1S-Gollum Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Hackarmy-AT Trojan
:0 BD
* -1000^0
* 300^0 ^[^ ]*fAAoAJsAMgC6[^ ]*$
* 300^0 ^[^ ]*8HlouWovDz9P[^ ]*$
* 300^0 ^[^ ]*39wcHBwcHBvb[^ ]*$
* 300^0 ^[^ ]*8fHx8fHx8QEB[^ ]*$
* 300^0 ^[^ ]*vRK4IjlSAEIk[^ ]*$
{
SBLOG="A1S-Hackarmy-AT Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Hadra Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Enlyyt4[^ ]*$
* 300^0 ^[^ ]*vxTI370[^ ]*$
* 300^0 ^[^ ]*YzPwft/[^ ]*$
* 300^0 ^[^ ]*AAsOe\+9[^ ]*$
* 300^0 ^[^ ]*vwy4SIB[^ ]*$
{
SBLOG="A1S-Hadra Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Happy99.exe/Spanska Virus :/
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AIs97w5[^ ]*$
* 300^0 ^[^ ]*BaIOQgB[^ ]*$
* 300^0 ^[^ ]*AIBu/gF[^ ]*$
* 300^0 ^[^ ]*BpuNlhc[^ ]*$
{
SBLOG="A1S-Happy99/Spanska Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Hawawi-G Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*L3YAYnf[^ ]*$
* 300^0 ^[^ ]*Zkgu/Al[^ ]*$
* 300^0 ^[^ ]*dY/34nx[^ ]*$
* 300^0 ^[^ ]*xEzSu/9[^ ]*$
* 300^0 ^[^ ]*7bgBAAA[^ ]*$
* 300^0 ^[^ ]*AP8lIBB[^ ]*$
* 300^0 ^[^ ]*AAA0JkA[^ ]*$
* 300^0 ^[^ ]*oaxTQAA[^ ]*$
* 300^0 ^[^ ]*\+/o1MP/[^ ]*$
* 300^0 ^[^ ]*AGM0/13[^ ]*$
{
SBLOG="A1S-Hawawi-G Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Heyya-B Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*vjKIRAB[^ ]*$
* 300^0 ^[^ ]*xofi2UA[^ ]*$
* 300^0 ^[^ ]*6hZAAOg[^ ]*$
* 300^0 ^[^ ]*MwAAamR[^ ]*$
* 300^0 ^[^ ]*dWVuemF[^ ]*$
{
SBLOG="A1S-Heyya-B Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Holar-H virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$
* 200^0 ^AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v$
* 200^0 ^ZGUuDQ0KJAAAAAAAAAC3Egfb83NpiPNzaYjzc2mIGmxkiPJzaYhSaWNo83NpiAAAAAAAAAAAAAAA$
* 200^0 ^AAAAAAAAAAAAAAAAAFBFAABMAQMAzezMPgAAAAAAAAAA4AAPAQsBBgAAEAAAABAAAABQAADgawAA$
* 200^0 ^KJAA/yU0EEAFKBkZGRkkIAwsGRkZGRQ4QEQZGRkZCBwYBBkZGRkQADA8zcl2u2isFAToAaeyMEiQ$
* 200^0 ^/980OL49cnSCjNcRq6BERVNU/6+d5AFNeQwNU2VsZi1FeHSQLZ/9cmFjdG9yHP/MMYVA+P8P2YYP$
* 200^0 ^Ok+tM5lmzxG3DACqAGDTk//rDkAczXGNdQcARnJtTWy7v/1haW4ADRkPQgAiBCNGF2x0oz66u82N$
* 200^0 ^AQH0EAUYACgRFrKxpusTKAMQIB8EXXTnspcbAoAGgJ9r3ZsBCMAABxH/996kewIG/wESBEKePbIA$
{
SBLOG="A1S-Holar-H Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Hybris Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AIv0gcT[^ ]*$
* 300^0 ^[^ ]*JOgCAAC[^ ]*$
* 300^0 ^[^ ]*mVfiyoh[^ ]*$
* 300^0 ^[^ ]*////cvL[^ ]*$
* 300^0 ^[^ ]*YIlaZIl[^ ]*$
* 300^0 ^[^ ]*0QuxYhX[^ ]*$
* 300^0 ^[^ ]*pyFClXl[^ ]*$
* 300^0 ^[^ ]*bE4jym1[^ ]*$
* 300^0 ^[^ ]*37pPyjL[^ ]*$
* 300^0 ^[^ ]*0GnOIjn[^ ]*$
* 300^0 ^[^ ]*ka60PZ2[^ ]*$
* 300^0 ^[^ ]*jTq/9Vv[^ ]*$
* 300^0 ^[^ ]*bdVMcR\+[^ ]*$
* 300^0 ^[^ ]*Y1PunKd[^ ]*$
* 300^0 ^[^ ]*be2y\+V2[^ ]*$
* 300^0 ^[^ ]*VCWIw2A[^ ]*$
* 300^0 ^[^ ]*E/42yeG[^ ]*$
* 300^0 ^[^ ]*QFsQ6PI[^ ]*$
* 300^0 ^[^ ]*2iZ0YB5[^ ]*$
* 300^0 ^[^ ]*MGSGfyE[^ ]*$
* 300^0 ^[^ ]*Ui\+XpV4[^ ]*$
* 300^0 ^[^ ]*9ftA2MO[^ ]*$
* 300^0 ^[^ ]*Tz0O8gH[^ ]*$
* 300^0 ^[^ ]*5DVWXih[^ ]*$
* 300^0 ^[^ ]*Lm6VYR8[^ ]*$
{
SBLOG="A1S-Hybris (Snow White) Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Icecubes Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AFChCzx[^ ]*$
* 300^0 ^[^ ]*MItNKIl[^ ]*$
* 300^0 ^[^ ]*AOiI///[^ ]*$
* 300^0 ^[^ ]*A0YMLW0[^ ]*$
* 300^0 ^[^ ]*//\+D\+AA[^ ]*$
{
SBLOG="A1S-Icecubes Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# IISWorm Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*6CNaAAB[^ ]*$
* 300^0 ^[^ ]*RQz88q5[^ ]*$
* 300^0 ^[^ ]*AHUBSGS[^ ]*$
* 300^0 ^[^ ]*3UUAAGS[^ ]*$
* 300^0 ^[^ ]*Q0ZQ6Hf[^ ]*$
{
SBLOG="A1S-IISWorm Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Inor-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*OSwyNCw5M[^ ]*$
* 300^0 ^[^ ]*lMCw0Mix[^ ]*$
* 300^0 ^[^ ]*GZlLDkzLD[^ ]*$
* 300^0 ^[^ ]*LDU1LGQs[^ ]*$
* 300^0 ^[^ ]*YTMsM2MsN[^ ]*$
{
SBLOG="A1S-Inor-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Klez Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*0EPA6gQ[^ ]*$
* 300^0 ^[^ ]*[oU]mAAADP[^ ]*$
* 300^0 ^[^ ]*[IM]mQAADP[^ ]*$
* 300^0 ^[^ ]*EFm4AAA[^ ]*$
* 300^0 ^[^ ]*6[OM][4o]rAAC[^ ]*$
* 300^0 ^[^ ]*QQD/dRB[^ ]*$
* 300^0 ^[^ ]*0moYWff[^ ]*$
* 300^0 ^[^ ]*U1ZXD4S[^ ]*$
* 300^0 ^[^ ]*fnwDQOv[^ ]*$
* 300^0 ^[^ ]*AFlZ6xZ[^ ]*$
* 300^0 ^[^ ]*oAEAAGo[^ ]*$
* 300^0 ^[^ ]*zyvIUVB[^ ]*$
* 300^0 ^[^ ]*/A\+DJwE[^ ]*$
* 300^0 ^[^ ]*UOjZLgA[^ ]*$
* 300^0 ^[^ ]*6DUBAAC[^ ]*$
* 300^0 ^[^ ]*CAPfO9h[^ ]*$
* 300^0 ^[^ ]*CI2F2P7[^ ]*$
* 300^0 ^[^ ]*/P7//2i[^ ]*$
* 300^0 ^[^ ]*AFPoSjE[^ ]*$
* 300^0 ^[^ ]*GGaD\+SB[^ ]*$
* 300^0 ^[^ ]*g8QQOV0[^ ]*$
* 300^0 ^[^ ]*JAAA/0X[^ ]*$
* 300^0 ^[^ ]*AAIAAID[^ ]*$
{
SBLOG="A1S-Klez Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Klez-H Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AP8VINFAADvD[^ ]*$
* 300^0 ^[^ ]*Q6N1dAABXVog[^ ]*$
* 300^0 ^[^ ]*0g6McCQAAAF9[^ ]*$
* 300^0 ^[^ ]*I18BwGLRfxZO[^ ]*$
* 300^0 ^[^ ]*hcBZdBJW6KND[^ ]*$
{
SBLOG="A1S-Klez-H Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LastWord Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZqzCAWZ[^ ]*$
* 300^0 ^[^ ]*bHQAAJY[^ ]*$
* 300^0 ^[^ ]*CuMiAAA[^ ]*$
* 300^0 ^[^ ]*zACZmf8[^ ]*$
* 300^0 ^[^ ]*AAAACVX[^ ]*$
{
SBLOG="A1S-LastWord Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LDPinch Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*TRz2zNvc2VBX[^ ]*$
* 300^0 ^[^ ]*A6wzkfUNFscg[^ ]*$
* 300^0 ^[^ ]*8M7CnUUjQmLw[^ ]*$
* 300^0 ^[^ ]*wOkCAKhoCk6g[^ ]*$
* 300^0 ^[^ ]*ycspOn85aWY8[^ ]*$
{
SBLOG="A1S-LDPinch Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LegMir Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ChLjx\+I[^ ]*$
* 300^0 ^[^ ]*i/SLBXj[^ ]*$
* 300^0 ^[^ ]*GqlF2CA[^ ]*$
* 300^0 ^[^ ]*hQMdg7j[^ ]*$
* 300^0 ^[^ ]*8McHMRi[^ ]*$
* 300^0 ^[^ ]*i8Pot//[^ ]*$
* 300^0 ^[^ ]*ACv7V1P[^ ]*$
* 300^0 ^[^ ]*aMDlQAD[^ ]*$
* 300^0 ^[^ ]*oRjmQAC[^ ]*$
* 300^0 ^[^ ]*6yaLy4X[^ ]*$
{
SBLOG="A1S-LegMir Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Litebot-D Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*CZDQcdGxCH6z[^ ]*$
* 300^0 ^[^ ]*8RyPavmn753a[^ ]*$
* 300^0 ^[^ ]*r9urD1fvw88y[^ ]*$
* 300^0 ^[^ ]*SDRkCRqDEXrS[^ ]*$
* 300^0 ^[^ ]*uRvrAgh2GHgR[^ ]*$
{
SBLOG="A1S-Litebot-D Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AiYi3pn[^ ]*$
* 300^0 ^[^ ]*tNQCwCg[^ ]*$
* 300^0 ^[^ ]*Dxsjt0c[^ ]*$
* 300^0 ^[^ ]*WA9\+zD1[^ ]*$
* 300^0 ^[^ ]*AUieTgG[^ ]*$
* 300^0 ^[^ ]*2gvcCpS[^ ]*$
* 300^0 ^[^ ]*FzcK1a\+[^ ]*$
* 300^0 ^[^ ]*5ymsPtx[^ ]*$
* 300^0 ^[^ ]*nwPq/e\+[^ ]*$
* 300^0 ^[^ ]*QYJeZUo[^ ]*$
{
SBLOG="A1S-LovGate Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-X Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Kanv6K3VoAMP[^ ]*$
* 300^0 ^[^ ]*Z5NmqAGbwNqX[^ ]*$
* 300^0 ^[^ ]*BpTv1VXXZjps[^ ]*$
* 300^0 ^[^ ]*KVBQVnDd5UpN[^ ]*$
* 300^0 ^[^ ]*nvfSpD4DzpHH[^ ]*$
* 300^0 ^[^ ]*6TxEMX5hod6k[^ ]*$
* 300^0 ^[^ ]*qvfKxiGdXqSu[^ ]*$
* 300^0 ^[^ ]*jhvkCnJlsU5b[^ ]*$
* 300^0 ^[^ ]*fvOEuKoBBuwb[^ ]*$
* 300^0 ^[^ ]*4BlogR2AE901[^ ]*$
* 300^0 ^[^ ]*7OHYzNknaTqf[^ ]*$
* 300^0 ^[^ ]*4FqtV2krUob9[^ ]*$
* 300^0 ^[^ ]*GU9nHFdA6hbN[^ ]*$
* 300^0 ^[^ ]*Hdn0VB7ZQAK4[^ ]*$
* 300^0 ^[^ ]*CBDB1lXUDX0A[^ ]*$
* 300^0 ^[^ ]*rLcic9A05bk3[^ ]*$
* 300^0 ^[^ ]*3n2KQW6Xn2d7[^ ]*$
* 300^0 ^[^ ]*lWlrhCC44yt5[^ ]*$
* 300^0 ^[^ ]*TBwUn5PZa795[^ ]*$
* 300^0 ^[^ ]*7hWHq8Lsb4y8[^ ]*$
* 300^0 ^[^ ]*1fGpD5UBcedP[^ ]*$
* 300^0 ^[^ ]*fr0DB7GFEh8i[^ ]*$
* 300^0 ^[^ ]*luxl4MQqkFGA[^ ]*$
* 300^0 ^[^ ]*ZNSrczv3ERPp[^ ]*$
* 300^0 ^[^ ]*Zscz2p8JlZ63[^ ]*$
* 300^0 ^[^ ]*xEn4NrKjeNv3[^ ]*$
* 300^0 ^[^ ]*1zx6jPcJwrrt[^ ]*$
* 300^0 ^[^ ]*SwJDwW06YCw2[^ ]*$
* 300^0 ^[^ ]*6t7E1EbjNKed[^ ]*$
* 300^0 ^[^ ]*RxXeStxKh2p9[^ ]*$
{
SBLOG="A1S-LovGate-X Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-Y Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*qixDprqZEguy[^ ]*$
* 300^0 ^[^ ]*Ik5fKJnjW8M8[^ ]*$
* 300^0 ^[^ ]*k3Ep4WPJUGQP[^ ]*$
* 300^0 ^[^ ]*4ocC2H5hooW8[^ ]*$
* 300^0 ^[^ ]*KL0xfhi8jgYc[^ ]*$
* 300^0 ^[^ ]*XX0Ms35E39hz[^ ]*$
* 300^0 ^[^ ]*7Xz5A9M9cH86[^ ]*$
* 300^0 ^[^ ]*XgX0lEZlLqQp[^ ]*$
* 300^0 ^[^ ]*erFfb0Jalclx[^ ]*$
* 300^0 ^[^ ]*lktQVtOoXcpB[^ ]*$
* 300^0 ^[^ ]*JCwtSepoi3ku[^ ]*$
* 300^0 ^[^ ]*vGUoP8832OmH[^ ]*$
* 300^0 ^[^ ]*1Wyuq6I1f3if[^ ]*$
* 300^0 ^[^ ]*BaqysQbP372O[^ ]*$
* 300^0 ^[^ ]*WmmGgFkv5qUu[^ ]*$
* 300^0 ^[^ ]*SvmFkOXpVLYn[^ ]*$
* 300^0 ^[^ ]*VOx4TXe8aDjy[^ ]*$
* 300^0 ^[^ ]*sqxNA391Wbad[^ ]*$
* 300^0 ^[^ ]*s4XECfk90FG3[^ ]*$
* 300^0 ^[^ ]*S7T3RcK11oSu[^ ]*$
{
SBLOG="A1S-LovGate-Y Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-Z Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*eVULthpaDfy1[^ ]*$
* 300^0 ^[^ ]*DWFHG4XVmlYp[^ ]*$
* 300^0 ^[^ ]*oJSF1xSKVohV[^ ]*$
* 300^0 ^[^ ]*C2seFNf9LoMy[^ ]*$
* 300^0 ^[^ ]*eQnru8aM5lMk[^ ]*$
* 300^0 ^[^ ]*caHO9YrkQ2Hj[^ ]*$
* 300^0 ^[^ ]*7Exo4vJuzwK1[^ ]*$
* 300^0 ^[^ ]*eiQMuBQb3lF3[^ ]*$
* 300^0 ^[^ ]*iDBQ6gthRtXQ[^ ]*$
* 300^0 ^[^ ]*hqJdOHUiSTIN[^ ]*$
{
SBLOG="A1S-LovGate-Z Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-AA Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*8ShN0WJyW5SL[^ ]*$
* 300^0 ^[^ ]*96kjLn6sVvLy[^ ]*$
* 300^0 ^[^ ]*37G71YBvE2hj[^ ]*$
* 300^0 ^[^ ]*kHpf5JGBF0Ev[^ ]*$
* 300^0 ^[^ ]*LeIRvvt4JGgr[^ ]*$
* 300^0 ^[^ ]*DQmiX3mOMNOV[^ ]*$
* 300^0 ^[^ ]*IqKXR0FjHD9q[^ ]*$
* 300^0 ^[^ ]*1bip4xefQHQa[^ ]*$
* 300^0 ^[^ ]*JD3RYzvd4rTu[^ ]*$
* 300^0 ^[^ ]*mIqYLkNvvVDr[^ ]*$
* 300^0 ^[^ ]*WSgt9RwPOdph[^ ]*$
* 300^0 ^[^ ]*bpfWCLlKUs5P[^ ]*$
* 300^0 ^[^ ]*XdjHOU9zPmfU[^ ]*$
* 300^0 ^[^ ]*wf8zw4tIu4aG[^ ]*$
* 300^0 ^[^ ]*FUfP18QYYkQQ[^ ]*$
* 300^0 ^[^ ]*SDIirqBUj0dW[^ ]*$
* 300^0 ^[^ ]*Batq9EpDo0Vq[^ ]*$
* 300^0 ^[^ ]*MzhKTqVtYW0X[^ ]*$
* 300^0 ^[^ ]*Hz9fEGGJEEDv[^ ]*$
* 300^0 ^[^ ]*rB67nTwQSH4T[^ ]*$
{
SBLOG="A1S-LovGate-AA Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-AB Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*11XR5eF9oT91[^ ]*$
* 300^0 ^[^ ]*TpbH7oAYNIiW[^ ]*$
* 300^0 ^[^ ]*gDt0jqW4WKfS[^ ]*$
* 300^0 ^[^ ]*Bcsnd5afKU5n[^ ]*$
* 300^0 ^[^ ]*4WbgNyDaie6I[^ ]*$
* 300^0 ^[^ ]*V6BJCEszBill[^ ]*$
* 300^0 ^[^ ]*jwzKF7PEaxQo[^ ]*$
* 300^0 ^[^ ]*5kUJm4FmStIe[^ ]*$
* 300^0 ^[^ ]*qcghZL4uFHzJ[^ ]*$
* 300^0 ^[^ ]*4p5nfZ3UVyZR[^ ]*$
{
SBLOG="A1S-LovGate-AB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-AM Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*0TYhLGyLrZ5G[^ ]*$
* 300^0 ^[^ ]*bccT8O66ScuW[^ ]*$
* 300^0 ^[^ ]*woBr42kHTdDM[^ ]*$
* 300^0 ^[^ ]*MAeTFYt2bZk9[^ ]*$
* 300^0 ^[^ ]*K0DuCfJ9tHna[^ ]*$
* 300^0 ^[^ ]*eYczCPMStUbp[^ ]*$
* 300^0 ^[^ ]*qZmmauSdahXn[^ ]*$
* 300^0 ^[^ ]*G6EeevQmUlp0[^ ]*$
* 300^0 ^[^ ]*ZWdQSrtYEaf3[^ ]*$
* 300^0 ^[^ ]*qsYI00VCOVCo[^ ]*$
* 300^0 ^[^ ]*FcCuUUUgxG9E[^ ]*$
* 300^0 ^[^ ]*qFoRscz8ZTWw[^ ]*$
* 300^0 ^[^ ]*sCCyXCYMOjBs[^ ]*$
* 300^0 ^[^ ]*07Y7oXPuWnKy[^ ]*$
* 300^0 ^[^ ]*9mDXdQHW76gS[^ ]*$
* 300^0 ^[^ ]*INGnX0C6WBU0[^ ]*$
* 300^0 ^[^ ]*dl8NPuepo9Wk[^ ]*$
* 300^0 ^[^ ]*gbz0ZD7M7jjv[^ ]*$
* 300^0 ^[^ ]*isAuZgIrwM6q[^ ]*$
* 300^0 ^[^ ]*WfEwzwBVfchM[^ ]*$
* 300^0 ^[^ ]*TSxjoaQIzohE[^ ]*$
* 300^0 ^[^ ]*0liSbnp4QPjJ[^ ]*$
* 300^0 ^[^ ]*M3YPFAmwxXCA[^ ]*$
* 300^0 ^[^ ]*HJ5DATix1AMl[^ ]*$
* 300^0 ^[^ ]*k3kcm223ZNtt[^ ]*$
{
SBLOG="A1S-LovGate-AM Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-AW Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*NtKwug0K1bRa[^ ]*$
* 300^0 ^[^ ]*ApP7EkrVBj2F[^ ]*$
* 300^0 ^[^ ]*H0lahpPkv476[^ ]*$
* 300^0 ^[^ ]*8LPPrYGypJQy[^ ]*$
* 300^0 ^[^ ]*LWCJBqAjryfA[^ ]*$
* 300^0 ^[^ ]*T0uE9v8QZpA8[^ ]*$
* 300^0 ^[^ ]*ezjufORGLFYN[^ ]*$
* 300^0 ^[^ ]*XpgqxQ6ES6Ej[^ ]*$
* 300^0 ^[^ ]*sHWdHvRrJba8[^ ]*$
* 300^0 ^[^ ]*GysVMTml4Fce[^ ]*$
{
SBLOG="A1S-LovGate-AW Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# LovGate-AZ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MD2I6AdxHcDm[^ ]*$
* 300^0 ^[^ ]*rW1LNtCC2Wbv[^ ]*$
* 300^0 ^[^ ]*MN3oSUJ8Rafh[^ ]*$
* 300^0 ^[^ ]*beOjB5I97iHJ[^ ]*$
* 300^0 ^[^ ]*41eKVCzwjL84[^ ]*$
{
SBLOG="A1S-LovGate-AZ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mabuto-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*v8CWfsm7txTn[^ ]*$
* 300^0 ^[^ ]*rrLSKv6f4g0t[^ ]*$
* 300^0 ^[^ ]*tTOMow90pvrl[^ ]*$
* 300^0 ^[^ ]*VeKRhMBioWyz[^ ]*$
* 300^0 ^[^ ]*pVxORqFhChER[^ ]*$
* 300^0 ^[^ ]*Ena684O1NguV[^ ]*$
* 300^0 ^[^ ]*WJeGCWLeKthg[^ ]*$
* 300^0 ^[^ ]*svfECIznKBVK[^ ]*$
* 300^0 ^[^ ]*t3978YuR5Mzb[^ ]*$
* 300^0 ^[^ ]*zn2vpy4m5zLs[^ ]*$
* 300^0 ^[^ ]*7tuiEZ3n8HmG[^ ]*$
* 300^0 ^[^ ]*84lGhqKYQdGB[^ ]*$
* 300^0 ^[^ ]*l4B2yHF8BIKG[^ ]*$
* 300^0 ^[^ ]*OmXBSIfEcCl6[^ ]*$
* 300^0 ^[^ ]*QssRjxJc3lg0[^ ]*$
* 300^0 ^[^ ]*u0wgn5MMIL6b[^ ]*$
* 300^0 ^[^ ]*FKpGWBls8HGE[^ ]*$
* 300^0 ^[^ ]*SwWg6fFBBN21[^ ]*$
* 300^0 ^[^ ]*MMrWUVyWYv4X[^ ]*$
* 300^0 ^[^ ]*ObwPG3onqHdz[^ ]*$
* 300^0 ^[^ ]*t8sccAx6IRdq[^ ]*$
* 300^0 ^[^ ]*N0s9v3AIvb8x[^ ]*$
* 300^0 ^[^ ]*K6nSyAwC585X[^ ]*$
* 300^0 ^[^ ]*768AKXw783K6[^ ]*$
* 300^0 ^[^ ]*OgoaQ2PKp0E3[^ ]*$
* 300^0 ^[^ ]*9yub8UjXK51x[^ ]*$
* 300^0 ^[^ ]*dDmgoaQ2PKyq[^ ]*$
* 300^0 ^[^ ]*N6P4rqdLIDAL[^ ]*$
* 300^0 ^[^ ]*nQxAO8UVHKyB[^ ]*$
* 300^0 ^[^ ]*qahycrcCAAAX[^ ]*$
* 300^0 ^[^ ]*bwf90OKChNjx[^ ]*$
* 300^0 ^[^ ]*rDEBIwT1Ah8A[^ ]*$
* 300^0 ^[^ ]*78Q8droH8Huz[^ ]*$
* 300^0 ^[^ ]*dDmhNjyqdBOs[^ ]*$
* 300^0 ^[^ ]*PMCXJ6JwIAAH[^ ]*$
{
SBLOG="A1S-Mabuto-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Magistr Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*\+SPFQMP[^ ]*$
* 300^0 ^[^ ]*w2oAagD[^ ]*$
* 300^0 ^[^ ]*oFRAAIk[^ ]*$
* 300^0 ^[^ ]*dftAOBh[^ ]*$
* 300^0 ^[^ ]*g3yPBAB[^ ]*$
* 300^0 ^[^ ]*wYv3i/q[^ ]*$
* 300^0 ^[^ ]*V/8V1AF[^ ]*$
* 300^0 ^[^ ]*AIll9Il[^ ]*$
* 300^0 ^[^ ]*jUwkDFF[^ ]*$
* 300^0 ^[^ ]*xBSFwHU[^ ]*$
* 300^0 ^[^ ]*i/eL\+8H[^ ]*$
* 300^0 ^[^ ]*HAEAAIs[^ ]*$
* 300^0 ^[^ ]*SAOLxak[^ ]*$
* 300^0 ^[^ ]*KkAAagB[^ ]*$
* 300^0 ^[^ ]*7BgCAAB[^ ]*$
* 300^0 ^[^ ]*jYXw/v/[^ ]*$
* 300^0 ^[^ ]*bGljYXR[^ ]*$
* 300^0 ^[^ ]*bAAAVmh[^ ]*$
* 300^0 ^[^ ]*IGAAAeh[^ ]*$
* 300^0 ^[^ ]*AYTAdeO[^ ]*$
* 300^0 ^[^ ]*9P7//4X[^ ]*$
* 300^0 ^[^ ]*AFZHAAC[^ ]*$
* 300^0 ^[^ ]*YXAgZXJ[^ ]*$
* 300^0 ^[^ ]*dDWAPaF[^ ]*$
* 300^0 ^[^ ]*AenPAAA[^ ]*$
* 300^0 ^[^ ]*AFboSvj[^ ]*$
* 300^0 ^[^ ]*AQD2OwE[^ ]*$
* 300^0 ^[^ ]*bmkAV0F[^ ]*$
* 300^0 ^[^ ]*bnQAAG5[^ ]*$
* 300^0 ^[^ ]*RkQtMDB[^ ]*$
* 300^0 ^[^ ]*ezA1NTg[^ ]*$
* 300^0 ^[^ ]*QUdFTlQ[^ ]*$
* 300^0 ^[^ ]*YQBnAGU[^ ]*$
* 300^0 ^[^ ]*4kJu1TA[^ ]*$
* 300^0 ^[^ ]*ahS\+wyE[^ ]*$
* 300^0 ^[^ ]*LhRs\+nP[^ ]*$
* 300^0 ^[^ ]*/vOragN[^ ]*$
* 300^0 ^[^ ]*\+YvBi/e[^ ]*$
* 300^0 ^[^ ]*AABQV/8[^ ]*$
* 300^0 ^[^ ]*6I4sAAC[^ ]*$
* 300^0 ^[^ ]*JJAMAAA[^ ]*$
* 300^0 ^[^ ]*XlnDi0Q[^ ]*$
* 300^0 ^[^ ]*RAoBjVQ[^ ]*$
* 300^0 ^[^ ]*QAiJFSR[^ ]*$
* 300^0 ^[^ ]*AGgYIEA[^ ]*$
* 300^0 ^[^ ]*Luj0///[^ ]*$
* 300^0 ^[^ ]*oVgSQgD[^ ]*$
* 300^0 ^[^ ]*/1AIg8Q[^ ]*$
* 300^0 ^[^ ]*agBT6MD[^ ]*$
* 300^0 ^[^ ]*X13DAAA[^ ]*$
{
SBLOG="A1S-Magistr Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Maldal Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*pVfy9NU[^ ]*$
* 300^0 ^[^ ]*CH9wDw9[^ ]*$
* 300^0 ^[^ ]*KDI03fa[^ ]*$
* 300^0 ^[^ ]*rCAjaKR[^ ]*$
* 300^0 ^[^ ]*8pKXQHw[^ ]*$
* 300^0 ^[^ ]*ZICSAaz[^ ]*$
* 300^0 ^[^ ]*3wISFgA[^ ]*$
* 300^0 ^[^ ]*ZSBNaWR[^ ]*$
{
SBLOG="A1S-Maldal Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mawanella Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 500^0 ^[^ ]*T24gRXJ[^ ]*$
* 250^0 ^[^ ]*bnQKICB[^ ]*$
* 250^0 ^[^ ]*ICAgICA[^ ]*$
* 200^0 ^[^ ]*ZyAmICJ[^ ]*$
* 500^0 [mM]awanella
* 600^0 dirsystem&"\\Mawanella.vbs"
{
SBLOG="A1S-Mawanella.vbs Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mimail.A Worm (decompressed)
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*^UEsDBAo[^ ]*$
* 300^0 ^[^ ]*BInHV/9[^ ]*$
* 300^0 ^[^ ]*AIPHLok[^ ]*$
* 300^0 ^[^ ]*dfyLdfj[^ ]*$
* 300^0 ^[^ ]*AACDxAx[^ ]*$
* 300^0 ^[^ ]*NQAA/3X[^ ]*$
* 300^0 ^[^ ]*DYlD/It[^ ]*$
* 300^0 ^[^ ]*ImigfkV[^ ]*$
* 300^0 ^[^ ]*Bls0lhq[^ ]*$
* 300^0 ^[^ ]*pNmBThr[^ ]*$
* 300^0 ^[^ ]*JhZCsNz[^ ]*$
{
SBLOG="A1S-Mimail-A Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*sFdQJB4[^ ]*$
* 300^0 ^[^ ]*tfA9Im5[^ ]*$
* 300^0 ^[^ ]*ndpTyZQ[^ ]*$
* 300^0 ^[^ ]*XCQoUyM[^ ]*$
* 300^0 ^[^ ]*2xRcdLC[^ ]*$
{
SBLOG="A1S-Mimail-A Worm (UPX Encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UEsDBAo[^ ]*$
* 300^0 ^[^ ]*BInHV/9[^ ]*$
* 300^0 ^[^ ]*AIPHLok[^ ]*$
* 300^0 ^[^ ]*dfyLdfj[^ ]*$
* 300^0 ^[^ ]*AACDxAx[^ ]*$
* 300^0 ^[^ ]*[JO]wAA/3X[^ ]*$
* 300^0 ^[^ ]*t\+veDgy[^ ]*$
* 300^0 ^[^ ]*/2u5sw3[^ ]*$
* 300^0 ^[^ ]*zfTsPcV[^ ]*$
* 300^0 ^[^ ]*TpwlV8i[^ ]*$
* 300^0 ^[^ ]*7LJjzHw[^ ]*$
{
SBLOG="A1S-Mimail-C/Mimail-G Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*tfA9Iu0[^ ]*$
* 300^0 ^[^ ]*tpH2VDI[^ ]*$
* 300^0 ^[^ ]*tKzRdYM[^ ]*$
* 300^0 ^[^ ]*fj5oaYA[^ ]*$
{
SBLOG="A1S-Mimail-C Worm (UPX encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 600^0 c$?^?m$?^?V$?^?h$?^?Z$?^?G$?^?5$?^?v$?^?d$?^?y$?^?5$?^?k$?^?b$?^?2$?^?M$?^?u$?^?c$?^?2$?^?N$?^?y$?^?U$?^?E$?^?s$?^?B$?^?A$?^?h$?^?Q$?^?A$?^?C$?^?g
* 600^0 H$?^?J$?^?l$?^?Y$?^?W$?^?R$?^?u$?^?b$?^?3$?^?c$?^?u$?^?Z$?^?G$?^?9$?^?j$?^?L$?^?n$?^?N$?^?j$?^?c$?^?l$?^?B$?^?L$?^?B$?^?Q$?^?Y
{
SBLOG="A1S-Mimail-Dam Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UEsDBAo[^ ]*$
* 300^0 ^[^ ]*BInHV/9[^ ]*$
* 300^0 ^[^ ]*AIPHLok[^ ]*$
* 300^0 ^[^ ]*dfyLdfj[^ ]*$
* 300^0 ^[^ ]*AACDxAx[^ ]*$
* 300^0 ^[^ ]*KAAA/3X[^ ]*$
* 300^0 ^[^ ]*Krfr3g4[^ ]*$
* 300^0 ^[^ ]*hfDH/2u[^ ]*$
* 300^0 ^[^ ]*StzN9KS[^ ]*$
* 300^0 ^[^ ]*oqYVMiS[^ ]*$
* 300^0 ^[^ ]*nVADbAw[^ ]*$
{
SBLOG="A1S-Mimail-E Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZQ//tfA[^ ]*$
* 300^0 ^[^ ]*ZSqZkm2[^ ]*$
* 300^0 ^[^ ]*MbTd4EV[^ ]*$
* 300^0 ^[^ ]*sqPB/VH[^ ]*$
{
SBLOG="A1S-Mimail-E Worm (UPX encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZbYLFDb[^ ]*$
* 300^0 ^[^ ]*MbSsous[^ ]*$
* 300^0 ^[^ ]*Gtz4JpF[^ ]*$
* 300^0 ^[^ ]*VzpT/Qp[^ ]*$
* 300^0 ^[^ ]*/2tsw77[^ ]*$
* 300^0 ^[^ ]*bGZ7LOw[^ ]*$
* 300^0 ^[^ ]*oqZOnEu[^ ]*$
* 300^0 ^[^ ]*nAwYfDR[^ ]*$
{
SBLOG="A1S-Mimail-F Worm (UPX Encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MP\+18D0[^ ]*$
* 300^0 ^[^ ]*TMm2tgQ[^ ]*$
* 300^0 ^[^ ]*pTG0rAs[^ ]*$
* 300^0 ^[^ ]*Izsa3PE[^ ]*$
* 300^0 ^[^ ]*8Mf/a7n[^ ]*$
* 300^0 ^[^ ]*zfTS2cz[^ ]*$
* 300^0 ^[^ ]*ZWamTpy[^ ]*$
* 300^0 ^[^ ]*P2DP6xh[^ ]*$
{
SBLOG="A1S-Mimail-G Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UEsDBAo[^ ]*$
* 300^0 ^[^ ]*/0Xoi30[^ ]*$
* 300^0 ^[^ ]*WUAAOX3[^ ]*$
* 300^0 ^[^ ]*xARqAFC[^ ]*$
* 300^0 ^[^ ]*PTRZQAA[^ ]*$
{
SBLOG="A1S-Mimail-I Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*BB6FT2A[^ ]*$
* 300^0 ^[^ ]*WJ1nMg4[^ ]*$
* 300^0 ^[^ ]*jOY/web[^ ]*$
* 300^0 ^[^ ]*biHb608[^ ]*$
{
SBLOG="A1S-Mimail-I Worm (UPX encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UEsDBAo[^ ]*$
* 300^0 ^[^ ]*mQEAAP9[^ ]*$
* 300^0 ^[^ ]*/Is9NFl[^ ]*$
* 300^0 ^[^ ]*KAAAg8Q[^ ]*$
* 300^0 ^[^ ]*/0X8iz0[^ ]*$
{
SBLOG="A1S-Mimail-J Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*TwsM4dv[^ ]*$
* 300^0 ^[^ ]*7FidMF2[^ ]*$
* 300^0 ^[^ ]*5j/B5sx[^ ]*$
* 300^0 ^[^ ]*LEjXst5[^ ]*$
{
SBLOG="A1S-Mimail-J Worm (UPX encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*UEsDBAo[^ ]*$
* 300^0 ^[^ ]*BI292Pf[^ ]*$
* 300^0 ^[^ ]*LAAAice[^ ]*$
* 300^0 ^[^ ]*g8QQ/3X[^ ]*$
* 300^0 ^[^ ]*/In\+g8Y[^ ]*$
* 300^0 ^[^ ]*^UEsDBBQ[^ ]*$
* 300^0 ^[^ ]*Ja2AGLt[^ ]*$
* 300^0 ^[^ ]*Sr75CbN[^ ]*$
* 300^0 ^[^ ]*lGonaYF[^ ]*$
* 300^0 ^[^ ]*\+E5NYlp[^ ]*$
* 300^0 ^[^ ]*YrNN/mr[^ ]*$
{
SBLOG="A1S-Mimail-M Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*sG569A4[^ ]*$
* 300^0 ^[^ ]*W9kvxgQ[^ ]*$
* 300^0 ^[^ ]*0MQ1Zru[^ ]*$
* 300^0 ^[^ ]*7WzLXiK[^ ]*$
{
SBLOG="A1S-Mimail-M Worm (UPX encoded)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*lI2APscN[^ ]*$
* 300^0 ^[^ ]*brxF2LLU3[^ ]*$
* 300^0 ^[^ ]*J1wq9aFt[^ ]*$
* 300^0 ^[^ ]*HaqoWuvf[^ ]*$
* 300^0 ^[^ ]*FKGwjmqa[^ ]*$
* 300^0 ^[^ ]*VUQZrmf9[^ ]*$
{
SBLOG="A1S-Mimail-Q Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.W Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*YJuA6wS8WsBr[^ ]*$
* 300^0 ^[^ ]*zGzjbJDCLB96[^ ]*$
* 300^0 ^[^ ]*BOSKHdXH8Blw[^ ]*$
* 300^0 ^[^ ]*dEi3loqk64su[^ ]*$
* 300^0 ^[^ ]*byusWle0odyf[^ ]*$
{
SBLOG="A1S-Mitglieder.W Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.AB Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*l7OC3WKwuTV0x[^ ]*$
* 300^0 ^[^ ]*mbproquBa8Kr[^ ]*$
* 300^0 ^[^ ]*kwrF1I0Pw98a[^ ]*$
* 300^0 ^[^ ]*jVPOCVwakep5[^ ]*$
* 300^0 ^[^ ]*xPL1DFcf4o6D[^ ]*$
{
SBLOG="A1S-Mitglieder.AB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.CI Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Rgn3bs04Z9Wu[^ ]*$
* 300^0 ^[^ ]*fumEa9WNucF9[^ ]*$
* 300^0 ^[^ ]*tE1w61wMxiXo[^ ]*$
* 300^0 ^[^ ]*2YblPb2UOe0p[^ ]*$
* 300^0 ^[^ ]*jTeGvY0a6M5f[^ ]*$
{
SBLOG="A1S-Mitglieder.CI Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.CM Dropper
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*f6Ub5RHcb1Pp[^ ]*$
* 300^0 ^[^ ]*WVt9rb4XZXF1[^ ]*$
* 300^0 ^[^ ]*J5dxcRiuSkoh[^ ]*$
* 300^0 ^[^ ]*DXNWTI1QWLTe[^ ]*$
* 300^0 ^[^ ]*UtNbQ5JW6Wi7[^ ]*$
{
SBLOG="A1S-Mitglieder.CM Dropper"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.DT Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*DhDBR8Bingd7[^ ]*$
* 300^0 ^[^ ]*upw2LMmFHz3t[^ ]*$
* 300^0 ^[^ ]*pRA7AIyMHA80[^ ]*$
* 300^0 ^[^ ]*eGszso68uYv4[^ ]*$
* 300^0 ^[^ ]*mBQe8RmIWGBm[^ ]*$
{
SBLOG="A1S-Mitglieder.DT Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.DU Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ZWWqVMECLRyS[^ ]*$
* 300^0 ^[^ ]*KHboEhePsCD4[^ ]*$
* 300^0 ^[^ ]*govRCje0tQsC[^ ]*$
* 300^0 ^[^ ]*LvcVkBLh8YFW[^ ]*$
* 300^0 ^[^ ]*DVJYo4UOosiG[^ ]*$
{
SBLOG="A1S-Mitglieder.DU Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.EO Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*ODxLIgoABIcA[^ ]*$
* 300^0 ^[^ ]*rwrz4T1zrb87[^ ]*$
* 300^0 ^[^ ]*4zvnConzkzAE[^ ]*$
* 300^0 ^[^ ]*daycvhpQS08M[^ ]*$
* 300^0 ^[^ ]*625Rt5RiUbBj[^ ]*$
* 300^0 ^[^ ]*H489Du7duw13[^ ]*$
* 300^0 ^[^ ]*TPFdy9Jxm8YX[^ ]*$
* 300^0 ^[^ ]*c1QyGuG7jlUM[^ ]*$
* 300^0 ^[^ ]*Z0Vf6TfEt8gN[^ ]*$
* 300^0 ^[^ ]*Jkh4V9u9TeWz[^ ]*$
* 300^0 ^[^ ]*epfoejcGCSE7[^ ]*$
* 300^0 ^[^ ]*XmQmpqKHPEEJ[^ ]*$
* 300^0 ^[^ ]*WRatAQDSakpK[^ ]*$
* 300^0 ^[^ ]*xGjpQUNeBYrq[^ ]*$
* 300^0 ^[^ ]*TzvWXvtvd79W[^ ]*$
* 300^0 ^[^ ]*4LMjGYy8tsFC[^ ]*$
* 300^0 ^[^ ]*IqampfHWwl5e[^ ]*$
* 300^0 ^[^ ]*xmr18UfunGfP[^ ]*$
* 300^0 ^[^ ]*8iYH19bWXYQ9[^ ]*$
* 300^0 ^[^ ]*N7uvIpTA3UDO[^ ]*$
{
SBLOG="A1S-Mitglieder.EO Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.FB Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*FFWig83eLl6e[^ ]*$
* 300^0 ^[^ ]*UbJcg8K792ET[^ ]*$
* 300^0 ^[^ ]*woTUnwZnf0Mw[^ ]*$
* 300^0 ^[^ ]*QeoWBdX1xJFH[^ ]*$
* 300^0 ^[^ ]*s2OwrFxIgxsB[^ ]*$
* 300^0 ^[^ ]*fpeQS1br99PC[^ ]*$
* 300^0 ^[^ ]*ui2aoWWS99wT[^ ]*$
* 300^0 ^[^ ]*q2LD7VmpK2MA[^ ]*$
* 300^0 ^[^ ]*OSIxjuzhZPZQ[^ ]*$
* 300^0 ^[^ ]*jfNNYyKw4CEU[^ ]*$
{
SBLOG="A1S-Mitglieder.FB Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.FS Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*PmDBQXF0NWVh[^ ]*$
* 300^0 ^[^ ]*jvoR0LeqADBj[^ ]*$
* 300^0 ^[^ ]*FRynZoJxaNja[^ ]*$
* 300^0 ^[^ ]*FGV3xXAiaM2d[^ ]*$
* 300^0 ^[^ ]*MEMJlW4t6eJL[^ ]*$
{
SBLOG="A1S-Mitglieder.FS Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mitglieder.FT Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*n4yWc7OcaFUX[^ ]*$
* 300^0 ^[^ ]*teM6GoonV2K3[^ ]*$
* 300^0 ^[^ ]*7NCgu7tMJrWz[^ ]*$
* 300^0 ^[^ ]*j0uzR4VfUZwz[^ ]*$
* 300^0 ^[^ ]*4Q4WI4UZwrHg[^ ]*$
{
SBLOG="A1S-Mitglieder.FT Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# MTX Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*FDJAAP8[^ ]*$
* 300^0 ^[^ ]*dAEAADP[^ ]*$
* 300^0 ^[^ ]*Aw\+ESAE[^ ]*$
* 300^0 ^[^ ]*YW1lPSI[^ ]*$
* 300^0 ^[^ ]*ZXJkYXk[^ ]*$
{
SBLOG="A1S-MTX Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-A Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^[^ ]*3W2la412N[^ ]*$
* 200^0 ^[^ ]*8E5jDS9[^ ]*$
* 200^0 ^[^ ]*6v3qsCWEC[^ ]*$
* 200^0 ^[^ ]*QGIeHPZMx[^ ]*$
* 200^0 ^[^ ]*NMJvmAHBA[^ ]*$
* 200^0 ^[^ ]*sNPlMP1C[^ ]*$
* 200^0 ^[^ ]*9p3FuZ2G0[^ ]*$
* 200^0 ^[^ ]*bH0qUY9B1[^ ]*$
* 200^0 ^[^ ]*qQDG2OVQ[^ ]*$
* 200^0 ^[^ ]*UC7SR0Ue[^ ]*$
* 200^0 ^[^ ]*JBkZTS0P[^ ]*$
* 200^0 ^[^ ]*5kbGwAAE[^ ]*$
* 200^0 ^[^ ]*fDLWtUgy[^ ]*$
* 200^0 ^[^ ]*I24eF8gcZ[^ ]*$
* 200^0 ^[^ ]*KqLXQz4uh[^ ]*$
* 200^0 ^[^ ]*BYX3YCiw8[^ ]*$
* 200^0 ^[^ ]*5qJrkB4tj[^ ]*$
* 200^0 ^[^ ]*1y2gJG8p[^ ]*$
* 200^0 ^[^ ]*hOdeVHF2[^ ]*$
* 200^0 ^[^ ]*T0cCcXME[^ ]*$
* 200^0 ^[^ ]*9NASGaj0[^ ]*$
* 200^0 ^[^ ]*IDT5m7HM[^ ]*$
* 200^0 ^[^ ]*NcxzZaJq[^ ]*$
* 200^0 ^[^ ]*supPbJsV[^ ]*$
* 200^0 ^[^ ]*PBiveQBk[^ ]*$
* 200^0 ^[^ ]*87YgdBCB[^ ]*$
* 200^0 ^[^ ]*ZfGDfMXQ[^ ]*$
* 200^0 ^[^ ]*0DJPAnGDg[^ ]*$
* 200^0 ^[^ ]*GtQXQdKnU6[^ ]*$
* 200^0 ^[^ ]*3dN8Ugzb[^ ]*$
* 200^0 ^[^ ]*ODVphsE8[^ ]*$
* 200^0 ^[^ ]*12UK28qN[^ ]*$
* 200^0 ^[^ ]*vHXggBxF[^ ]*$
* 200^0 ^[^ ]*1QkDIvwhM[^ ]*$
* 200^0 ^[^ ]*BY7cbuGIp[^ ]*$
* 200^0 ^[^ ]*fjJBvuVhS[^ ]*$
* 200^0 ^[^ ]*DW5QMoX5[^ ]*$
* 200^0 ^[^ ]*a6DmN5D6[^ ]*$
* 200^0 ^[^ ]*IXZCH9TY[^ ]*$
* 200^0 ^[^ ]*o18cXPbNZ[^ ]*$
* 200^0 ^[^ ]*KcCF3IGY[^ ]*$
{
SBLOG="A1S-Mydoom-A Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-B Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^[^ ]*YvvWrknxpWVx[^ ]*$
* 200^0 ^[^ ]*9M9705t2HP6h[^ ]*$
* 200^0 ^[^ ]*8CISNMnkzG7[^ ]*$
* 200^0 ^[^ ]*8iHBkoV37UU[^ ]*$
* 200^0 ^[^ ]*IP5b9Yp7eBQ[^ ]*$
* 200^0 ^[^ ]*EGQB4wRhGm6p[^ ]*$
* 200^0 ^[^ ]*EwLhpmqbpJ7C[^ ]*$
* 200^0 ^[^ ]*xRSrS29zWDt[^ ]*$
* 200^0 ^[^ ]*sYb1EIgshQav[^ ]*$
* 200^0 ^[^ ]*RcrrjsbIACQp[^ ]*$
* 200^0 ^[^ ]*W8JgakUnojf[^ ]*$
* 200^0 ^[^ ]*OcsFyvwBUah[^ ]*$
{
SBLOG="A1S-Mydoom-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-E Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^[^ ]*DDZjk8b8NXGw[^ ]*$
* 200^0 ^[^ ]*A0buQDWXZp9M[^ ]*$
* 200^0 ^[^ ]*XvmfZnWSua9W[^ ]*$
* 200^0 ^[^ ]*ZrmZHBFbAhoA[^ ]*$
* 200^0 ^[^ ]*DBCVcZK5bcHN[^ ]*$
* 200^0 ^[^ ]*h1soY39smDVG[^ ]*$
* 200^0 ^[^ ]*iWC4RIeIu0Ip[^ ]*$
* 200^0 ^[^ ]*Lg9IAc7mwOP9[^ ]*$
* 200^0 ^[^ ]*vHIHnij1WmVy[^ ]*$
* 200^0 ^[^ ]*CoVCKjERGKnI[^ ]*$
* 200^0 ^[^ ]*kQBt7GhUCT6L[^ ]*$
* 200^0 ^[^ ]*kQBt7GhUCT6L[^ ]*$
{
SBLOG="A1S-Mydoom-E Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-F Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 200^0 ^[^ ]*BA0ZKDpPZ4[^ ]*$
* 200^0 ^[^ ]*of8HOQikE6[^ ]*$
* 200^0 ^[^ ]*OdHIb7MauN[^ ]*$
* 200^0 ^[^ ]*Zy2AHFtsK7[^ ]*$
* 200^0 ^[^ ]*N2OZ2qTclx[^ ]*$
* 200^0 ^[^ ]*7brcZg86yM[^ ]*$
* 200^0 ^[^ ]*9OLVGuMY3u[^ ]*$
* 200^0 ^[^ ]*qjWUrCvEsJ[^ ]*$
* 200^0 ^[^ ]*WL97Mllik9[^ ]*$
* 200^0 ^[^ ]*jlFzp6cOlC[^ ]*$
* 200^0 ^[^ ]*6PjGA1VrXb[^ ]*$
* 200^0 ^[^ ]*082Mz56Ttk[^ ]*$
* 200^0 ^[^ ]*ZNa6zJ5dl7[^ ]*$
* 200^0 ^[^ ]*6VBDiS74uD[^ ]*$
* 200^0 ^[^ ]*lsdjBRKjVB[^ ]*$
* 200^0 ^[^ ]*clhux16h9E[^ ]*$
* 200^0 ^[^ ]*MVeAh3dfkB[^ ]*$
* 200^0 ^[^ ]*YBkOOrF1IP[^ ]*$
* 300^0 ^[^ ]*X4dedkuvQtb3[^ ]*$
* 300^0 ^[^ ]*beKSElFgztem[^ ]*$
* 300^0 ^[^ ]*M9MHNLD4qX8Y[^ ]*$
* 300^0 ^[^ ]*ylJCXX8o3kmc[^ ]*$
* 300^0 ^[^ ]*O4UMiXuwkmLE[^ ]*$
{
SBLOG="A1S-Mydoom-F Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-G Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*BhtYL0wHRCdQ[^ ]*$
* 300^0 ^[^ ]*wJHVmZvYOa4M[^ ]*$
* 300^0 ^[^ ]*ot8iLn83x3dY[^ ]*$
* 300^0 ^[^ ]*DxB3NogUSFsu[^ ]*$
* 300^0 ^[^ ]*ywLZRvE78uaI[^ ]*$
{
SBLOG="A1S-Mydoom-G Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-J Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*eIYiVzfcwaL2[^ ]*$
* 300^0 ^[^ ]*T7ANndjHB9dI[^ ]*$
* 300^0 ^[^ ]*wHRcHqrSdhFF[^ ]*$
* 300^0 ^[^ ]*VXsQIsvDhcIs[^ ]*$
* 300^0 ^[^ ]*9Br5EcIX5XPx[^ ]*$
* 300^0 ^[^ ]*9srHByKHBZOA[^ ]*$
* 300^0 ^[^ ]*enfjW8BPvh3P[^ ]*$
* 300^0 ^[^ ]*hXiX30FKT6Mb[^ ]*$
* 300^0 ^[^ ]*aBBbkTWt6fEu[^ ]*$
* 300^0 ^[^ ]*KNEHUsx4FiXX[^ ]*$
* 300^0 ^[^ ]*VnvgiW6dkVgp[^ ]*$
* 300^0 ^[^ ]*ushgehSRRyPg[^ ]*$
* 300^0 ^[^ ]*INpHkxpBA4Wu[^ ]*$
* 300^0 ^[^ ]*TeaPAcURIO4I[^ ]*$
* 300^0 ^[^ ]*4YKOic7GHLyI[^ ]*$
* 300^0 ^[^ ]*20PPnLIMsBRo[^ ]*$
* 300^0 ^[^ ]*fRxNbOySN4J1[^ ]*$
* 300^0 ^[^ ]*SfSLxoPgB4P4[^ ]*$
* 300^0 ^[^ ]*5LvIrHZcaFSu[^ ]*$
* 300^0 ^[^ ]*3FLEe8VnpDas[^ ]*$
{
SBLOG="A1S-Mydoom-J Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-M Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*wFBgGln0B6Z8[^ ]*$
* 300^0 ^[^ ]*sOFNWi3UIM9t[^ ]*$
* 300^0 ^[^ ]*NG26VDBIdK9E[^ ]*$
* 300^0 ^[^ ]*zCsDDG5g0VwR[^ ]*$
* 300^0 ^[^ ]*Pgp18UCNtoju[^ ]*$
* 300^0 ^[^ ]*7NhmLMdGb2VT[^ ]*$
* 300^0 ^[^ ]*QhSQ6NPOjwEP[^ ]*$
* 300^0 ^[^ ]*Rf1uYKd1iX9M[^ ]*$
* 300^0 ^[^ ]*EE7ynzwyniDw[^ ]*$
* 300^0 ^[^ ]*QArRzAKCVCp3[^ ]*$
* 300^0 ^[^ ]*Aa2IBYb3WnIO[^ ]*$
* 300^0 ^[^ ]*LPZgIjY1Eg8A[^ ]*$
* 300^0 ^[^ ]*EAx061j1LVQT[^ ]*$
* 300^0 ^[^ ]*AQO0pgss9e3R[^ ]*$
* 300^0 ^[^ ]*g8PXQ0PCt0MD[^ ]*$
{
SBLOG="A1S-Mydoom-M Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-O Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dEI9tCB8MV9T[^ ]*$
* 300^0 ^[^ ]*wBqWugOabCDx[^ ]*$
* 300^0 ^[^ ]*IiQoUdLbObW6[^ ]*$
* 300^0 ^[^ ]*7hiZiwceO9hP[^ ]*$
* 300^0 ^[^ ]*8NQHbPCDwMQy[^ ]*$
* 300^0 ^[^ ]*xEMVMsZcenBU[^ ]*$
* 300^0 ^[^ ]*lSvDoQwSXYDN[^ ]*$
* 300^0 ^[^ ]*VCe777DdyEiV[^ ]*$
* 300^0 ^[^ ]*ZMORgSHeaDw9[^ ]*$
* 300^0 ^[^ ]*rxIeoIAFNwo0[^ ]*$
* 300^0 ^[^ ]*nHYm24cTfYqI[^ ]*$
* 300^0 ^[^ ]*DahIDRJeRmUN[^ ]*$
* 300^0 ^[^ ]*becDe2TCRTnY[^ ]*$
* 300^0 ^[^ ]*cJwaA1qCWn9w[^ ]*$
* 300^0 ^[^ ]*NYxue7csAng3[^ ]*$
* 300^0 ^[^ ]*LbRuzoZkgXxO[^ ]*$
* 300^0 ^[^ ]*REFUQYWxvnuV[^ ]*$
* 300^0 ^[^ ]*MJpFU1OLTyx4[^ ]*$
* 300^0 ^[^ ]*1kzDjoBJrnOx[^ ]*$
* 300^0 ^[^ ]*LwdAV5MgAJAH[^ ]*$
* 300^0 ^[^ ]*Rx5CK3RuurxQ[^ ]*$
* 300^0 ^[^ ]*PcNLDU1NCDxV[^ ]*$
* 300^0 ^[^ ]*SYA8CFx0Dhk8[^ ]*$
* 300^0 ^[^ ]*Gm6tG3GBQn07[^ ]*$
* 300^0 ^[^ ]*3bbarR3bK2kP[^ ]*$
* 300^0 ^[^ ]*MAQBmKWywEgE[^ ]*$
* 300^0 ^[^ ]*bNmTW3bONQHH[^ ]*$
* 300^0 ^[^ ]*1NTQg8VVJtbb[^ ]*$
* 300^0 ^[^ ]*MCMeeBhuTefo[^ ]*$
* 300^0 ^[^ ]*Me00HrWbgfG1[^ ]*$
* 300^0 ^[^ ]*0JDWX1zYR4Nb[^ ]*$
* 300^0 ^[^ ]*li0AIORhsRwH[^ ]*$
* 300^0 ^[^ ]*70IhnulliAdE[^ ]*$
* 300^0 ^[^ ]*yA2GYclXKNcK[^ ]*$
* 300^0 ^[^ ]*VVpcGhscA0L2[^ ]*$
* 300^0 ^[^ ]*5rT9TZ68NeaE[^ ]*$
* 300^0 ^[^ ]*OD2YG18pAJ9I[^ ]*$
* 300^0 ^[^ ]*9Ne1ZGzZk1t2[^ ]*$
* 300^0 ^[^ ]*MDOGhL0MUlA7[^ ]*$
* 300^0 ^[^ ]*NTQg8VVJtbbQ[^ ]*$
* 300^0 ^[^ ]*DxXDDnLSjaLE[^ ]*$
* 300^0 ^[^ ]*Aan9QEFaAUGf[^ ]*$
* 300^0 ^[^ ]*bCbCOsZOgeL8[^ ]*$
* 300^0 ^[^ ]*bCbCOsZOgeL8[^ ]*$
* 300^0 ^[^ ]*jNgCDgydQNR8[^ ]*$
* 300^0 ^[^ ]*DCiGhUR4GEoK[^ ]*$
* 300^0 ^[^ ]*ASa5zsSyXQF0[^ ]*$
* 300^0 ^[^ ]*nMNvfKXMma2d[^ ]*$
* 300^0 ^[^ ]*FWUPaUvv9Qll[^ ]*$
* 300^0 ^[^ ]*gEHR9ey58Kik[^ ]*$
* 300^0 ^[^ ]*BmLOhD2QzMkp[^ ]*$
* 300^0 ^[^ ]*Tk8dRk9VTkR8[^ ]*$
* 300^0 ^[^ ]*BX5b2v5XVo2F[^ ]*$
* 300^0 ^[^ ]*LigGQKJck4Td[^ ]*$
{
SBLOG="A1S-Mydoom-O Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-P Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*DBwIOhEr85yZ[^ ]*$
* 300^0 ^[^ ]*EesznSSCAIDX[^ ]*$
* 300^0 ^[^ ]*SieREDMkQIrl[^ ]*$
* 300^0 ^[^ ]*KqHYq3lgmFwU[^ ]*$
* 300^0 ^[^ ]*Nj8dKu6ZJFRe[^ ]*$
* 300^0 ^[^ ]*s9fxSV7LD3slU[^ ]*$
* 300^0 ^[^ ]*wlZIP4Bn4GXr[^ ]*$
* 300^0 ^[^ ]*0nQcIcMdlEur[^ ]*$
* 300^0 ^[^ ]*LQQuPEvZdkEU[^ ]*$
* 300^0 ^[^ ]*XWAbUi01JWBn[^ ]*$
{
SBLOG="A1S-Mydoom-P Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-S Virus/Worm
#
# 8/16/04:
# .EXE attached file from taylormade@ozadsl.com.au, filename of
# executable being photos_arc.exe. FProt doesn't catch it yet,
# but I got forty of these babies in the last couple of hours.
# It's a virus. :)
#
# 8/16/04:
# Clam-AV detects it -- this is MyDoom-S.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*TXpfwujg510I[^ ]*$
* 300^0 ^[^ ]*Tg5O2rZntir5[^ ]*$
* 300^0 ^[^ ]*h06OJkbJIL5w[^ ]*$
* 300^0 ^[^ ]*LEcGl0VwAhQw[^ ]*$
* 300^0 ^[^ ]*fCkIPNFu38aI[^ ]*$
{
SBLOG="A1S-Mydoom-S Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mydoom-AY Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AwmNjDgCjQPA[^ ]*$
* 300^0 ^[^ ]*f86A5iWeJbQV[^ ]*$
* 300^0 ^[^ ]*YTYwXFYpBz3K[^ ]*$
* 300^0 ^[^ ]*8Lc7YVsy9sn5[^ ]*$
* 300^0 ^[^ ]*l7jb5gAc5r9e[^ ]*$
* 300^0 ^[^ ]*qGpqdRhsvEJ5[^ ]*$
* 300^0 ^[^ ]*CFUAe8F22ie3[^ ]*$
* 300^0 ^[^ ]*KsPlEry20ZwI[^ ]*$
* 300^0 ^[^ ]*RhLQTiBBN9hs[^ ]*$
* 300^0 ^[^ ]*PpFoy7iFqIWC[^ ]*$
* 300^0 ^[^ ]*CEQYCPueNJcU[^ ]*$
* 300^0 ^[^ ]*CrfutgTf92V5[^ ]*$
* 300^0 ^[^ ]*yDUNiihWFHMW[^ ]*$
* 300^0 ^[^ ]*0kuCzzoB2g3p[^ ]*$
* 300^0 ^[^ ]*aDGtZDK8AEJz[^ ]*$
* 300^0 ^[^ ]*GTKJm5kRVQG4[^ ]*$
* 300^0 ^[^ ]*Jqxz8qmTQHWP[^ ]*$
* 300^0 ^[^ ]*16BkVAhUnGZp[^ ]*$
* 300^0 ^[^ ]*vHpKRvrGBiXS[^ ]*$
* 300^0 ^[^ ]*P5GuGNAvRMx0[^ ]*$
{
SBLOG="A1S-Mydoom-AY Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# MyParty Virus
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dD5WEnb[^ ]*$
* 300^0 ^[^ ]*JTkZBdH[^ ]*$
* 300^0 ^[^ ]*1xUMi00[^ ]*$
* 300^0 ^[^ ]*FyKQAFF[^ ]*$
* 300^0 ^[^ ]*f31f\+15[^ ]*$
{
SBLOG="A1S-MyParty Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-D Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*zj0UDAdqCNIb[^ ]*$
* 300^0 ^[^ ]*gvtgQq9VWFDH[^ ]*$
* 300^0 ^[^ ]*yz24jc1ZGw6J[^ ]*$
* 300^0 ^[^ ]*klD1WoPTjstb[^ ]*$
* 300^0 ^[^ ]*GerrMniamm02[^ ]*$
* 300^0 ^[^ ]*1IEuXCTKwFeR[^ ]*$
* 300^0 ^[^ ]*mPI5XKnpcAQ4[^ ]*$
* 300^0 ^[^ ]*SVvglKmxP5MS[^ ]*$
* 300^0 ^[^ ]*pBsK2Po9t4aR[^ ]*$
* 300^0 ^[^ ]*bQ4FSb9acALA[^ ]*$
* 300^0 ^[^ ]*Wo1frvN6czOy[^ ]*$
* 300^0 ^[^ ]*xmuVj1kJByWf[^ ]*$
* 300^0 ^[^ ]*QiTQmZQPEwfa[^ ]*$
* 300^0 ^[^ ]*c8XYwoqk63K9[^ ]*$
* 300^0 ^[^ ]*ncoIFxShiLwF[^ ]*$
* 300^0 ^[^ ]*rOD5CUOzObGH[^ ]*$
* 300^0 ^[^ ]*kOoOe5Z6xGmD[^ ]*$
* 300^0 ^[^ ]*hJsnlk6Lg4KF[^ ]*$
* 300^0 ^[^ ]*AxyPHJ1sNHy5[^ ]*$
* 300^0 ^[^ ]*MKKpOtyvaKMj[^ ]*$
{
SBLOG="A1S-Mytob-D Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-gen Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*i9VUfQP1N002[^ ]*$
* 300^0 ^[^ ]*fdkg55A0MzGU[^ ]*$
* 300^0 ^[^ ]*VKvaieXv7tSl[^ ]*$
* 300^0 ^[^ ]*vAheVmQoeAWG[^ ]*$
* 300^0 ^[^ ]*QlfQeoPV6JcQ[^ ]*$
* 300^0 ^[^ ]*36M9dr8Oz6Qq[^ ]*$
* 300^0 ^[^ ]*95n4GaRr0A0I[^ ]*$
* 300^0 ^[^ ]*aVe3fitC4YAt[^ ]*$
* 300^0 ^[^ ]*TKHgEqcwEsDk[^ ]*$
* 300^0 ^[^ ]*yoLYurj9GaMS[^ ]*$
* 300^0 ^[^ ]*KMlGioMlE4Uo[^ ]*$
* 300^0 ^[^ ]*AfiHfiMPwyZu[^ ]*$
* 300^0 ^[^ ]*YMSYRhywzMn2[^ ]*$
* 300^0 ^[^ ]*G3Vj8JjH3h6d[^ ]*$
* 300^0 ^[^ ]*7PcM52lahDw2[^ ]*$
{
SBLOG="A1S-Mytob-gen Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-J Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*4AVXUFfQNmhe[^ ]*$
* 300^0 ^[^ ]*fT3QTl232mFH[^ ]*$
* 300^0 ^[^ ]*DwBdbdBl4hvw[^ ]*$
* 300^0 ^[^ ]*WNIqtXkUBtJb[^ ]*$
* 300^0 ^[^ ]*FlStPFOTm383[^ ]*$
* 300^0 ^[^ ]*LuhHulKJ6wNQ[^ ]*$
* 300^0 ^[^ ]*EU0YivY5G5Xk[^ ]*$
* 300^0 ^[^ ]*B5ZLJGzCJECm[^ ]*$
* 300^0 ^[^ ]*Q3UAD92GCt9s[^ ]*$
* 300^0 ^[^ ]*OQI5CQV6XSC5[^ ]*$
* 300^0 ^[^ ]*lTpOz7HFszx2[^ ]*$
* 300^0 ^[^ ]*aKoBtirZ1sBp[^ ]*$
* 300^0 ^[^ ]*zzXtg1MW6Vhy[^ ]*$
* 300^0 ^[^ ]*Qejimt4EUpUq[^ ]*$
* 300^0 ^[^ ]*306hzB8hQB2z[^ ]*$
{
SBLOG="A1S-Mytob-J Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-K Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Tq6tkY58tDok[^ ]*$
* 300^0 ^[^ ]*3X6CLgwty36L[^ ]*$
* 300^0 ^[^ ]*nFcPzyijzCxZ[^ ]*$
* 300^0 ^[^ ]*CgiXV9wb9KA9[^ ]*$
* 300^0 ^[^ ]*1c5CH9o2gddz[^ ]*$
* 300^0 ^[^ ]*9fvQ9BdwRmwc[^ ]*$
* 300^0 ^[^ ]*M4cXYCbAXmuF[^ ]*$
* 300^0 ^[^ ]*rqbFNdcMJr0Y[^ ]*$
* 300^0 ^[^ ]*LIK6LKybEtf1[^ ]*$
* 300^0 ^[^ ]*7igYueHExcWW[^ ]*$
* 300^0 ^[^ ]*u4HDmBeHqtqo[^ ]*$
* 300^0 ^[^ ]*g6lErB8OqrkM[^ ]*$
* 300^0 ^[^ ]*e3greZq7ONbg[^ ]*$
* 300^0 ^[^ ]*zrDdltdYWW0e[^ ]*$
* 300^0 ^[^ ]*DvKzUDknKYJj[^ ]*$
{
SBLOG="A1S-Mytob-K Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-M Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Gz5CFbsPT0Uw[^ ]*$
* 300^0 ^[^ ]*3KuwZhSPGAqT[^ ]*$
* 300^0 ^[^ ]*7p8fbKiPsWxG[^ ]*$
* 300^0 ^[^ ]*0oSskFc2Em98[^ ]*$
* 300^0 ^[^ ]*yMPHqNOK2ioX[^ ]*$
{
SBLOG="A1S-Mytob-M Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-Q Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*wFEPtslTZrtZ[^ ]*$
* 300^0 ^[^ ]*CJOLBrhcxbUA[^ ]*$
* 300^0 ^[^ ]*f2vPWHSRaSzP[^ ]*$
* 300^0 ^[^ ]*x1tj4R6dYhbd[^ ]*$
* 300^0 ^[^ ]*GAryGuwCOCsW[^ ]*$
* 300^0 ^[^ ]*tWHwOddercxs[^ ]*$
* 300^0 ^[^ ]*WvbSIbzlVT6S[^ ]*$
* 300^0 ^[^ ]*3RyXRrNbkEZV[^ ]*$
* 300^0 ^[^ ]*ld5PNXvxeilL[^ ]*$
* 300^0 ^[^ ]*6Os8jHqcszZd[^ ]*$
* 300^0 ^[^ ]*gi4Oyb1I2lE4[^ ]*$
* 300^0 ^[^ ]*gebKuckV8hOp[^ ]*$
* 300^0 ^[^ ]*3QWNqtYx3qzm[^ ]*$
* 300^0 ^[^ ]*lNelUFSwXSBm[^ ]*$
* 300^0 ^[^ ]*7enFloF45mnK[^ ]*$
{
SBLOG="A1S-Mytob-Q Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-AA Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*IJJXxr4gisQE[^ ]*$
* 300^0 ^[^ ]*sXdu5nyRDsUo[^ ]*$
* 300^0 ^[^ ]*mBAMwq8s94ZB[^ ]*$
* 300^0 ^[^ ]*0XRZi9ndeW5b[^ ]*$
* 300^0 ^[^ ]*8An5M0BpTssz[^ ]*$
* 300^0 ^[^ ]*E4ApgekSF78B[^ ]*$
* 300^0 ^[^ ]*iYofq8kHb4gb[^ ]*$
* 300^0 ^[^ ]*B0MCX7sdo6N2[^ ]*$
* 300^0 ^[^ ]*NyNneJFsA7Pk[^ ]*$
* 300^0 ^[^ ]*pMHiVw9jtrl7[^ ]*$
* 300^0 ^[^ ]*rMy77eOF3dC0[^ ]*$
* 300^0 ^[^ ]*WQjfbWJimGST[^ ]*$
* 300^0 ^[^ ]*ZcqWAaSkEnBV[^ ]*$
* 300^0 ^[^ ]*lG3ZqoL0X2kd[^ ]*$
* 300^0 ^[^ ]*NRZph0Er9zNs[^ ]*$
* 300^0 ^[^ ]*lkpB6CeFFSF8[^ ]*$
* 300^0 ^[^ ]*6aLiwOgPKHDc[^ ]*$
* 300^0 ^[^ ]*tGCo0itDaujT[^ ]*$
* 300^0 ^[^ ]*8PCHWl5pyu62[^ ]*$
* 300^0 ^[^ ]*mvGgPVJWS9Li[^ ]*$
* 300^0 ^[^ ]*selczO8BdOQe[^ ]*$
* 300^0 ^[^ ]*OHUYHGtPVhU7[^ ]*$
* 300^0 ^[^ ]*VisZgSzhRjfI[^ ]*$
* 300^0 ^[^ ]*7QOvTE88hhhC[^ ]*$
* 300^0 ^[^ ]*Jg8Lb6IIkfUb[^ ]*$
{
SBLOG="A1S-Mytob-AA Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-AC Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*oomejQyt2PBk[^ ]*$
* 300^0 ^[^ ]*7OMZyCItcVfn[^ ]*$
* 300^0 ^[^ ]*baJToW0yuEKJ[^ ]*$
* 300^0 ^[^ ]*PQe25fBCuadc[^ ]*$
* 300^0 ^[^ ]*U3aH2iFxqBSO[^ ]*$
* 300^0 ^[^ ]*PLuJTuugMU4G[^ ]*$
* 300^0 ^[^ ]*r9CtGCWPYkYH[^ ]*$
* 300^0 ^[^ ]*nuJ9HZUWp9Fg[^ ]*$
* 300^0 ^[^ ]*Ff3H02RYHc85[^ ]*$
* 300^0 ^[^ ]*Rk5DiZ45wZYq[^ ]*$
* 300^0 ^[^ ]*nH0q0vO7SNA0[^ ]*$
* 300^0 ^[^ ]*o3jVZvnIVdrs[^ ]*$
* 300^0 ^[^ ]*P9CXewVR28eD[^ ]*$
* 300^0 ^[^ ]*FHoG3BpyFmFp[^ ]*$
* 300^0 ^[^ ]*uacxk4eKm2sA[^ ]*$
{
SBLOG="A1S-Mytob-AC Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-AM Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*cgQrgwwBgccN[^ ]*$
* 300^0 ^[^ ]*SDnT0m5zv9s5[^ ]*$
* 300^0 ^[^ ]*MUqjFCv0JHoG[^ ]*$
* 300^0 ^[^ ]*ooBr6P4q6TAV[^ ]*$
* 300^0 ^[^ ]*RM031puSoD62[^ ]*$
* 300^0 ^[^ ]*j4D52zSCTXzq[^ ]*$
* 300^0 ^[^ ]*paWHkeNK2C5t[^ ]*$
* 300^0 ^[^ ]*hcdHp03L5sod[^ ]*$
* 300^0 ^[^ ]*tm1MbAJCsn8D[^ ]*$
* 300^0 ^[^ ]*kHUFoceevh2o[^ ]*$
* 300^0 ^[^ ]*yOA7Dv5yBCuD[^ ]*$
* 300^0 ^[^ ]*zo0TGFoFJ1P5[^ ]*$
* 300^0 ^[^ ]*Pupb2N1MvxM5[^ ]*$
* 300^0 ^[^ ]*CYly0LMk7Uxc[^ ]*$
* 300^0 ^[^ ]*7lEpsJQeqLz6[^ ]*$
* 300^0 ^[^ ]*VQiNNMOYDD7o[^ ]*$
* 300^0 ^[^ ]*5NRx8nfP2pOk[^ ]*$
* 300^0 ^[^ ]*WrmWGusbtnU2[^ ]*$
* 300^0 ^[^ ]*NX4JiXLQsyTt[^ ]*$
* 300^0 ^[^ ]*jOf2YTrV9uIe[^ ]*$
* 300^0 ^[^ ]*cdOc084hf06N[^ ]*$
* 300^0 ^[^ ]*A92qosPBivPI[^ ]*$
* 300^0 ^[^ ]*8TgYVgzv3fYL[^ ]*$
* 300^0 ^[^ ]*8xp8TRZhbXAR[^ ]*$
* 300^0 ^[^ ]*7V7GegGn8k31[^ ]*$
{
SBLOG="A1S-Mytob-AM Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-AS Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*QnAePIouUFnC[^ ]*$
* 300^0 ^[^ ]*QBKEqv2nbVOT[^ ]*$
* 300^0 ^[^ ]*YtJGcdTHmjsl[^ ]*$
* 300^0 ^[^ ]*QChnnHdJUVBN[^ ]*$
* 300^0 ^[^ ]*AxwQUDOOOkAx[^ ]*$
{
SBLOG="A1S-Mytob-AS Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-AT Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*tJHUGJ3wgZAb[^ ]*$
* 300^0 ^[^ ]*pGHp6BWMYjIt[^ ]*$
* 300^0 ^[^ ]*NVJ0enuHFynL[^ ]*$
* 300^0 ^[^ ]*BzgWwvuressm[^ ]*$
* 300^0 ^[^ ]*IMg0jkC9q09H[^ ]*$
* 300^0 ^[^ ]*ojC55hcpiSqX[^ ]*$
* 300^0 ^[^ ]*a2DPJQoNsFZM[^ ]*$
* 300^0 ^[^ ]*L8WyO79grpII[^ ]*$
* 300^0 ^[^ ]*xY1WptOWS7NS[^ ]*$
* 300^0 ^[^ ]*OD0xnRObtiIy[^ ]*$
* 300^0 ^[^ ]*TuzrJyJqyBFn[^ ]*$
* 300^0 ^[^ ]*n1oa04nkylly[^ ]*$
* 300^0 ^[^ ]*veZp97P7Nkfv[^ ]*$
* 300^0 ^[^ ]*01Fu8pJ5iAwm[^ ]*$
* 300^0 ^[^ ]*4SnXy1AWtUD5[^ ]*$
* 300^0 ^[^ ]*2kj9ni6EByd6[^ ]*$
* 300^0 ^[^ ]*94j19Eu3rBN9[^ ]*$
* 300^0 ^[^ ]*Pd3eC4mLNiSW[^ ]*$
* 300^0 ^[^ ]*JnEE5Uwhv2vw[^ ]*$
* 300^0 ^[^ ]*12mw5CMiDscK[^ ]*$
* 300^0 ^[^ ]*KAkA3GCQ4TeK[^ ]*$
* 300^0 ^[^ ]*YHmwqrN7DCgK[^ ]*$
* 300^0 ^[^ ]*ysXiuwoXLk9P[^ ]*$
* 300^0 ^[^ ]*Vkwnje6zQBs6[^ ]*$
* 300^0 ^[^ ]*dQHxEvuZg767[^ ]*$
* 300^0 ^[^ ]*4C1ECokX2DRT[^ ]*$
* 300^0 ^[^ ]*VldqBYkOEVqL[^ ]*$
* 300^0 ^[^ ]*Z3EgxQd9AdNR[^ ]*$
* 300^0 ^[^ ]*OppbeAEteE4s[^ ]*$
* 300^0 ^[^ ]*ITjf57MT3QAy[^ ]*$
{
SBLOG="A1S-Mytob-AT Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BA Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MToW4FKyqKpP[^ ]*$
* 300^0 ^[^ ]*u7Jyl3k4vSrX[^ ]*$
* 300^0 ^[^ ]*21oQ1yRwMyct[^ ]*$
* 300^0 ^[^ ]*IIDbqmlYBDs1[^ ]*$
* 300^0 ^[^ ]*ndKVsvwRCZPo[^ ]*$
* 300^0 ^[^ ]*gFXe5Kwt1asX[^ ]*$
* 300^0 ^[^ ]*oJygJATdOHas[^ ]*$
* 300^0 ^[^ ]*8YyCROlTgUfi[^ ]*$
* 300^0 ^[^ ]*MpbllpRNyTiO[^ ]*$
* 300^0 ^[^ ]*BrI6ngFocEX3[^ ]*$
* 300^0 ^[^ ]*ZytRIIqOQMzz[^ ]*$
* 300^0 ^[^ ]*TPv4wRIXmJBQ[^ ]*$
* 300^0 ^[^ ]*ENkzI8noIeOu[^ ]*$
* 300^0 ^[^ ]*hb7ij5NzWDZG[^ ]*$
* 300^0 ^[^ ]*6QRA0XTP1NXx[^ ]*$
* 300^0 ^[^ ]*Pest23SlIOmb[^ ]*$
* 300^0 ^[^ ]*fXuPDSai2mqA[^ ]*$
* 300^0 ^[^ ]*YLAKBwAJkJ2O[^ ]*$
* 300^0 ^[^ ]*khPMKvo6SNJZ[^ ]*$
* 300^0 ^[^ ]*RbEqyI16RW9Y[^ ]*$
{
SBLOG="A1S-Mytob-BA Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BH Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*EBrjIoEVbHT7[^ ]*$
* 300^0 ^[^ ]*s6I7VRKd7wCT[^ ]*$
* 300^0 ^[^ ]*2ujSUQbtFM7u[^ ]*$
* 300^0 ^[^ ]*8BvxIuakw8mY[^ ]*$
* 300^0 ^[^ ]*hZZBYNW9vVW5[^ ]*$
* 300^0 ^[^ ]*7RTISSNmnVgO[^ ]*$
* 300^0 ^[^ ]*KVY99FmeS593[^ ]*$
* 300^0 ^[^ ]*dmnQMhGWEBhs[^ ]*$
* 300^0 ^[^ ]*yUwyHiyGQbWH[^ ]*$
* 300^0 ^[^ ]*wHREojpx9KSU[^ ]*$
* 300^0 ^[^ ]*aj14MavTJp8M[^ ]*$
* 300^0 ^[^ ]*TTgdzA4prAHA[^ ]*$
* 300^0 ^[^ ]*7x23YZf5cqsL[^ ]*$
* 300^0 ^[^ ]*eMgTCFVTWYR6[^ ]*$
* 300^0 ^[^ ]*tLIdbvYYCNU2[^ ]*$
* 300^0 ^[^ ]*KurBgJoHjs38[^ ]*$
* 300^0 ^[^ ]*T7zzaQAtvIgA[^ ]*$
* 300^0 ^[^ ]*kVk6zpYNRRQr[^ ]*$
* 300^0 ^[^ ]*QLQzh0OcMepN[^ ]*$
* 300^0 ^[^ ]*SqaV9WwMOePk[^ ]*$
* 300^0 ^[^ ]*0yfXSzupNe2v[^ ]*$
* 300^0 ^[^ ]*PiOpaUlfYYEk[^ ]*$
* 300^0 ^[^ ]*7mTLlykVTOJ8[^ ]*$
* 300^0 ^[^ ]*HzZtKyogO8OX[^ ]*$
* 300^0 ^[^ ]*fBHaBxM9WCoh[^ ]*$
{
SBLOG="A1S-Mytob-BH Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BI Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*xV3zeuIV6cRp[^ ]*$
* 300^0 ^[^ ]*uI3W6MdlXnha[^ ]*$
* 300^0 ^[^ ]*Z045BHQZA403[^ ]*$
* 300^0 ^[^ ]*VkK1vB02v861[^ ]*$
* 300^0 ^[^ ]*16ae1LFzMJag[^ ]*$
* 300^0 ^[^ ]*mnxJ1xtk4arh[^ ]*$
* 300^0 ^[^ ]*CAFYaVuzuBH3[^ ]*$
* 300^0 ^[^ ]*mJXTw3zplUax[^ ]*$
* 300^0 ^[^ ]*uJW07f7Jjhpj[^ ]*$
* 300^0 ^[^ ]*Nvpcyl8Vv6VM[^ ]*$
* 300^0 ^[^ ]*8r89GYAsDpme[^ ]*$
* 300^0 ^[^ ]*HPG6Dm59rym2[^ ]*$
* 300^0 ^[^ ]*P9OggBJ5hHgg[^ ]*$
* 300^0 ^[^ ]*Kb2MgWjkGfqs[^ ]*$
* 300^0 ^[^ ]*SEb52lBMsNdO[^ ]*$
* 300^0 ^[^ ]*1nCELelD4SlY[^ ]*$
* 300^0 ^[^ ]*lARenPadw1Uq[^ ]*$
* 300^0 ^[^ ]*DKiCvL3e4YsV[^ ]*$
* 300^0 ^[^ ]*85pv1RS5Rxol[^ ]*$
* 300^0 ^[^ ]*JEq4k00bbJup[^ ]*$
* 300^0 ^[^ ]*CrxG9BQiQYTJ[^ ]*$
* 300^0 ^[^ ]*wFuhiGiN4OxA[^ ]*$
* 300^0 ^[^ ]*aX2X7eJJetqg[^ ]*$
* 300^0 ^[^ ]*vmg8l2a9nu4D[^ ]*$
* 300^0 ^[^ ]*8XhA4mVxZm8n[^ ]*$
* 300^0 ^[^ ]*t6pX0wDOTdyn[^ ]*$
* 300^0 ^[^ ]*hwAJ9pShwtvN[^ ]*$
* 300^0 ^[^ ]*npM8tQK1MZCf[^ ]*$
* 300^0 ^[^ ]*A4mVxZm8nlTc[^ ]*$
* 300^0 ^[^ ]*PxzJYfNrFceI[^ ]*$
* 300^0 ^[^ ]*WfScWETU0HqK[^ ]*$
* 300^0 ^[^ ]*T5U8m0GeYoDz[^ ]*$
* 300^0 ^[^ ]*y4i0tGGTBWmZ[^ ]*$
* 300^0 ^[^ ]*BH54OUpDqJYW[^ ]*$
* 300^0 ^[^ ]*EI5kaj0gJ9RG[^ ]*$
{
SBLOG="A1S-Mytob-BI Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BK Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*0IWt8pIvIL2U[^ ]*$
* 300^0 ^[^ ]*JGRD2LoRkQpB[^ ]*$
* 300^0 ^[^ ]*UlG7slup4fsk[^ ]*$
* 300^0 ^[^ ]*UgL8XZZGNHQG[^ ]*$
* 300^0 ^[^ ]*5vlKaUnGluFw[^ ]*$
{
SBLOG="A1S-Mytob-BK Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BQ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*tvT2ukAMlRdY[^ ]*$
* 300^0 ^[^ ]*vLTA3ECTnYNz[^ ]*$
* 300^0 ^[^ ]*5J4R83Eoqi4L[^ ]*$
* 300^0 ^[^ ]*SUpoezKF5zLb[^ ]*$
* 300^0 ^[^ ]*N00gOb2xGpzI[^ ]*$
* 300^0 ^[^ ]*CrHeYIQHD52w[^ ]*$
* 300^0 ^[^ ]*YvhDqRDjhvXQ[^ ]*$
* 300^0 ^[^ ]*8ekxoIYGO8ol[^ ]*$
* 300^0 ^[^ ]*CmOu0R1sdC2v[^ ]*$
* 300^0 ^[^ ]*AXLk6LJYBxUP[^ ]*$
* 300^0 ^[^ ]*jvcjx3Py5OY8[^ ]*$
* 300^0 ^[^ ]*WzZ5g6DGMIUv[^ ]*$
* 300^0 ^[^ ]*pdhKOGEoBqhe[^ ]*$
* 300^0 ^[^ ]*4ydAru5rNQ0D[^ ]*$
* 300^0 ^[^ ]*3sGE8qGkGopa[^ ]*$
* 300^0 ^[^ ]*4kyQMeux4BYP[^ ]*$
* 300^0 ^[^ ]*K77fDovlt0Lj[^ ]*$
* 300^0 ^[^ ]*BgqgXwMJuvIS[^ ]*$
* 300^0 ^[^ ]*EIpZ6DaNbEWZ[^ ]*$
* 300^0 ^[^ ]*OTX6j3HqkPQe[^ ]*$
{
SBLOG="A1S-Mytob-BQ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BT Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dOG607Ofhrtt[^ ]*$
* 300^0 ^[^ ]*fOSRxydeVq7x[^ ]*$
* 300^0 ^[^ ]*aebmG2uxhPgR[^ ]*$
* 300^0 ^[^ ]*bwt5wYzUge5A[^ ]*$
* 300^0 ^[^ ]*JEMDMNykAb6F[^ ]*$
* 300^0 ^[^ ]*WfScWETU0HqK[^ ]*$
* 300^0 ^[^ ]*T8UFMmJLQEyY[^ ]*$
* 300^0 ^[^ ]*7HtNYs35rg1l[^ ]*$
* 300^0 ^[^ ]*lnn1UfeDbR6M[^ ]*$
* 300^0 ^[^ ]*QpJiXeonPOUn[^ ]*$
* 300^0 ^[^ ]*O9Q14M8i7xOs[^ ]*$
* 300^0 ^[^ ]*2PrARkIkm4Df[^ ]*$
* 300^0 ^[^ ]*EuBftIYgABPe[^ ]*$
* 300^0 ^[^ ]*NGtKRfMeFM01[^ ]*$
* 300^0 ^[^ ]*QiRslSm9bXwl[^ ]*$
* 300^0 ^[^ ]*PWGmaT2rffLj[^ ]*$
* 300^0 ^[^ ]*qHUeZqg80JXW[^ ]*$
* 300^0 ^[^ ]*hSyCChbo35cV[^ ]*$
* 300^0 ^[^ ]*MjNbJp8qVaSW[^ ]*$
* 300^0 ^[^ ]*s3OBoKwZu3wY[^ ]*$
{
SBLOG="A1S-Mytob-BT Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-BX Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*zcfmet5KkgG0[^ ]*$
* 300^0 ^[^ ]*thf2vkesI7lX[^ ]*$
* 300^0 ^[^ ]*X21hellIQrF3[^ ]*$
* 300^0 ^[^ ]*fkgaFCQwvyO6[^ ]*$
* 300^0 ^[^ ]*5heQSJZr2acE[^ ]*$
* 300^0 ^[^ ]*4psOJnAGa4ei[^ ]*$
* 300^0 ^[^ ]*ijDAnIQLCiyM[^ ]*$
* 300^0 ^[^ ]*jAjX8TNGZb4h[^ ]*$
* 300^0 ^[^ ]*bVuC6HRs46Ay[^ ]*$
* 300^0 ^[^ ]*iEaYG8y6jHfD[^ ]*$
* 300^0 ^[^ ]*fm7OV06wjMjj[^ ]*$
* 300^0 ^[^ ]*jfICMkfegPIx[^ ]*$
* 300^0 ^[^ ]*o4tIGRZzGjWo[^ ]*$
* 300^0 ^[^ ]*gNENCMs4V35q[^ ]*$
* 300^0 ^[^ ]*Gw30YUHO8RbG[^ ]*$
{
SBLOG="A1S-Mytob-BX Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-CE Virus/Worm
#
# 5/03/05:
# Probably the new Sober variant or one of several.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*HjdUKJbrC0qv[^ ]*$
* 300^0 ^[^ ]*RFgjVDWeRCEr[^ ]*$
* 300^0 ^[^ ]*7ZM6gl3a4Pdk[^ ]*$
* 300^0 ^[^ ]*aVumAtohZv3b[^ ]*$
* 300^0 ^[^ ]*0ybGfxynrxYV[^ ]*$
* 300^0 ^[^ ]*jpAnS61DMBfU[^ ]*$
* 300^0 ^[^ ]*duSVVmb4dSAp[^ ]*$
* 300^0 ^[^ ]*cgiAOToigSGA[^ ]*$
* 300^0 ^[^ ]*X39ZWAW9GLG1[^ ]*$
* 300^0 ^[^ ]*jbPo7ISEUwoF[^ ]*$
* 300^0 ^[^ ]*0bQx4r93x8sQ[^ ]*$
* 300^0 ^[^ ]*Fx7BkSGb24E6[^ ]*$
* 300^0 ^[^ ]*20Tnyi2Xwnhc[^ ]*$
* 300^0 ^[^ ]*ECKOsaByCIA5[^ ]*$
* 300^0 ^[^ ]*SKiqyekAZuTK[^ ]*$
{
SBLOG="A1S-Mytob-CE Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-CQ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*5uhoiHYtXnNa[^ ]*$
* 300^0 ^[^ ]*37n2TR5W07VO[^ ]*$
* 300^0 ^[^ ]*YCzzXDwDL5uy[^ ]*$
* 300^0 ^[^ ]*iM1OTKPle18j[^ ]*$
* 300^0 ^[^ ]*otimpO2icYrg[^ ]*$
* 300^0 ^[^ ]*JjPbAJDCPwLa[^ ]*$
* 300^0 ^[^ ]*3JqC1kYKbF0A[^ ]*$
* 300^0 ^[^ ]*N0yLu65P3Ymk[^ ]*$
* 300^0 ^[^ ]*zOlCaBxT86KV[^ ]*$
* 300^0 ^[^ ]*Cruj3ivdF217[^ ]*$
* 300^0 ^[^ ]*4Lw6L1LMJGhg[^ ]*$
* 300^0 ^[^ ]*HSDpD9JSyYfo[^ ]*$
* 300^0 ^[^ ]*UqAMzgJnwYvU[^ ]*$
* 300^0 ^[^ ]*vlnmqZzCznIb[^ ]*$
* 300^0 ^[^ ]*UP8R0MtWsghD[^ ]*$
{
SBLOG="A1S-Mytob-CQ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-CT Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*KWQBOXdDPJ5T[^ ]*$
* 300^0 ^[^ ]*70vHjCV1CRLj[^ ]*$
* 300^0 ^[^ ]*j5Ax1MNxMY37[^ ]*$
* 300^0 ^[^ ]*M3meeluXOGVw[^ ]*$
* 300^0 ^[^ ]*3qGhnBIzmeAx[^ ]*$
* 300^0 ^[^ ]*EowYbA7BLolN[^ ]*$
* 300^0 ^[^ ]*3n3nHzospOMs[^ ]*$
* 300^0 ^[^ ]*NrcdkABsmVfC[^ ]*$
* 300^0 ^[^ ]*lldDkjuSBxRG[^ ]*$
* 300^0 ^[^ ]*ZlsYVC5Hhyy6[^ ]*$
* 300^0 ^[^ ]*XKfaK3dDGVpF[^ ]*$
* 300^0 ^[^ ]*GBwAACgiUIHV[^ ]*$
* 300^0 ^[^ ]*7dthQK9YIaiA[^ ]*$
* 300^0 ^[^ ]*f6xK2pkqca5z[^ ]*$
* 300^0 ^[^ ]*SHnwH34PA8fa[^ ]*$
* 300^0 ^[^ ]*HXrXkaLywBaX[^ ]*$
* 300^0 ^[^ ]*yTPmob5pTnTD[^ ]*$
* 300^0 ^[^ ]*y7X2l243vc3i[^ ]*$
* 300^0 ^[^ ]*yQwQZUXomRBp[^ ]*$
* 300^0 ^[^ ]*kB82f0YfThjP[^ ]*$
* 300^0 ^[^ ]*Q3gQRnJhba61[^ ]*$
* 300^0 ^[^ ]*M8Cd9PDKA59G[^ ]*$
* 300^0 ^[^ ]*CXfAzWGnlSmb[^ ]*$
* 300^0 ^[^ ]*Nxuav6m48qQC[^ ]*$
* 300^0 ^[^ ]*n4IxhTNUTOKk[^ ]*$
* 300^0 ^[^ ]*UIDoEt12V1bv[^ ]*$
* 300^0 ^[^ ]*3OGp1j4qkEA9[^ ]*$
* 300^0 ^[^ ]*58p14DM1i3yl[^ ]*$
* 300^0 ^[^ ]*NW4KVzLmCzdh[^ ]*$
* 300^0 ^[^ ]*RiwZtfXAfQYU[^ ]*$
{
SBLOG="A1S-Mytob-CT Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-DB Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*10u6fb4rrghE[^ ]*$
* 300^0 ^[^ ]*WCJSsDxFw3w3[^ ]*$
* 300^0 ^[^ ]*3a3RlMyinNnf[^ ]*$
* 300^0 ^[^ ]*rzXCHVjT4fiL[^ ]*$
* 300^0 ^[^ ]*EriATGgAeJ3M[^ ]*$
* 300^0 ^[^ ]*Ec9WbdVkgQzu[^ ]*$
* 300^0 ^[^ ]*1Fz3YQ0qGhGT[^ ]*$
* 300^0 ^[^ ]*B7E3Z66PcGqk[^ ]*$
* 300^0 ^[^ ]*ZooMDkHTc7M1[^ ]*$
* 300^0 ^[^ ]*U7KKf1P1RPNX[^ ]*$
* 300^0 ^[^ ]*aQPDzL34JcjU[^ ]*$
* 300^0 ^[^ ]*yoa59EafMtnw[^ ]*$
* 300^0 ^[^ ]*tNB4lr2NhjIY[^ ]*$
* 300^0 ^[^ ]*hfdHaFlulpd6[^ ]*$
* 300^0 ^[^ ]*WBbM94XINO09[^ ]*$
{
SBLOG="A1S-Mytob-DB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-DF Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dOlcizAHgjtO[^ ]*$
* 300^0 ^[^ ]*xO1RDgaBaA8f[^ ]*$
* 300^0 ^[^ ]*beUEfXzakq9Q[^ ]*$
* 300^0 ^[^ ]*NJQHfEVIb9Zl[^ ]*$
* 300^0 ^[^ ]*9VsOSvrvDENF[^ ]*$
* 300^0 ^[^ ]*35OUEVVhSD1O[^ ]*$
* 300^0 ^[^ ]*YuQtaxTEEGDm[^ ]*$
* 300^0 ^[^ ]*N8MGyLB3unKo[^ ]*$
* 300^0 ^[^ ]*MUpnYfYJngCs[^ ]*$
* 300^0 ^[^ ]*xpeg4KWsJrfV[^ ]*$
* 300^0 ^[^ ]*Z8fJwyaksxZb[^ ]*$
* 300^0 ^[^ ]*dQVxA1BAWFEP[^ ]*$
* 300^0 ^[^ ]*WzOXOMuZz0Yo[^ ]*$
* 300^0 ^[^ ]*TdrSTsYwf4Hh[^ ]*$
* 300^0 ^[^ ]*AC8TRuxanwpw[^ ]*$
{
SBLOG="A1S-Mytob-DF Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-DJ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*CbrAG7hQQCDO[^ ]*$
* 300^0 ^[^ ]*FQrnpAIItW7P[^ ]*$
* 300^0 ^[^ ]*bsOHS5tW6YIQ[^ ]*$
* 300^0 ^[^ ]*0u9TyJUREGwl[^ ]*$
* 300^0 ^[^ ]*1BNAB9wSGqEO[^ ]*$
* 300^0 ^[^ ]*sMqfgwBDnKAy[^ ]*$
* 300^0 ^[^ ]*LtPkiqgCtfjX[^ ]*$
* 300^0 ^[^ ]*Y0TfZQdCyPnh[^ ]*$
* 300^0 ^[^ ]*9SRQOBFHzCuJ[^ ]*$
* 300^0 ^[^ ]*JkyjB6pAawyb[^ ]*$
* 300^0 ^[^ ]*RFaVUElUkwko[^ ]*$
* 300^0 ^[^ ]*PiOllJnsaiNA[^ ]*$
* 300^0 ^[^ ]*UvTgybcToveV[^ ]*$
* 300^0 ^[^ ]*8dr5DgTcJIPe[^ ]*$
* 300^0 ^[^ ]*nLDtCGhu0caK[^ ]*$
{
SBLOG="A1S-Mytob-DJ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-DY Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*nKlmbt6WU3cH[^ ]*$
* 300^0 ^[^ ]*jZ8iicMvwXU2[^ ]*$
* 300^0 ^[^ ]*izAAKGvmrRZe[^ ]*$
* 300^0 ^[^ ]*NUO8HUnK0aje[^ ]*$
* 300^0 ^[^ ]*jr8MOx9ZRMS0[^ ]*$
* 300^0 ^[^ ]*QTUw2HTLYtGL[^ ]*$
* 300^0 ^[^ ]*7vjVC9z6qE9F[^ ]*$
* 300^0 ^[^ ]*nC4U2A1Bd02n[^ ]*$
* 300^0 ^[^ ]*MBYy1d9Oy74Z[^ ]*$
* 300^0 ^[^ ]*R7WU3Tm7RrAo[^ ]*$
* 300^0 ^[^ ]*3jY3kQ2uyadq[^ ]*$
* 300^0 ^[^ ]*FwA5ZUm46aZ8[^ ]*$
* 300^0 ^[^ ]*3kLC0Cwdrjhk[^ ]*$
* 300^0 ^[^ ]*i8iP7KCEyBLr[^ ]*$
* 300^0 ^[^ ]*GvmKYiz3xJfA[^ ]*$
{
SBLOG="A1S-Mytob-DY Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-DZ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*iiGHVrhqsH6B[^ ]*$
* 300^0 ^[^ ]*6J1OPFMqf2ju[^ ]*$
* 300^0 ^[^ ]*UOgensY8UyCf[^ ]*$
* 300^0 ^[^ ]*YNZVwpz4SICQ[^ ]*$
* 300^0 ^[^ ]*d3a0jWHwXE8n[^ ]*$
* 300^0 ^[^ ]*4BK86tfBDP2j[^ ]*$
* 300^0 ^[^ ]*5xAtQ1Wk0HGx[^ ]*$
* 300^0 ^[^ ]*Defi6S8riOgh[^ ]*$
* 300^0 ^[^ ]*WEntcEO3akA9[^ ]*$
* 300^0 ^[^ ]*79OUla9K8oaG[^ ]*$
* 300^0 ^[^ ]*t3McM8q0kdQY[^ ]*$
* 300^0 ^[^ ]*7uIrFPrmqxKk[^ ]*$
* 300^0 ^[^ ]*VaelosLFRMRz[^ ]*$
* 300^0 ^[^ ]*1pNqhzN5n6xx[^ ]*$
{
SBLOG="A1S-Mytob-DZ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EH Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*IglBRsNqANFA[^ ]*$
* 300^0 ^[^ ]*jjlZVIOOFT3v[^ ]*$
* 300^0 ^[^ ]*iKLP9U5E6s3q[^ ]*$
* 300^0 ^[^ ]*sDXLVOdHnuIV[^ ]*$
* 300^0 ^[^ ]*Siy44ycga9HX[^ ]*$
* 300^0 ^[^ ]*EgAzQG0zwDhH[^ ]*$
* 300^0 ^[^ ]*hQjJ5qwAgGF4[^ ]*$
* 300^0 ^[^ ]*pMoBWlX5OGG8[^ ]*$
* 300^0 ^[^ ]*a6DOAMNM4bjB[^ ]*$
* 300^0 ^[^ ]*B2TdFuKBDZRP[^ ]*$
* 300^0 ^[^ ]*iSJkgDeLL6hv[^ ]*$
* 300^0 ^[^ ]*3UiQoMVPlpUK[^ ]*$
* 300^0 ^[^ ]*8yMJsBoEs4Su[^ ]*$
* 300^0 ^[^ ]*gaOlS8v9KLLj[^ ]*$
* 300^0 ^[^ ]*M7phT34G4ONa[^ ]*$
{
SBLOG="A1S-Mytob-EH Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EJ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*9JUX5cpXce1y[^ ]*$
* 300^0 ^[^ ]*evwYVxxFRfNN[^ ]*$
* 300^0 ^[^ ]*bWHMsK81IGXQ[^ ]*$
* 300^0 ^[^ ]*S9NSQbDULCBP[^ ]*$
* 300^0 ^[^ ]*JV5Y4eeKnbHg[^ ]*$
{
SBLOG="A1S-Mytob-EJ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EK Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*9ZUEJ6q6nkke[^ ]*$
* 300^0 ^[^ ]*c15miPvktrF2[^ ]*$
* 300^0 ^[^ ]*8OKGwRdKyeUQ[^ ]*$
* 300^0 ^[^ ]*DzXUOmKws48l[^ ]*$
* 300^0 ^[^ ]*JkLuES7ozqkf[^ ]*$
* 300^0 ^[^ ]*FaVoGbn0p33V[^ ]*$
* 300^0 ^[^ ]*7y1Qfa86MwGC[^ ]*$
* 300^0 ^[^ ]*DihsEXSsnlEA[^ ]*$
* 300^0 ^[^ ]*xlLmitNGK96L[^ ]*$
* 300^0 ^[^ ]*f5xAadXBNJXV[^ ]*$
* 300^0 ^[^ ]*d63JT6YVUP5w[^ ]*$
* 300^0 ^[^ ]*Pdd2OpliaQO2[^ ]*$
* 300^0 ^[^ ]*PNdQ6YrCzjyU[^ ]*$
* 300^0 ^[^ ]*Z7gg64iuz8co[^ ]*$
* 300^0 ^[^ ]*GR3uZgHf5QNr[^ ]*$
* 300^0 ^[^ ]*hkp5YrWV4IZO[^ ]*$
* 300^0 ^[^ ]*YOtm8RZaIT43[^ ]*$
* 300^0 ^[^ ]*MlYnt618UpG5[^ ]*$
* 300^0 ^[^ ]*1IOgNxv6w85z[^ ]*$
* 300^0 ^[^ ]*I8VPkOsHTEDN[^ ]*$
{
SBLOG="A1S-Mytob-EK Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EL Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*1tMLOhPkO4BY[^ ]*$
* 300^0 ^[^ ]*AAHJ5X60Qxmv[^ ]*$
* 300^0 ^[^ ]*QapBVR1BArXV[^ ]*$
* 300^0 ^[^ ]*1gqkENuOqjBh[^ ]*$
* 300^0 ^[^ ]*SMdLVz6u5hSl[^ ]*$
{
SBLOG="A1S-Mytob-EL Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EM Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*txJ9G6vIFmBK[^ ]*$
* 300^0 ^[^ ]*JQAzCacjcuS7[^ ]*$
* 300^0 ^[^ ]*ThrYaVHCReh8[^ ]*$
* 300^0 ^[^ ]*ZYFiKpBunVmr[^ ]*$
* 300^0 ^[^ ]*1Ohjp5gZ0fnN[^ ]*$
{
SBLOG="A1S-Mytob-EM Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EN Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*z8YF5CbbduZX[^ ]*$
* 300^0 ^[^ ]*ZNwELyhMDXIv[^ ]*$
* 300^0 ^[^ ]*q7FkSBiigk8q[^ ]*$
* 300^0 ^[^ ]*yBeDIsoHGamX[^ ]*$
* 300^0 ^[^ ]*rtv3aebWMtil[^ ]*$
{
SBLOG="A1S-Mytob-EN Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-EP Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*aOyqMqwx3ODv[^ ]*$
* 300^0 ^[^ ]*SA8yXNo1vmFo[^ ]*$
* 300^0 ^[^ ]*pVKwOEhvcIt8[^ ]*$
* 300^0 ^[^ ]*zwSkldWVjHqh[^ ]*$
* 300^0 ^[^ ]*eoVfToweUDou[^ ]*$
* 300^0 ^[^ ]*RwWfO603Ye9d[^ ]*$
* 300^0 ^[^ ]*KLAEVi0b3oBV[^ ]*$
* 300^0 ^[^ ]*PIhZRuLy5VBm[^ ]*$
* 300^0 ^[^ ]*FKdtXE3ta4uX[^ ]*$
* 300^0 ^[^ ]*Gs834KOFSwlS[^ ]*$
* 300^0 ^[^ ]*p2MEfkcFnzut[^ ]*$
* 300^0 ^[^ ]*arGWj4sYd2EY[^ ]*$
* 300^0 ^[^ ]*ZVQeGcsAEPAu[^ ]*$
* 300^0 ^[^ ]*3tEHQ1Cz8Qhg[^ ]*$
* 300^0 ^[^ ]*9tNR4nseDSZL[^ ]*$
{
SBLOG="A1S-Mytob-EP Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-ET Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*qKaeqMI82fLa[^ ]*$
* 300^0 ^[^ ]*28cp9vnT40Z5[^ ]*$
* 300^0 ^[^ ]*pPeyxr8aFnQW[^ ]*$
* 300^0 ^[^ ]*MdtCq06ZwQH6[^ ]*$
* 300^0 ^[^ ]*NLchvH3AB4BV[^ ]*$
{
SBLOG="A1S-Mytob-ET Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-FF Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*aWLO34p5QS3h[^ ]*$
* 300^0 ^[^ ]*yKxzBq4PABDv[^ ]*$
* 300^0 ^[^ ]*MpQTzHDVLYfJ[^ ]*$
* 300^0 ^[^ ]*wVRVSHcMlSUq[^ ]*$
* 300^0 ^[^ ]*l301BXv9tUOX[^ ]*$
* 300^0 ^[^ ]*QW1B8jd7v1bV[^ ]*$
* 300^0 ^[^ ]*1ddmvhFY04mQ[^ ]*$
* 300^0 ^[^ ]*E0rsMNWRLSjW[^ ]*$
* 300^0 ^[^ ]*YXPXHtuwf4nq[^ ]*$
* 300^0 ^[^ ]*APlrZvsY5Ptq[^ ]*$
* 300^0 ^[^ ]*5keq0I5RpwTN[^ ]*$
* 300^0 ^[^ ]*IsocutkmyQBN[^ ]*$
* 300^0 ^[^ ]*EaadYWnHMvr8[^ ]*$
* 300^0 ^[^ ]*aNJaZFa1Q036[^ ]*$
* 300^0 ^[^ ]*FYeIRUASbKGW[^ ]*$
* 300^0 ^[^ ]*TJAWSGjyFhJ7[^ ]*$
* 300^0 ^[^ ]*1ElDtwoCRREh[^ ]*$
* 300^0 ^[^ ]*5CbOLPLQ6zeb[^ ]*$
* 300^0 ^[^ ]*QRGhNdt7M7JM[^ ]*$
* 300^0 ^[^ ]*DyGoWyDXDOwz[^ ]*$
* 300^0 ^[^ ]*gBcDWo1MdzAw[^ ]*$
* 300^0 ^[^ ]*3DY9fqBkMENS[^ ]*$
* 300^0 ^[^ ]*XOtiJEROXfiq[^ ]*$
* 300^0 ^[^ ]*iFVJB93fiBDm[^ ]*$
* 300^0 ^[^ ]*4q6Fw6NUxblv[^ ]*$
{
SBLOG="A1S-Mytob-FF Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-FI Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*3e2dskpgGeRA[^ ]*$
* 300^0 ^[^ ]*dHHIbXmBk8Bi[^ ]*$
* 300^0 ^[^ ]*GaFDuLReotUw[^ ]*$
* 300^0 ^[^ ]*RLEXxTbkTHwk[^ ]*$
* 300^0 ^[^ ]*2TvCB9jLFekz[^ ]*$
{
SBLOG="A1S-Mytob-FI Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-FJ Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*fztiUJFEQGAO[^ ]*$
* 300^0 ^[^ ]*0wFxF0FSOc92[^ ]*$
* 300^0 ^[^ ]*1KKqVJQHTUnr[^ ]*$
* 300^0 ^[^ ]*IOyg3qklkfWS[^ ]*$
* 300^0 ^[^ ]*PO0u1rG13Shi[^ ]*$
* 300^0 ^[^ ]*qbUpM4jxHeZv[^ ]*$
* 300^0 ^[^ ]*JUPZ3FPLnGux[^ ]*$
* 300^0 ^[^ ]*N6MW99c3kVYz[^ ]*$
* 300^0 ^[^ ]*swjr5B04ZrRY[^ ]*$
* 300^0 ^[^ ]*WBUPuKCBcpFt[^ ]*$
* 300^0 ^[^ ]*SKzPUmqMM353[^ ]*$
* 300^0 ^[^ ]*w5dCmuI8yKXU[^ ]*$
* 300^0 ^[^ ]*AB4jWx9hQjUO[^ ]*$
* 300^0 ^[^ ]*CRHaCMVYtk09[^ ]*$
* 300^0 ^[^ ]*Bv3sBsYgDhtx[^ ]*$
* 300^0 ^[^ ]*Y3YGcdX54UxA[^ ]*$
* 300^0 ^[^ ]*rz0JzgeY23sF[^ ]*$
* 300^0 ^[^ ]*NlVMdqFVsFBV[^ ]*$
* 300^0 ^[^ ]*0DSS43y6nxgg[^ ]*$
* 300^0 ^[^ ]*H25t6Y8Nxl4A[^ ]*$
* 300^0 ^[^ ]*YGsp2rCZNttZ[^ ]*$
* 300^0 ^[^ ]*PdgxZ2uUrXcP[^ ]*$
* 300^0 ^[^ ]*V2sd8bQJOdxG[^ ]*$
* 300^0 ^[^ ]*AV59I1GE3ibE[^ ]*$
* 300^0 ^[^ ]*Sar9QCX3VbNC[^ ]*$
* 300^0 ^[^ ]*3dyyI6HMRUjp[^ ]*$
* 300^0 ^[^ ]*nem3AJw1QbFb[^ ]*$
* 300^0 ^[^ ]*VZVjyF64QknS[^ ]*$
* 300^0 ^[^ ]*VaJy44nkkck2[^ ]*$
* 300^0 ^[^ ]*QuLyHdpOaw2x[^ ]*$
{
SBLOG="A1S-Mytob-FJ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-FK Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*iUmMNfkqIQlo[^ ]*$
* 300^0 ^[^ ]*AhjlMyOi55VG[^ ]*$
* 300^0 ^[^ ]*ZpLmbJ6eCcCt[^ ]*$
* 300^0 ^[^ ]*w5QrPg4QXCOt[^ ]*$
* 300^0 ^[^ ]*dQbz3uVk2K3g[^ ]*$
* 300^0 ^[^ ]*MohfmBk3xLFu[^ ]*$
* 300^0 ^[^ ]*fWCRW2WJHvgB[^ ]*$
* 300^0 ^[^ ]*N1k5LVcMDjD2[^ ]*$
* 300^0 ^[^ ]*dUBI0uLMqUGA[^ ]*$
* 300^0 ^[^ ]*UkTgMdMhTQNI[^ ]*$
* 300^0 ^[^ ]*TeFAIiU5T8Jb[^ ]*$
* 300^0 ^[^ ]*fWCRW2WJHvgB[^ ]*$
* 300^0 ^[^ ]*HqvhIfdEfIxU[^ ]*$
* 300^0 ^[^ ]*6uQqZKDpHUa3[^ ]*$
* 300^0 ^[^ ]*WyvVafKtRbKs[^ ]*$
* 300^0 ^[^ ]*Qk0eAHfkf3B6[^ ]*$
* 300^0 ^[^ ]*IEn5i5HBVobv[^ ]*$
* 300^0 ^[^ ]*JUTBRfhwRiLI[^ ]*$
* 300^0 ^[^ ]*H13Tr3avmJ23[^ ]*$
* 300^0 ^[^ ]*4NRalO1n4fnI[^ ]*$
* 300^0 ^[^ ]*DachJluJh5gy[^ ]*$
* 300^0 ^[^ ]*y1BL84QoXCkA[^ ]*$
* 300^0 ^[^ ]*AvBrsYiaDtiu[^ ]*$
* 300^0 ^[^ ]*dWbMF2Src03f[^ ]*$
* 300^0 ^[^ ]*nGA9dA58EIQa[^ ]*$
* 300^0 ^[^ ]*4iiEVfguU1sf[^ ]*$
* 300^0 ^[^ ]*ShnXugdO6XHL[^ ]*$
* 300^0 ^[^ ]*sbuH5xGWyoG4[^ ]*$
* 300^0 ^[^ ]*7zjUCvJPCXU7[^ ]*$
* 300^0 ^[^ ]*KFhOgXz6wMLY[^ ]*$
* 300^0 ^[^ ]*PBfx0C3Q3gIp[^ ]*$
* 300^0 ^[^ ]*7KJYrt8IApoG[^ ]*$
* 300^0 ^[^ ]*BgfloU0Un4Fa[^ ]*$
* 300^0 ^[^ ]*paaMkB7HpfBD[^ ]*$
* 300^0 ^[^ ]*qiQvBOJxv4Oc[^ ]*$
{
SBLOG="A1S-Mytob-FK Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-FN Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AZ3FEHew5sTQ[^ ]*$
* 300^0 ^[^ ]*m6qzlhn8Bci3[^ ]*$
* 300^0 ^[^ ]*KrkXG1tBBwXS[^ ]*$
* 300^0 ^[^ ]*Og6Do5rpqGo8[^ ]*$
* 300^0 ^[^ ]*to8DEHDx881W[^ ]*$
{
SBLOG="A1S-Mytob-FN Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-GB Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*kyAKdrfV6rqO[^ ]*$
* 300^0 ^[^ ]*KoBybqCz2xp9[^ ]*$
* 300^0 ^[^ ]*EmnHT0WAuwlw[^ ]*$
* 300^0 ^[^ ]*XLOtoE3wl7hP[^ ]*$
* 300^0 ^[^ ]*XWULn4PCFVYC[^ ]*$
* 300^0 ^[^ ]*KwTvIRBI0Ogd[^ ]*$
* 300^0 ^[^ ]*NCxG14Tt4dYT[^ ]*$
* 300^0 ^[^ ]*QX00t13M0Oy0[^ ]*$
* 300^0 ^[^ ]*exZhrZH7bA1n[^ ]*$
* 300^0 ^[^ ]*4JrIAOuh5SGY[^ ]*$
* 300^0 ^[^ ]*EEjQ6B3UfQCa[^ ]*$
* 300^0 ^[^ ]*XcDnOzlkTCMV[^ ]*$
* 300^0 ^[^ ]*iNdHPxRJBK9K[^ ]*$
* 300^0 ^[^ ]*Jy2MrrsyZbOa[^ ]*$
* 300^0 ^[^ ]*0PunpRGQb8oW[^ ]*$
* 300^0 ^[^ ]*TGUlrd9RGzNw[^ ]*$
* 300^0 ^[^ ]*YSYPzsv4R0dW[^ ]*$
* 300^0 ^[^ ]*ee5d98A607jn[^ ]*$
* 300^0 ^[^ ]*PNZ0avxcWuHr[^ ]*$
* 300^0 ^[^ ]*fETFuyIvQyEJ[^ ]*$
* 300^0 ^[^ ]*GME9n9mhkHRV[^ ]*$
* 300^0 ^[^ ]*HpQ0aAhmGS1c[^ ]*$
* 300^0 ^[^ ]*QBN633YSacdP[^ ]*$
* 300^0 ^[^ ]*rxGJMhcNRhlo[^ ]*$
* 300^0 ^[^ ]*jcw6XveX256T[^ ]*$
* 300^0 ^[^ ]*MH7AEtJ7n3n2[^ ]*$
* 300^0 ^[^ ]*5vsIZwDefAiw[^ ]*$
* 300^0 ^[^ ]*qUywpcl5LIuW[^ ]*$
* 300^0 ^[^ ]*wRtkpYmHs25g[^ ]*$
* 300^0 ^[^ ]*3UePk4hd43X7[^ ]*$
* 300^0 ^[^ ]*pDb6GwsElq4s[^ ]*$
* 300^0 ^[^ ]*Xsl8WqyDPAmq[^ ]*$
* 300^0 ^[^ ]*zSaokkdWKVYM[^ ]*$
* 300^0 ^[^ ]*jy6wLVpjL1lc[^ ]*$
* 300^0 ^[^ ]*whnHfdTRSMYc[^ ]*$
{
SBLOG="A1S-Mytob-GB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-GC Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*N63P4VUYfXVd[^ ]*$
* 300^0 ^[^ ]*EtfFX2MBqPUt[^ ]*$
* 300^0 ^[^ ]*1uZ01RJvGPrD[^ ]*$
* 300^0 ^[^ ]*Jkp3ZauzkcH1[^ ]*$
* 300^0 ^[^ ]*7vqDf4UCKP2B[^ ]*$
{
SBLOG="A1S-Mytob-GC Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-GW Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*fhMJkOozFKoQ[^ ]*$
* 300^0 ^[^ ]*FoupB4ADEIur[^ ]*$
* 300^0 ^[^ ]*KgQp9IEAAABC[^ ]*$
* 300^0 ^[^ ]*bIC6jEUihIGi[^ ]*$
* 300^0 ^[^ ]*v4H34TFCjR5I[^ ]*$
{
SBLOG="A1S-Mytob-GW Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-GX Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*x3IlmwPWZ0CW[^ ]*$
* 300^0 ^[^ ]*DJm6Catq66HM[^ ]*$
* 300^0 ^[^ ]*ovOW1CAfv0Q8[^ ]*$
* 300^0 ^[^ ]*AHehDvSeErSB[^ ]*$
* 300^0 ^[^ ]*tNoaJMBKSlz2[^ ]*$
{
SBLOG="A1S-Mytob-GX Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-HT Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*O1DNzMk0FT16[^ ]*$
* 300^0 ^[^ ]*DhbK7noaPzOh[^ ]*$
* 300^0 ^[^ ]*ANlbKLQfHs9W[^ ]*$
* 300^0 ^[^ ]*VnBhNPtHme1V[^ ]*$
* 300^0 ^[^ ]*GEQHt3jO6Tyx[^ ]*$
* 300^0 ^[^ ]*x9CdekQ6Axol[^ ]*$
* 300^0 ^[^ ]*1LJDjs6HuLcT[^ ]*$
* 300^0 ^[^ ]*WjBpYxVHBPKH[^ ]*$
* 300^0 ^[^ ]*x9hdM85rXV2h[^ ]*$
* 300^0 ^[^ ]*IuOMAMEOgnfF[^ ]*$
* 300^0 ^[^ ]*nIEK4MMAYHHD[^ ]*$
* 300^0 ^[^ ]*BADdKdFtJkI5[^ ]*$
* 300^0 ^[^ ]*4PsiL4oKwQE3[^ ]*$
* 300^0 ^[^ ]*NPWVxNZL4BSg[^ ]*$
* 300^0 ^[^ ]*Mf0nn7FW4wlG[^ ]*$
* 300^0 ^[^ ]*xePOcL87UM3M[^ ]*$
* 300^0 ^[^ ]*0IRDsji6X2Fi[^ ]*$
* 300^0 ^[^ ]*HA6O5ub34HTW[^ ]*$
* 300^0 ^[^ ]*KNDEttUS0mmv[^ ]*$
* 300^0 ^[^ ]*tMVVUoa53QyG[^ ]*$
{
SBLOG="A1S-Mytob-HT Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-HV Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*S7x2s5N9uhf1[^ ]*$
* 300^0 ^[^ ]*jFEn9ssAXJYk[^ ]*$
* 300^0 ^[^ ]*JWBrhEs79nca[^ ]*$
* 300^0 ^[^ ]*cyeEeEHNeI4Y[^ ]*$
* 300^0 ^[^ ]*QBrFTqGoptiN[^ ]*$
* 300^0 ^[^ ]*jDBaUqNbOCyc[^ ]*$
* 300^0 ^[^ ]*A0Wwg7cPqm91[^ ]*$
* 300^0 ^[^ ]*IIz5DIBB7WnT[^ ]*$
* 300^0 ^[^ ]*B2kKjrv8k2RN[^ ]*$
* 300^0 ^[^ ]*mckeVdmgWXVX[^ ]*$
* 300^0 ^[^ ]*lalJREu6xV0N[^ ]*$
* 300^0 ^[^ ]*6kjwRbwXtpkx[^ ]*$
* 300^0 ^[^ ]*f2ywBcliR3cL[^ ]*$
* 300^0 ^[^ ]*kRyKjePxqVi6[^ ]*$
* 300^0 ^[^ ]*cfd0Ma8LefiC[^ ]*$
* 300^0 ^[^ ]*5niB6mKVaK3C[^ ]*$
* 300^0 ^[^ ]*1wRMDzRxWs5m[^ ]*$
* 300^0 ^[^ ]*8604u98ulekS[^ ]*$
* 300^0 ^[^ ]*vFZkItm3XVMM[^ ]*$
* 300^0 ^[^ ]*BgwkxjshMBUY[^ ]*$
* 300^0 ^[^ ]*1JSI5I8h417u[^ ]*$
* 300^0 ^[^ ]*eHqpDhzC1cAg[^ ]*$
* 300^0 ^[^ ]*O59GSE5qdbFW[^ ]*$
* 300^0 ^[^ ]*YoGjYa5G12DY[^ ]*$
* 300^0 ^[^ ]*evfcQJ8RCyRE[^ ]*$
{
SBLOG="A1S-Mytob-HV Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-HZ Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*cob5sJHEgbwt[^ ]*$
* 300^0 ^[^ ]*LtwBi7aUR7dW[^ ]*$
* 300^0 ^[^ ]*5SqXHpfDAuNT[^ ]*$
* 300^0 ^[^ ]*C9t4MDuccrRd[^ ]*$
* 300^0 ^[^ ]*WdOOZChdsyGX[^ ]*$
* 300^0 ^[^ ]*0Su0pR3MUg5h[^ ]*$
* 300^0 ^[^ ]*ZmOKmoG7bQxL[^ ]*$
* 300^0 ^[^ ]*0S3vaXMTQkHw[^ ]*$
* 300^0 ^[^ ]*iOHsKHqggOaf[^ ]*$
* 300^0 ^[^ ]*uuk8JNBZ2Gz6[^ ]*$
* 300^0 ^[^ ]*XYNWVqW9Seys[^ ]*$
* 300^0 ^[^ ]*o7ZM5R0KmcuB[^ ]*$
* 300^0 ^[^ ]*4PxmXpFDsHrm[^ ]*$
* 300^0 ^[^ ]*ydnWolap9JDt[^ ]*$
* 300^0 ^[^ ]*4mXF6BqjIhyQ[^ ]*$
* 300^0 ^[^ ]*Mjy2VRXomuzq[^ ]*$
* 300^0 ^[^ ]*gqVB6D6Ttrrt[^ ]*$
* 300^0 ^[^ ]*jRI6GSyTE4k4[^ ]*$
* 300^0 ^[^ ]*1MMFVUiX3mmN[^ ]*$
* 300^0 ^[^ ]*BU8PeqOvky9g[^ ]*$
* 300^0 ^[^ ]*EVddyZfBAyOO[^ ]*$
* 300^0 ^[^ ]*1KAGYpFwJPum[^ ]*$
* 300^0 ^[^ ]*Oclx0K7QTFOS[^ ]*$
* 300^0 ^[^ ]*7Hos4wgh2MN6[^ ]*$
* 300^0 ^[^ ]*X4RIz8R1hKNz[^ ]*$
* 300^0 ^[^ ]*NYEl7Seaof8z[^ ]*$
* 300^0 ^[^ ]*iNGs9LQUAgNX[^ ]*$
* 300^0 ^[^ ]*8N9Qs8sElnZR[^ ]*$
* 300^0 ^[^ ]*54uvUbmSqbPo[^ ]*$
* 300^0 ^[^ ]*3lJT3v8IdXMT[^ ]*$
{
SBLOG="A1S-Mytob-HZ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-ID Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*4ohoh6vY2gtf[^ ]*$
* 300^0 ^[^ ]*0jjowabrUaIH[^ ]*$
* 300^0 ^[^ ]*yLHZvpH0OfZS[^ ]*$
* 300^0 ^[^ ]*qQMB9IWNpb9O[^ ]*$
* 300^0 ^[^ ]*IHTqfi8OmCkZ[^ ]*$
* 300^0 ^[^ ]*r00Tth89gKjK[^ ]*$
* 300^0 ^[^ ]*xpYQcARuMhRj[^ ]*$
* 300^0 ^[^ ]*7oEBKUbTMf1R[^ ]*$
* 300^0 ^[^ ]*TibhgBNrail0[^ ]*$
* 300^0 ^[^ ]*5MNRQnvIhbyE[^ ]*$
* 300^0 ^[^ ]*6K1hEt8nwf68[^ ]*$
* 300^0 ^[^ ]*wmxadzfIAzjF[^ ]*$
* 300^0 ^[^ ]*s9dngFflMekZ[^ ]*$
* 300^0 ^[^ ]*xABM6JUPFFZU[^ ]*$
* 300^0 ^[^ ]*AeTRhmf5skiC[^ ]*$
* 300^0 ^[^ ]*ao8YR95iale4[^ ]*$
* 300^0 ^[^ ]*YObyPMIbsTTw[^ ]*$
* 300^0 ^[^ ]*grRGoS3qwUtA[^ ]*$
* 300^0 ^[^ ]*4doarqagpZUN[^ ]*$
* 300^0 ^[^ ]*O7VRx8K1nnv9[^ ]*$
{
SBLOG="A1S-Mytob-ID Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-IX Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*f7KgI127Sw1a[^ ]*$
* 300^0 ^[^ ]*g6uf8vsWgSHT[^ ]*$
* 300^0 ^[^ ]*aLsEmDrZiPnL[^ ]*$
* 300^0 ^[^ ]*BqxsmSBeDL0F[^ ]*$
* 300^0 ^[^ ]*zYCMOSSD42Fy[^ ]*$
* 300^0 ^[^ ]*OnfLMd6wXZEm[^ ]*$
* 300^0 ^[^ ]*Fc88ZYRnSi62[^ ]*$
* 300^0 ^[^ ]*EOoQXERJj4xO[^ ]*$
* 300^0 ^[^ ]*GVb0dnNRQ48Z[^ ]*$
* 300^0 ^[^ ]*jCQlyR3t7q3v[^ ]*$
* 300^0 ^[^ ]*ztROsVYpZCBt[^ ]*$
* 300^0 ^[^ ]*JdVAq4VseE63[^ ]*$
* 300^0 ^[^ ]*LqZQoozZytTw[^ ]*$
* 300^0 ^[^ ]*cvU3P6bNfycd[^ ]*$
* 300^0 ^[^ ]*KiJN5UGy974B[^ ]*$
{
SBLOG="A1S-Mytob-IX Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-JO Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*mnnfEYq8egCk[^ ]*$
* 300^0 ^[^ ]*vFTfGlg2FTgN[^ ]*$
* 300^0 ^[^ ]*U0WShIxL1VsX[^ ]*$
* 300^0 ^[^ ]*hq0f6zEjnMmu[^ ]*$
* 300^0 ^[^ ]*KH9I4VNeRWrb[^ ]*$
* 300^0 ^[^ ]*npkKGx9nmp2s[^ ]*$
* 300^0 ^[^ ]*9zHxfY4a9HtD[^ ]*$
* 300^0 ^[^ ]*9zHxfY4a9HtD[^ ]*$
* 300^0 ^[^ ]*KoMof0jhU15F[^ ]*$
* 300^0 ^[^ ]*2lJOtpqm3joY[^ ]*$
{
SBLOG="A1S-Mytob-JO Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Mytob-LQ Virus/Worm
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*S4PGCIPHCEp1[^ ]*$
* 300^0 ^[^ ]*6EMQUAAUOjC8[^ ]*$
* 300^0 ^[^ ]*w4vAgy00QUAA[^ ]*$
* 300^0 ^[^ ]*6w6LRQxQi0UI[^ ]*$
* 300^0 ^[^ ]*doV83zTjGVM1[^ ]*$
* 300^0 ^[^ ]*4v4hfZ0CIM7A[^ ]*$
* 300^0 ^[^ ]*fBDnZdUuDxgi[^ ]*$
* 300^0 ^[^ ]*QEAAFcpx4oHX[^ ]*$
* 300^0 ^[^ ]*DwAhQi0XMUOh[^ ]*$
* 300^0 ^[^ ]*6q930p0VJtsE[^ ]*$
{
SBLOG="A1S-Mytob-LQ Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Navidad Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*FVBQQAC[^ ]*$
* 300^0 ^[^ ]*lCQUAgA[^ ]*$
* 300^0 ^[^ ]*1mgAfwA[^ ]*$
* 300^0 ^[^ ]*Z1D/FfR[^ ]*$
* 300^0 ^[^ ]*WVloIGB[^ ]*$
* 300^0 ^[^ ]*VC1EClJ[^ ]*$
* 300^0 ^[^ ]*OYCFHqg[^ ]*$
* 300^0 ^[^ ]*Cz96o\+Y[^ ]*$
* 300^0 ^[^ ]*LwcbYK8[^ ]*$
* 300^0 ^[^ ]*hWVy/cc[^ ]*$
{
SBLOG="A1S-Navidad Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Et3H6DZfwAqn[^ ]*$
* 300^0 ^[^ ]*YDC02gNWAv[^ ]*$
* 300^0 ^[^ ]*0csChaibeIF[^ ]*$
* 300^0 ^[^ ]*mRuvjgD4hDQ[^ ]*$
* 300^0 ^[^ ]*ZcKmoX9OCr[^ ]*$
* 300^0 ^[^ ]*jG0SGFdkEQp[^ ]*$
* 300^0 ^[^ ]*HCllZbuGbazc[^ ]*$
* 300^0 ^[^ ]*LUTFmgTOmsx[^ ]*$
* 300^0 ^[^ ]*4pdx6VlOL2a[^ ]*$
* 300^0 ^[^ ]*EfDXRv1XrPI[^ ]*$
* 300^0 ^[^ ]*caAYQZ5273Q[^ ]*$
* 300^0 ^[^ ]*ZWW7hm2s3J[^ ]*$
* 300^0 ^[^ ]*JahguSL2T3A[^ ]*$
* 300^0 ^[^ ]*koVxQZIn4s3[^ ]*$
* 300^0 ^[^ ]*zUAGSCOhUL[^ ]*$
{
SBLOG="A1S-Netsky-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-C Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*CqTTVdWwKzYC[^ ]*$
* 300^0 ^[^ ]*YUxuQR3T9VPA[^ ]*$
* 300^0 ^[^ ]*xRiGEAW7CQcQ[^ ]*$
* 300^0 ^[^ ]*4Gqs6qim5tLl[^ ]*$
* 300^0 ^[^ ]*AD100Sl8Ebek[^ ]*$
* 300^0 ^[^ ]*UFYtGXRyL0gN[^ ]*$
* 300^0 ^[^ ]*wKAV0CXMHbrZ[^ ]*$
* 300^0 ^[^ ]*ElaYVD8UihXd[^ ]*$
* 300^0 ^[^ ]*cAHDzvRpYI7D[^ ]*$
* 300^0 ^[^ ]*TfjUNCDTME0c[^ ]*$
* 300^0 ^[^ ]*VsCs2AknCydg[^ ]*$
* 300^0 ^[^ ]*6FEI87kErClL[^ ]*$
* 300^0 ^[^ ]*ZhmQnnHE56Q4[^ ]*$
* 300^0 ^[^ ]*jNK1g9NPsosj[^ ]*$
* 300^0 ^[^ ]*F7GgCme4b6GE[^ ]*$
* 300^0 ^[^ ]*nzk3fSj18Hs3[^ ]*$
* 300^0 ^[^ ]*JenedBMWZeSI[^ ]*$
* 300^0 ^[^ ]*b4kZGgnhmxwP[^ ]*$
* 300^0 ^[^ ]*CJz7V5oGJQUf[^ ]*$
* 300^0 ^[^ ]*vCKhjOZkULUB[^ ]*$
* 300^0 ^[^ ]*5itYXegB6gH0[^ ]*$
* 300^0 ^[^ ]*7FBhbM61wLyM[^ ]*$
* 300^0 ^[^ ]*5LeswP0LAtjC[^ ]*$
* 300^0 ^[^ ]*swIDPIkCJUDY[^ ]*$
* 300^0 ^[^ ]*OvegakaQb5Fo[^ ]*$
* 300^0 ^[^ ]*9NRoHKh4FOvD[^ ]*$
* 300^0 ^[^ ]*BzblycKyUAVC[^ ]*$
* 300^0 ^[^ ]*Uez7Hm5TuwFJ[^ ]*$
* 300^0 ^[^ ]*JBct2nA00UXp[^ ]*$
* 300^0 ^[^ ]*s3Oi3r8acmjS[^ ]*$
* 300^0 ^[^ ]*izbr2FpAMIBx[^ ]*$
* 300^0 ^[^ ]*VpV1o92bSIqR[^ ]*$
* 300^0 ^[^ ]*82U3P8WYu7t5[^ ]*$
* 300^0 ^[^ ]*HuGSE0E1K8HD[^ ]*$
* 300^0 ^[^ ]*cdtcnJIZQVjX[^ ]*$
* 300^0 ^[^ ]*iOSn8KpNNV1b[^ ]*$
* 300^0 ^[^ ]*cU8CgnvtPlZc[^ ]*$
* 300^0 ^[^ ]*51PGkM2JMUen[^ ]*$
* 300^0 ^[^ ]*VfAQ0aKDTYs6[^ ]*$
* 300^0 ^[^ ]*15Behth5SCrB[^ ]*$
* 300^0 ^[^ ]*W3nZbPFBfBWo[^ ]*$
* 300^0 ^[^ ]*9KwIlcn4OikA[^ ]*$
* 300^0 ^[^ ]*tCvKEUuXUPOF[^ ]*$
* 300^0 ^[^ ]*zQc2YBewPjxo[^ ]*$
* 300^0 ^[^ ]*N3gJKlf1SMI1[^ ]*$
* 300^0 ^[^ ]*Fl3pv7rGAKxY[^ ]*$
* 300^0 ^[^ ]*8xeyP31KqisR[^ ]*$
* 300^0 ^[^ ]*MQAVF0XUEiLZ[^ ]*$
* 300^0 ^[^ ]*W9exuKuXVY9P[^ ]*$
* 300^0 ^[^ ]*COUZZgSnCRSq[^ ]*$
* 300^0 ^[^ ]*jpcYAJDJy7d6[^ ]*$
* 300^0 ^[^ ]*O6v3W9tfswv8[^ ]*$
* 300^0 ^[^ ]*F2SYhxfmTWbA[^ ]*$
* 300^0 ^[^ ]*RXGJuwg6f97L[^ ]*$
* 300^0 ^[^ ]*V5yGSQfdgVpy[^ ]*$
{
SBLOG="A1S-Netsky-C Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-D Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*WeO00ACBAo36[^ ]*$
* 300^0 ^[^ ]*0A8GVoyHrxdn[^ ]*$
* 300^0 ^[^ ]*NAfU1RU4gqbx[^ ]*$
* 300^0 ^[^ ]*drwD0ytbVRhq[^ ]*$
* 300^0 ^[^ ]*4ttFfYvJEYyC[^ ]*$
* 300^0 ^[^ ]*haAM9vTUaByo[^ ]*$
* 300^0 ^[^ ]*KgSSGgEqSQfy[^ ]*$
* 300^0 ^[^ ]*WISFG3Pjt6yh[^ ]*$
* 300^0 ^[^ ]*RQ0YQD4ceNns[^ ]*$
* 300^0 ^[^ ]*d0THILTXHnVt[^ ]*$
* 300^0 ^[^ ]*5F2FAOSZjm6q[^ ]*$
* 300^0 ^[^ ]*ppNcS9C7HV2o[^ ]*$
* 300^0 ^[^ ]*m0SZ50A8GVoy[^ ]*$
* 300^0 ^[^ ]*YRuImLGJiKC5[^ ]*$
* 300^0 ^[^ ]*JRCoObKmIoZv[^ ]*$
* 300^0 ^[^ ]*ONGHF0ZQSKiL[^ ]*$
* 300^0 ^[^ ]*VoyHrxdnsDil[^ ]*$
* 300^0 ^[^ ]*2Gk229N6QG5N[^ ]*$
* 300^0 ^[^ ]*Dr0FezXC8jPz[^ ]*$
* 300^0 ^[^ ]*Dj64djfyA7wi[^ ]*$
* 300^0 ^[^ ]*smugpDsZcpSn[^ ]*$
* 300^0 ^[^ ]*gB6BDEpOOwwD[^ ]*$
* 300^0 ^[^ ]*DCcAWKPUcR8g[^ ]*$
* 300^0 ^[^ ]*u70U9nQXIpup[^ ]*$
* 300^0 ^[^ ]*NHMVUfhjDnyE[^ ]*$
* 300^0 ^[^ ]*koj5CWTe3gAf[^ ]*$
* 300^0 ^[^ ]*pOOwwDcQ6OBj[^ ]*$
* 300^0 ^[^ ]*ZULkiLKB5sii[^ ]*$
* 300^0 ^[^ ]*Qc0exrVIQ8yM[^ ]*$
* 300^0 ^[^ ]*1IHUhN0XEKIt[^ ]*$
{
SBLOG="A1S-Netsky-D Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-F Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*4EDRkoOk9ngq[^ ]*$
* 300^0 ^[^ ]*yWabGX5ICNvP[^ ]*$
* 300^0 ^[^ ]*TsVlrWeNBWHw[^ ]*$
* 300^0 ^[^ ]*Zclhux16h9Eo[^ ]*$
* 300^0 ^[^ ]*jC9idXIXLrtt[^ ]*$
* 300^0 ^[^ ]*CYGLSUhiG4kI[^ ]*$
* 300^0 ^[^ ]*ZDBT2qMgQ6wF[^ ]*$
* 300^0 ^[^ ]*9AvaBCOlawIC[^ ]*$
* 300^0 ^[^ ]*w7HnVjHopMB2[^ ]*$
* 300^0 ^[^ ]*0nQF6EsBAACL[^ ]*$
{
SBLOG="A1S-Netsky-F Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-J Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*NWeG6WIiWgTq[^ ]*$
* 300^0 ^[^ ]*x0e2Cizydg7b[^ ]*$
* 300^0 ^[^ ]*KanHAhDYf46J[^ ]*$
* 300^0 ^[^ ]*PW5xPipuPKIV[^ ]*$
* 300^0 ^[^ ]*VCnBXIqVObYp[^ ]*$
{
SBLOG="A1S-Netsky-J Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-K Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*22qk4xO0Z79S[^ ]*$
* 300^0 ^[^ ]*JR4Zegx7Bzj7[^ ]*$
* 300^0 ^[^ ]*aEd15t7b1Lnt[^ ]*$
* 300^0 ^[^ ]*Gm0ZqrVGAdUb[^ ]*$
* 300^0 ^[^ ]*AMD4VX4A614m[^ ]*$
{
SBLOG="A1S-Netsky-K Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-P Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*O18rjsHmyS6i[^ ]*$
* 300^0 ^[^ ]*hNtkbC8ptcin[^ ]*$
* 300^0 ^[^ ]*IQLvvqt0UIwh[^ ]*$
* 300^0 ^[^ ]*l7cktv8iUct\+[^ ]*$
* 300^0 ^[^ ]*fIBGwqvffU6W[^ ]*$
* 300^0 ^[^ ]*UXn3rIJtCWAi[^ ]*$
* 300^0 ^[^ ]*gdWNabXollcj[^ ]*$
* 300^0 ^[^ ]*BvZ20JK4zmdn[^ ]*$
* 300^0 ^[^ ]*xWpRSVjCcpTV[^ ]*$
* 300^0 ^[^ ]*rJwzRdxtjUk1[^ ]*$
* 300^0 ^[^ ]*T1KUHQldCEFZ[^ ]*$
* 300^0 ^[^ ]*8GM5zjXYacW7[^ ]*$
* 300^0 ^[^ ]*th5ISWTYkZCP[^ ]*$
* 300^0 ^[^ ]*tpcFORMKafLD[^ ]*$
* 300^0 ^[^ ]*VNx2KaLHsJbe[^ ]*$
* 300^0 ^[^ ]*vr6WcDtbfnRz[^ ]*$
* 300^0 ^[^ ]*30K2kWdAWHPa[^ ]*$
* 300^0 ^[^ ]*QfhBATGikr5O[^ ]*$
* 300^0 ^[^ ]*S4UuPRDEY4Ou[^ ]*$
* 300^0 ^[^ ]*dY5y3ZOjwNfH[^ ]*$
* 300^0 ^[^ ]*sWcQrpGNGbPz[^ ]*$
* 300^0 ^[^ ]*vr6WcDtbfnRz[^ ]*$
* 300^0 ^[^ ]*dNfde9PKkU6n[^ ]*$
* 300^0 ^[^ ]*Gi67lnbWS5j0[^ ]*$
* 300^0 ^[^ ]*Wkj6gMoflEKd[^ ]*$
* 300^0 ^[^ ]*AQgAYBpMxKHs[^ ]*$
* 300^0 ^[^ ]*Sc3PBU4N60T8[^ ]*$
* 300^0 ^[^ ]*3owhadJuz0ch[^ ]*$
* 300^0 ^[^ ]*YVo9F4MEBVq2[^ ]*$
* 300^0 ^[^ ]*lCcFaW6PziGz[^ ]*$
* 300^0 ^[^ ]*RT3MvlCrJKE5[^ ]*$
* 300^0 ^[^ ]*V15RAnWaDzec[^ ]*$
* 300^0 ^[^ ]*NXFX0W1yv1FI[^ ]*$
* 300^0 ^[^ ]*FHFsAUsBJPmS[^ ]*$
* 300^0 ^[^ ]*3uynGBHTmy5F[^ ]*$
* 300^0 ^[^ ]*9cCqe26CwI6H[^ ]*$
* 300^0 ^[^ ]*FqRcJ8GWXI1I[^ ]*$
* 300^0 ^[^ ]*XTxWr0hOYBXe[^ ]*$
* 300^0 ^[^ ]*oT1UIUr6ACXV[^ ]*$
* 300^0 ^[^ ]*9c66KNfVt4KI[^ ]*$
* 300^0 ^[^ ]*VzqCXLuEPlcG[^ ]*$
* 300^0 ^[^ ]*zOeQ27GeAWJZ[^ ]*$
* 300^0 ^[^ ]*OUV9MhbN57H6[^ ]*$
* 300^0 ^[^ ]*V6yl8zWYMkA2[^ ]*$
* 300^0 ^[^ ]*JeGrHJffaa23[^ ]*$
* 300^0 ^[^ ]*i5eUbw3iF3vM[^ ]*$
* 300^0 ^[^ ]*U2JLhlP95zIJ[^ ]*$
* 300^0 ^[^ ]*NwnJo5rde2dH[^ ]*$
* 300^0 ^[^ ]*kmih4CyBtHIm[^ ]*$
* 300^0 ^[^ ]*Coowb78s2GUK[^ ]*$
* 300^0 ^[^ ]*0zkG2zp3NdX2[^ ]*$
* 300^0 ^[^ ]*NxnUnPeBzEjB[^ ]*$
* 300^0 ^[^ ]*YH4WWQ3gUSdR[^ ]*$
* 300^0 ^[^ ]*MirWCnjk40oJ[^ ]*$
* 300^0 ^[^ ]*3LQaOkcfjeKw[^ ]*$
* 300^0 ^[^ ]*Nfde9PKkU6nu[^ ]*$
* 300^0 ^[^ ]*xLK8vtApT4NW[^ ]*$
* 300^0 ^[^ ]*VqUUlYwnKU1U[^ ]*$
* 300^0 ^[^ ]*5Cvle4a74Nxp[^ ]*$
* 300^0 ^[^ ]*0zBNTYQvKQG7[^ ]*$
{
SBLOG="A1S-Netsky-P Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-Q Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*5HDhdJsCIat4[^ ]*$
* 300^0 ^[^ ]*TbPRaX5Dhzpz[^ ]*$
* 300^0 ^[^ ]*NLtahknmpksP[^ ]*$
* 300^0 ^[^ ]*LKeNzBhu4Rqh[^ ]*$
* 300^0 ^[^ ]*jipPv82yQHca[^ ]*$
* 300^0 ^[^ ]*CbiUxn4AQzZT[^ ]*$
* 300^0 ^[^ ]*81LL7mRX8HQ7[^ ]*$
* 300^0 ^[^ ]*mgJJyrhNyj4L[^ ]*$
* 300^0 ^[^ ]*BJayxMgYh0zy[^ ]*$
* 300^0 ^[^ ]*8aqKeqGIMC77[^ ]*$
{
SBLOG="A1S-Netsky-Q Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-S Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*u7m7JuIGEART[^ ]*$
* 300^0 ^[^ ]*fgYrBVORYfBx[^ ]*$
* 300^0 ^[^ ]*N4VMWXU1RoPH[^ ]*$
* 300^0 ^[^ ]*gEEpQtDr54A5[^ ]*$
* 300^0 ^[^ ]*HeANhXvjTDPy[^ ]*$
{
SBLOG="A1S-Netsky-S Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-T Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*dTv2xb9XPDPb[^ ]*$
* 300^0 ^[^ ]*KuCAow42Gdb9[^ ]*$
* 300^0 ^[^ ]*gPhWn1NYRcjL[^ ]*$
* 300^0 ^[^ ]*GL3UAEUEShRL[^ ]*$
* 300^0 ^[^ ]*GXVZJLkCNLhz[^ ]*$
* 300^0 ^[^ ]*cCN2f7C2DAAE[^ ]*$
* 300^0 ^[^ ]*tLJHQwRW4WLb[^ ]*$
* 300^0 ^[^ ]*QUybcQQxEgEB[^ ]*$
* 300^0 ^[^ ]*BQFJHsX3OBI8[^ ]*$
* 300^0 ^[^ ]*1661r8hBehOw[^ ]*$
{
SBLOG="A1S-Netsky-T Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-W Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*BbChBOOFVsEC[^ ]*$
* 300^0 ^[^ ]*XXIYcUe4dCGj[^ ]*$
* 300^0 ^[^ ]*8DQMrP8FFpHB[^ ]*$
* 300^0 ^[^ ]*2e61d8HUleZX[^ ]*$
* 300^0 ^[^ ]*Pt2D4WOad0EB[^ ]*$
* 300^0 ^[^ ]*bt29pDDBQoYa[^ ]*$
* 300^0 ^[^ ]*FcdzxBh556GH[^ ]*$
* 300^0 ^[^ ]*gQZAYx8MAgBt[^ ]*$
* 300^0 ^[^ ]*UUo0KDiCNQBF[^ ]*$
* 300^0 ^[^ ]*8cEgVTxNhHTw[^ ]*$
{
SBLOG="A1S-Netsky-W Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-X Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Fsg16IBD7fdD[^ ]*$
* 300^0 ^[^ ]*JBUfM1OaCpu6[^ ]*$
* 300^0 ^[^ ]*FoH3Sdxwi8fe[^ ]*$
* 300^0 ^[^ ]*kCVdhbFiCNUY[^ ]*$
* 300^0 ^[^ ]*0FCmGGZM6Y3J[^ ]*$
{
SBLOG="A1S-Netsky-X Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-Y Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*LhiRR2zechZw[^ ]*$
* 300^0 ^[^ ]*h6M3huCoaqDM[^ ]*$
* 300^0 ^[^ ]*SV6MoOrA3LD8[^ ]*$
* 300^0 ^[^ ]*NPStSTRJiJKa[^ ]*$
* 300^0 ^[^ ]*IEgeGQtHUcUy[^ ]*$
{
SBLOG="A1S-Netsky-Y Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-Z Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*5Nwt9KNw4PxV[^ ]*$
* 300^0 ^[^ ]*17ENVlaYLx60[^ ]*$
* 300^0 ^[^ ]*80tfRPkGMLC6[^ ]*$
* 300^0 ^[^ ]*EzsgMDlhInLe[^ ]*$
* 300^0 ^[^ ]*QzvzKLwAf6BH[^ ]*$
* 300^0 ^[^ ]*7hL0h2h7Cj3V[^ ]*$
* 300^0 ^[^ ]*ZoJu8gFy2QYM[^ ]*$
* 300^0 ^[^ ]*yy4VHZSd7p8S[^ ]*$
* 300^0 ^[^ ]*BoUV2JdAGc1w[^ ]*$
* 300^0 ^[^ ]*jPUWI9026b4V[^ ]*$
* 300^0 ^[^ ]*FCwXwVqsTmFa[^ ]*$
* 300^0 ^[^ ]*sDi2UEkx1xBl[^ ]*$
* 300^0 ^[^ ]*ikpmHqITlhDH[^ ]*$
* 300^0 ^[^ ]*NAFt8WGVqBAi[^ ]*$
* 300^0 ^[^ ]*1ZwcrBXVv6yH[^ ]*$
{
SBLOG="A1S-Netsky-Z Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-AB Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*GXVZJLkCNLhz[^ ]*$
* 300^0 ^[^ ]*VvC0EWuIXKgZ[^ ]*$
* 300^0 ^[^ ]*NQw4AwsAMTUx[^ ]*$
* 300^0 ^[^ ]*JlWZZllwINAR[^ ]*$
* 300^0 ^[^ ]*pmhB0EUQSR2m[^ ]*$
* 300^0 ^[^ ]*iSxqPyZuWY90[^ ]*$
* 300^0 ^[^ ]*UR74OZIAxKX8[^ ]*$
* 300^0 ^[^ ]*ab3xEFd5EdNa[^ ]*$
* 300^0 ^[^ ]*ADA8iwF4UA9w[^ ]*$
* 300^0 ^[^ ]*uCKIHVpsKAs8[^ ]*$
{
SBLOG="A1S-Netsky-AB Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Netsky-AK Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*yAXoipT4HDE2[^ ]*$
* 300^0 ^[^ ]*isfQoz5mpsUa[^ ]*$
* 300^0 ^[^ ]*2vP1jK1a3flP[^ ]*$
* 300^0 ^[^ ]*ab4ofzMPQ7bZ[^ ]*$
* 300^0 ^[^ ]*CcqVLkfYS4lm[^ ]*$
* 300^0 ^[^ ]*Z1bN6BWOV5Fs[^ ]*$
* 300^0 ^[^ ]*9Skgh6dcK0DY[^ ]*$
* 300^0 ^[^ ]*lD5uOLSvuGc9[^ ]*$
* 300^0 ^[^ ]*mF6hTUDg8t12[^ ]*$
* 300^0 ^[^ ]*Nz74yPVC8VD0[^ ]*$
* 300^0 ^[^ ]*pEUMzGahMDs8[^ ]*$
* 300^0 ^[^ ]*cMB69H0o23GR[^ ]*$
* 300^0 ^[^ ]*bjSGY6k15jOe[^ ]*$
* 300^0 ^[^ ]*ZuwWu6pGloYe[^ ]*$
* 300^0 ^[^ ]*5hNn5HlYc3DC[^ ]*$
{
SBLOG="A1S-Netsky-AK Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# NetThief Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*9UgwEAZ[^ ]*$
* 300^0 ^[^ ]*i4\+Laz8[^ ]*$
* 300^0 ^[^ ]*zX4He6/[^ ]*$
* 300^0 ^[^ ]*beBX1o\+[^ ]*$
* 300^0 ^[^ ]*8gokJzv[^ ]*$
{
SBLOG="A1S-NetThief Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Nimda
#
# Extremely virulent virus, spreads as readme.exe.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*//8r8Go[^ ]*$
* 300^0 ^[^ ]*te79///[^ ]*$
* 300^0 ^[^ ]*/wAAAP9[^ ]*$
* 300^0 ^[^ ]*/1BqAGo[^ ]*$
* 300^0 ^[^ ]*N[o4]v4O/s[^ ]*$
{
SBLOG="A1S-Nimda Worm/Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Nyxem-D
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*YFncbvVsCadw[^ ]*$
* 300^0 ^[^ ]*ee9vwIvRAnvy[^ ]*$
* 300^0 ^[^ ]*ZCnUK5i0vl0h[^ ]*$
* 300^0 ^[^ ]*Mx0ZU2LqPlgg[^ ]*$
* 300^0 ^[^ ]*SEkFYVO0Vebs[^ ]*$
* 300^0 ^[^ ]*VMz9OpCEPwFQ[^ ]*$
* 300^0 ^[^ ]*vlkekMKRM8Kh[^ ]*$
* 300^0 ^[^ ]*WxyokuN7GaNr[^ ]*$
* 300^0 ^[^ ]*cEXaHIqPSbOk[^ ]*$
* 300^0 ^[^ ]*0w3IiIohAd72[^ ]*$
{
SBLOG="A1S-Nyxem-D"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Opasoft Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AGoQa(HV|IR)[^ ]*$
* 300^0 ^[^ ]*uP////9[^ ]*$
* 300^0 ^[^ ]*5bj////[^ ]*$
* 300^0 ^[^ ]*7gBQZsd[^ ]*$
* 300^0 ^[^ ]*9D1/AAA[^ ]*$
* 300^0 ^[^ ]*UOjQLwA[^ ]*$
{
SBLOG="A1S-Opasoft Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# P2P.VB.ai Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*SMqZ5\+i[^ ]*$
* 300^0 ^[^ ]*s1w2y6R[^ ]*$
* 300^0 ^[^ ]*IM1yQCH[^ ]*$
* 300^0 ^[^ ]*h4Dodon[^ ]*$
* 300^0 ^[^ ]*nhBcBrC[^ ]*$
* 300^0 ^[^ ]*AOz7BgD[^ ]*$
* 300^0 ^[^ ]*QgAAYEI[^ ]*$
* 300^0 ^[^ ]*wUIAbcF[^ ]*$
* 300^0 ^[^ ]*DPtCAHf[^ ]*$
* 300^0 ^[^ ]*AGp1QwD[^ ]*$
{
SBLOG="A1S-P2P.VB.ai Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# PrettyPark Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*lBZdKuu[^ ]*$
* 300^0 ^[^ ]*FRjW9x\+[^ ]*$
* 300^0 ^[^ ]*NdbUAVL[^ ]*$
* 300^0 ^[^ ]*yAD/0G4[^ ]*$
* 300^0 ^[^ ]*msWiAPA[^ ]*$
* 300^0 ^[^ ]*A8oD7Oj[^ ]*$
* 300^0 ^[^ ]*wRJ0UIt[^ ]*$
* 300^0 ^[^ ]*x/gOg84[^ ]*$
* 300^0 ^[^ ]*CZ5ICGr[^ ]*$
* 300^0 ^[^ ]*PEiIB8Y[^ ]*$
{
SBLOG="A1S-PrettyPark Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Roron-51 Worm
: 0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*voSB4Sm[^ ]*$
* 300^0 ^[^ ]*fpwIPzg[^ ]*$
* 300^0 ^[^ ]*kIXOnm5[^ ]*$
* 300^0 ^[^ ]*6aBIeEX[^ ]*$
* 300^0 ^[^ ]*UTBTx6I[^ ]*$
* 300^0 ^[^ ]*FGoBUuj[^ ]*$
* 300^0 ^[^ ]*AIPECIX[^ ]*$
* 300^0 ^[^ ]*99Er\+Yv[^ ]*$
* 300^0 ^[^ ]*aDBxQQB[^ ]*$
* 300^0 ^[^ ]*JgEAjYQ[^ ]*$
{
SBLOG="A1S-Roron Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Scrambler Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*AIPECIt[^ ]*$
* 300^0 ^[^ ]*iUX8g33[^ ]*$
* 300^0 ^[^ ]*/v//UP8[^ ]*$
* 300^0 ^[^ ]*jY24/v/[^ ]*$
* 300^0 ^[^ ]*AOgrNwA[^ ]*$
* 300^0 ^[^ ]*3vBbu95[^ ]*$
* 300^0 ^[^ ]*mbz7CNF[^ ]*$
* 300^0 ^[^ ]*pfYkclT[^ ]*$
* 300^0 ^[^ ]*YnlhI1Q[^ ]*$
* 300^0 ^[^ ]*BpdPoRp[^ ]*$
{
SBLOG="A1S-Scrambler Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# SDBot.AU Trojan
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MYtRbKa[^ ]*$
* 300^0 ^[^ ]*B+N1pZ6[^ ]*$
* 300^0 ^[^ ]*x3bRLq9[^ ]*$
* 300^0 ^[^ ]*pSDHAWN[^ ]*$
* 300^0 ^[^ ]*iNN/yDW[^ ]*$
* 300^0 ^[^ ]*S9pinXu[^ ]*$
* 300^0 ^[^ ]*B/z2L21[^ ]*$
* 300^0 ^[^ ]*d07ZCKT[^ ]*$
* 300^0 ^[^ ]*NqEbYUg[^ ]*$
* 300^0 ^[^ ]*7qyzmuR[^ ]*$
{
SBLOG="A1S-SDBot.AU Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sharpei-A Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*iAAAAIv[^ ]*$
* 300^0 ^[^ ]*dCBtYWt[^ ]*$
* 300^0 ^[^ ]*cnNpb24[^ ]*$
* 300^0 ^[^ ]*ACAAawA[^ ]*$
* 300^0 ^[^ ]*dGUAU2V[^ ]*$
{
SBLOG="A1S-Sharpei-A Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# SirCam Virus (W32.SirCam@MM)
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*jUTBBIs[^ ]*$
* 300^0 ^[^ ]*fCQIdgS[^ ]*$
* 300^0 ^[^ ]*o4jkQQC[^ ]*$
* 300^0 ^[^ ]*\+///iyw[^ ]*$
* 300^0 ^[^ ]*ZIkhgD1[^ ]*$
{
SBLOG="A1S-SirCam Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Small-H Spyware
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*3yfhx9pIi8de[^ ]*$
* 300^0 ^[^ ]*90RAweDOnYUC[^ ]*$
* 300^0 ^[^ ]*OjADHApLnlzY[^ ]*$
* 300^0 ^[^ ]*ZXNzRxdNb2R1[^ ]*$
* 300^0 ^[^ ]*TAICAiCD08k4[^ ]*$
{
SBLOG="A1S-Small-H Spyware"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*xCzjUCs[^ ]*$
* 300^0 ^[^ ]*ByF8Jl9[^ ]*$
* 300^0 ^[^ ]*XwPS1ST[^ ]*$
* 300^0 ^[^ ]*BxY0PPB[^ ]*$
* 300^0 ^[^ ]*cjsG0Tu[^ ]*$
* 300^0 ^[^ ]*MumaZTh[^ ]*$
* 300^0 ^[^ ]*x/mKmum[^ ]*$
* 300^0 ^[^ ]*U+jSNMt[^ ]*$
* 300^0 ^[^ ]*15BgQSF[^ ]*$
* 300^0 ^[^ ]*EqODx93[^ ]*$
{
SBLOG="A1S-Sober Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-F Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*mq66y2aQpszR[^ ]*$
* 300^0 ^[^ ]*iHgD83uEFg4M[^ ]*$
* 300^0 ^[^ ]*i6O4y9ezbAZp[^ ]*$
* 300^0 ^[^ ]*tYZssPyXeVMo[^ ]*$
* 300^0 ^[^ ]*AQ0j3HQ4xk4l[^ ]*$
* 300^0 ^[^ ]*npial5yNi5xh[^ ]*$
* 300^0 ^[^ ]*EwcYxx8DLVwZ[^ ]*$
* 300^0 ^[^ ]*QK9N0XbMveye[^ ]*$
* 300^0 ^[^ ]*ok9R7oB4p2yE[^ ]*$
* 300^0 ^[^ ]*CMwFyK6Y8Ftz[^ ]*$
{
SBLOG="A1S-Sober-F Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-G Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*zWBu02cIwQ8D[^ ]*$
* 300^0 ^[^ ]*V2bTDNI0e4fr[^ ]*$
* 300^0 ^[^ ]*PAWOVtvzSBNM[^ ]*$
* 300^0 ^[^ ]*7Be7baZW8nVl[^ ]*$
* 300^0 ^[^ ]*B0sXD0F7ZnWE[^ ]*$
* 300^0 ^[^ ]*pBlkGERwnmqZ[^ ]*$
* 300^0 ^[^ ]*5ZMmsu2SzCLz[^ ]*$
* 300^0 ^[^ ]*pFGsuMvnSHOy[^ ]*$
* 300^0 ^[^ ]*B4hANBPIt4MA[^ ]*$
* 300^0 ^[^ ]*YyMMBnMlGzlu[^ ]*$
{
SBLOG="A1S-Sober-G Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-J Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*0Nfci9utmdG6[^ ]*$
* 300^0 ^[^ ]*gEJeCYrvbEIL[^ ]*$
* 300^0 ^[^ ]*0erKdk4yEDZy[^ ]*$
* 300^0 ^[^ ]*15vH96zDU5vQ[^ ]*$
* 300^0 ^[^ ]*jyiZr7xghHOZ[^ ]*$
{
SBLOG="A1S-Sober-J Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-L Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*tMM0jQyNEFMN[^ ]*$
* 300^0 ^[^ ]*riHyQzSNMMX3[^ ]*$
* 300^0 ^[^ ]*n2OTcE2kEGAS[^ ]*$
* 300^0 ^[^ ]*jbUobYzleq7o[^ ]*$
* 300^0 ^[^ ]*1JAGvu3Jr9y4[^ ]*$
{
SBLOG="A1S-Sober-L Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-O Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*SAsMT1CTNM0g[^ ]*$
* 300^0 ^[^ ]*bNsmsvZGEwuM[^ ]*$
* 300^0 ^[^ ]*XI5ANlUB6yfy[^ ]*$
* 300^0 ^[^ ]*mADgk6IjgA1X[^ ]*$
* 300^0 ^[^ ]*2ZO3JlK0xpc4[^ ]*$
{
SBLOG="A1S-Sober-O Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Sober-R Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*nOzMbtUjCuMD[^ ]*$
* 300^0 ^[^ ]*pSC0aZpBLD1J[^ ]*$
* 300^0 ^[^ ]*aQEDAFhOApnM[^ ]*$
* 300^0 ^[^ ]*nuv68dhFWxfI[^ ]*$
* 300^0 ^[^ ]*3D0qg45wDTcP[^ ]*$
{
SBLOG="A1S-Sober-R Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# SoBig Worm/Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*K/cBHSx[^ ]*$
* 300^0 ^[^ ]*rZVJizb[^ ]*$
* 300^0 ^[^ ]*DrVitFc[^ ]*$
* 300^0 ^[^ ]*rolkJrX[^ ]*$
* 300^0 ^[^ ]*zt8P9pT[^ ]*$
{
SBLOG="A1S-SoBig Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*gHB/e2v[^ ]*$
* 300^0 ^[^ ]*j1qLR/m[^ ]*$
* 300^0 ^[^ ]*dAgyJY8[^ ]*$
* 300^0 ^[^ ]*0SOIV7x[^ ]*$
* 300^0 ^[^ ]*Gw47Qgh[^ ]*$
{
SBLOG="A1S-SoBig-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*BSj0hvF[^ ]*$
* 300^0 ^[^ ]*HN8EMuX[^ ]*$
* 300^0 ^[^ ]*LvRtJdz[^ ]*$
* 300^0 ^[^ ]*MdFFlfN[^ ]*$
* 300^0 ^[^ ]*oikgcxQ[^ ]*$
{
SBLOG="A1S-SoBig-C Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*/HrcLhs[^ ]*$
* 300^0 ^[^ ]*qfZjXLv[^ ]*$
* 300^0 ^[^ ]*msFydo9[^ ]*$
* 300^0 ^[^ ]*iJGZx/6[^ ]*$
* 300^0 ^[^ ]*Gg7aCZs[^ ]*$
* 300^0 ^[^ ]*^UEsDBBQ[^ ]*$
* 900^0 Z$?^?G$?^?V$?^?0$?^?Y$?^?W$?^?l$?^?s$?^?c$?^?y$?^?5$?^?w$?^?a$?^?W
{
SBLOG="A1S-SoBig-Gen Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*v0ibwKA[^ ]*$
* 300^0 ^[^ ]*CDH2kTw[^ ]*$
* 300^0 ^[^ ]*YBdt6zE[^ ]*$
* 300^0 ^[^ ]*nblNbDU[^ ]*$
* 300^0 ^[^ ]*jWqE0Z6[^ ]*$
{
SBLOG="A1S-SoBig-Gen Virus/Worm (UPX packed)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*IOsT73k[^ ]*$
* 300^0 ^[^ ]*eGYh2Eo[^ ]*$
* 300^0 ^[^ ]*cb07glg[^ ]*$
* 300^0 ^[^ ]*G\+Q1KAS[^ ]*$
* 300^0 ^[^ ]*WaUYonD[^ ]*$
{
SBLOG="A1S-SoBig-F Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Surila-M Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*SJ760gsUpWKn[^ ]*$
* 300^0 ^[^ ]*pH1cIpdqQlgI[^ ]*$
* 300^0 ^[^ ]*J5jjQQSHMhOw[^ ]*$
* 300^0 ^[^ ]*0gBzJomeI3pv[^ ]*$
* 300^0 ^[^ ]*jLSMXM3IRr9h[^ ]*$
* 300^0 ^[^ ]*AZYQbAP62GcG[^ ]*$
* 300^0 ^[^ ]*vTJWYmxU7PcG[^ ]*$
* 300^0 ^[^ ]*aOAfQzRMBuxb[^ ]*$
* 300^0 ^[^ ]*YTqUxYwaWRKc[^ ]*$
* 300^0 ^[^ ]*17smqzUHHJgE[^ ]*$
* 300^0 ^[^ ]*WAS5PD6S3eQC[^ ]*$
* 300^0 ^[^ ]*aOEjGlUvjmyZ[^ ]*$
* 300^0 ^[^ ]*ZwVxHVAnfYhc[^ ]*$
* 300^0 ^[^ ]*hxordkxBdEQf[^ ]*$
* 300^0 ^[^ ]*GBgNXTLOAw9m[^ ]*$
* 300^0 ^[^ ]*qWf4moJbLosQ[^ ]*$
* 300^0 ^[^ ]*uhBqDNAklqgw[^ ]*$
* 300^0 ^[^ ]*0OkX2D7EhjIa[^ ]*$
* 300^0 ^[^ ]*JCsAB0IJysCK[^ ]*$
* 300^0 ^[^ ]*9hn4GioG1UUU[^ ]*$
* 300^0 ^[^ ]*oqlDRLaWHEOB[^ ]*$
* 300^0 ^[^ ]*S5IzuiMsSGxI[^ ]*$
* 300^0 ^[^ ]*AwpNsBOYL5sK[^ ]*$
* 300^0 ^[^ ]*zSDFWkcgn1KG[^ ]*$
* 300^0 ^[^ ]*0G0D0X7wAzXQ[^ ]*$
* 300^0 ^[^ ]*kwyUThZ07n0i[^ ]*$
* 300^0 ^[^ ]*pomG5i7Xmx96[^ ]*$
* 300^0 ^[^ ]*0gBzJomeI3pv[^ ]*$
* 300^0 ^[^ ]*N3GGSMet1HQH[^ ]*$
* 300^0 ^[^ ]*LxLdASk7S02o[^ ]*$
* 300^0 ^[^ ]*w9oyaJrUjLkY[^ ]*$
* 300^0 ^[^ ]*godi0JPQib3P[^ ]*$
* 300^0 ^[^ ]*MasbzUwydjb3[^ ]*$
* 300^0 ^[^ ]*TC8lYqtl6GLr[^ ]*$
* 300^0 ^[^ ]*TZ2rktTbAdOT[^ ]*$
{
SBLOG="A1S-Surila-M Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Surila-N Trojan
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*bw8qC4zYWezy[^ ]*$
* 300^0 ^[^ ]*QSxfTQmIVbGE[^ ]*$
* 300^0 ^[^ ]*GZNTezv36Wn4[^ ]*$
* 300^0 ^[^ ]*AJkKGWJnOO8b[^ ]*$
* 300^0 ^[^ ]*hc1ezFQrKN7X[^ ]*$
* 300^0 ^[^ ]*uWoWoeeBNkzJ[^ ]*$
* 300^0 ^[^ ]*fwIE5muDHwad[^ ]*$
* 300^0 ^[^ ]*bHia0Yv1PFQV[^ ]*$
* 300^0 ^[^ ]*oXaRhbYNrQ8U[^ ]*$
* 300^0 ^[^ ]*0kiXIF3Et3WC[^ ]*$
* 300^0 ^[^ ]*fwdAcyVPmDyJ[^ ]*$
* 300^0 ^[^ ]*JUjUhHpkmxn4[^ ]*$
* 300^0 ^[^ ]*WhoCDfwGoT6X[^ ]*$
* 300^0 ^[^ ]*ZTjB132yue60[^ ]*$
* 300^0 ^[^ ]*HaPGECcgTlLl[^ ]*$
* 300^0 ^[^ ]*P3aPHdJSwY1y[^ ]*$
* 300^0 ^[^ ]*2JRvrUopwZ9S[^ ]*$
* 300^0 ^[^ ]*PQnaexrN0M8x[^ ]*$
* 300^0 ^[^ ]*w8CWYwHPQNDd[^ ]*$
* 300^0 ^[^ ]*oEju3gVy4YOT[^ ]*$
* 300^0 ^[^ ]*jgFqAoSgos5e[^ ]*$
* 300^0 ^[^ ]*kOjZmnFqLpQO[^ ]*$
* 300^0 ^[^ ]*VugZ6LJslwHY[^ ]*$
* 300^0 ^[^ ]*j2FyQTC2dBSR[^ ]*$
* 300^0 ^[^ ]*hXCaMK6SZiyM[^ ]*$
* 300^0 ^[^ ]*voI3cIKbHN0F[^ ]*$
* 300^0 ^[^ ]*h9beMmNDM0UH[^ ]*$
* 300^0 ^[^ ]*N2DZIXCdppB4[^ ]*$
* 300^0 ^[^ ]*SfIpaRxQLxYw[^ ]*$
* 300^0 ^[^ ]*Giu7aQDorbzr[^ ]*$
* 300^0 ^[^ ]*BxPPsNEHkAcr[^ ]*$
* 300^0 ^[^ ]*ItCAhLcJMKVO[^ ]*$
* 300^0 ^[^ ]*Aw4JnkOwa2VU[^ ]*$
* 300^0 ^[^ ]*BWi4YGs1bJ9W[^ ]*$
* 300^0 ^[^ ]*HcMrkaENThBM[^ ]*$
* 300^0 ^[^ ]*8rB5SvAPAFT0[^ ]*$
* 300^0 ^[^ ]*TBU4wQ3TOdM5[^ ]*$
* 300^0 ^[^ ]*A0OgoMgEvoC2[^ ]*$
* 300^0 ^[^ ]*F7H9LRT62CMY[^ ]*$
* 300^0 ^[^ ]*5UPwsTfSTfQJ[^ ]*$
* 300^0 ^[^ ]*uBDoTgfkaIDC[^ ]*$
* 300^0 ^[^ ]*oEHwAR9PdGo1[^ ]*$
* 300^0 ^[^ ]*IPaMDIHozZYR[^ ]*$
* 300^0 ^[^ ]*PZebVSFnyNqH[^ ]*$
* 300^0 ^[^ ]*8CWYwHPQNDd4[^ ]*$
* 300^0 ^[^ ]*zVHwt2kyVszc[^ ]*$
* 300^0 ^[^ ]*k0m2JInjMOwh[^ ]*$
* 300^0 ^[^ ]*n9F9EMDMHWMT[^ ]*$
* 300^0 ^[^ ]*gT8HRY9DfbkZ[^ ]*$
* 300^0 ^[^ ]*pEsoXJX37FXE[^ ]*$
* 300^0 ^[^ ]*yEgF9s6JTZRW[^ ]*$
* 300^0 ^[^ ]*XiLFW5SF7DI2[^ ]*$
* 300^0 ^[^ ]*uTSx2jxhAnIE[^ ]*$
* 300^0 ^[^ ]*LZeKf8GrWUUr[^ ]*$
* 300^0 ^[^ ]*AXFygyB6roSR[^ ]*$
* 300^0 ^[^ ]*EAyYNMIY6Sbb[^ ]*$
* 300^0 ^[^ ]*bTqKIYiUDYHD[^ ]*$
* 300^0 ^[^ ]*AKRVocClqCoU[^ ]*$
* 300^0 ^[^ ]*FHMDMRJp1Paq[^ ]*$
* 300^0 ^[^ ]*IQNbPgD72hPg[^ ]*$
* 300^0 ^[^ ]*EBD5EKVODAB7[^ ]*$
* 300^0 ^[^ ]*DCtZxH45JNXV[^ ]*$
* 300^0 ^[^ ]*uoBMcptcSeVe[^ ]*$
* 300^0 ^[^ ]*eMR07ESrZJNv[^ ]*$
* 300^0 ^[^ ]*4CO8CdXWwanc[^ ]*$
* 300^0 ^[^ ]*La3I95i9u9aA[^ ]*$
* 300^0 ^[^ ]*J2nsazdDPMca[^ ]*$
* 300^0 ^[^ ]*FBMFLhjN1Nxt[^ ]*$
* 300^0 ^[^ ]*F90hNIES8mRa[^ ]*$
* 300^0 ^[^ ]*2UQJI0N5jrfy[^ ]*$
* 300^0 ^[^ ]*a0g3FNsCOtjs[^ ]*$
* 300^0 ^[^ ]*31ivOVAhBZu9[^ ]*$
* 300^0 ^[^ ]*YCASGWHBbP2K[^ ]*$
* 300^0 ^[^ ]*fwvuPZIfgMWn[^ ]*$
* 300^0 ^[^ ]*f19nDzcZIHcp[^ ]*$
* 300^0 ^[^ ]*IgIkV8lVBAE9[^ ]*$
* 300^0 ^[^ ]*RfRDAzB1jE3T[^ ]*$
* 300^0 ^[^ ]*MIzDAMuPhQTB[^ ]*$
* 300^0 ^[^ ]*ZY625qNHNUkx[^ ]*$
* 300^0 ^[^ ]*EGIbQYkftmax[^ ]*$
* 300^0 ^[^ ]*S998NmfwdAcy[^ ]*$
* 300^0 ^[^ ]*0sjCTZkfmdk5[^ ]*$
* 300^0 ^[^ ]*AG1MX7FwPJ5E[^ ]*$
* 300^0 ^[^ ]*IAAWe8I4SRRD[^ ]*$
* 300^0 ^[^ ]*zfjyWfAAsXJl[^ ]*$
* 300^0 ^[^ ]*WRg8AtbCy6AM[^ ]*$
* 300^0 ^[^ ]*4ixVuUhewyNi[^ ]*$
* 300^0 ^[^ ]*jQvw720kiXIF[^ ]*$
* 300^0 ^[^ ]*QsM1UFyRCWla[^ ]*$
* 300^0 ^[^ ]*ZIDoUWmduVvY[^ ]*$
* 300^0 ^[^ ]*HnGjIYAMQQBn[^ ]*$
* 300^0 ^[^ ]*PJfoyGd7AsxZ[^ ]*$
* 300^0 ^[^ ]*BXLhg5NiUCJX[^ ]*$
* 300^0 ^[^ ]*NYg9F0rRdiyA[^ ]*$
* 300^0 ^[^ ]*ogryHcYtoiBi[^ ]*$
* 300^0 ^[^ ]*BjLlgbh6GkY1[^ ]*$
* 300^0 ^[^ ]*uA2y0jT0hWho[^ ]*$
* 300^0 ^[^ ]*CTYFJMFTjBDd[^ ]*$
* 300^0 ^[^ ]*tlVKFQ6mFcJo[^ ]*$
* 300^0 ^[^ ]*0GhueWGvAT9h[^ ]*$
* 300^0 ^[^ ]*JAXg4ty14Ozc[^ ]*$
* 300^0 ^[^ ]*A2yYBgHWRbuq[^ ]*$
* 300^0 ^[^ ]*NBN2OTL3ChT5[^ ]*$
* 300^0 ^[^ ]*0xgCPATSjIIh[^ ]*$
* 300^0 ^[^ ]*JmwUhJNErvJV[^ ]*$
* 300^0 ^[^ ]*hRw8FjPCBcgH[^ ]*$
* 300^0 ^[^ ]*VuUhewyNihbU[^ ]*$
* 300^0 ^[^ ]*Lk0sdo8YQJyB[^ ]*$
* 300^0 ^[^ ]*JryQOBwaAfwj[^ ]*$
* 300^0 ^[^ ]*7cAPogegehOf[^ ]*$
* 300^0 ^[^ ]*SGi2dwH7AlBo[^ ]*$
* 300^0 ^[^ ]*G4ehpGNYEkif[^ ]*$
* 300^0 ^[^ ]*7gbeh3z47hqz[^ ]*$
* 300^0 ^[^ ]*T9krvWUmE6lM[^ ]*$
* 300^0 ^[^ ]*7CgKamZbCRPA[^ ]*$
* 300^0 ^[^ ]*hrR3j0FRRgIA[^ ]*$
* 300^0 ^[^ ]*9APTNtqws9Cu[^ ]*$
* 300^0 ^[^ ]*zCJmCU6AHMEp[^ ]*$
* 300^0 ^[^ ]*YJigRrP3VT3A[^ ]*$
* 300^0 ^[^ ]*FOBnAqDgUCAB[^ ]*$
{
SBLOG="A1S-Surila-N Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Swen Virus
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*wHQJagF[^ ]*$
* 300^0 ^[^ ]*ReRQaJA[^ ]*$
* 300^0 ^[^ ]*QQBQ6Ae[^ ]*$
* 300^0 ^[^ ]*AAAAg\+w[^ ]*$
* 300^0 ^[^ ]*AVjDi2X[^ ]*$
* 300^0 ^[^ ]*038/zPA[^ ]*$
* 300^0 ^[^ ]*+CAABZW[^ ]*$
* 300^0 ^[^ ]*/4vO6Mb[^ ]*$
* 300^0 ^[^ ]*8QM6wdX[^ ]*$
* 300^0 ^[^ ]*wAD4R4A[^ ]*$
{
SBLOG="A1S-Swen Virus"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*w57t927[^ ]*$
* 300^0 ^[^ ]*CZ/aINt[^ ]*$
* 300^0 ^[^ ]*BxkwgiQ[^ ]*$
* 300^0 ^[^ ]*CjghxrM[^ ]*$
* 300^0 ^[^ ]*DGvIKyM[^ ]*$
{
SBLOG="A1S-Swen Virus (UPX packed)"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Swen-A Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*o3AlBAFfoFHE[^ ]*$
* 300^0 ^[^ ]*izbwAAjUXQUF[^ ]*$
* 300^0 ^[^ ]*QBW6JVqAABqU[^ ]*$
* 300^0 ^[^ ]*FWTgQACNheD9[^ ]*$
* 300^0 ^[^ ]*9omDoAAP811C[^ ]*$
* 300^0 ^[^ ]*LUEAiQSNCC1B[^ ]*$
* 300^0 ^[^ ]*UXYUP911P8VT[^ ]*$
* 300^0 ^[^ ]*9olA1BAOto6G[^ ]*$
* 300^0 ^[^ ]*oY20AAIPEFOv[^ ]*$
* 300^0 ^[^ ]*9BRBAFPo32MA[^ ]*$
* 300^0 ^[^ ]*SHQKSHUoaGwM[^ ]*$
* 300^0 ^[^ ]*AAALigCkEA6d[^ ]*$
* 300^0 ^[^ ]*LUAAHi1AACUt[^ ]*$
* 300^0 ^[^ ]*0Ckh1IWjoFEE[^ ]*$
* 300^0 ^[^ ]*FKdAVKdQzrBc[^ ]*$
* 300^0 ^[^ ]*3UM6BOGAABmi[^ ]*$
* 300^0 ^[^ ]*wHW5agXou0cA[^ ]*$
* 300^0 ^[^ ]*agTo6j8AAIPE[^ ]*$
* 300^0 ^[^ ]*BZWWoD6F88AA[^ ]*$
* 300^0 ^[^ ]*DGiQEEEA6wVo[^ ]*$
* 300^0 ^[^ ]*hdt0cI1F5FBq[^ ]*$
* 300^0 ^[^ ]*3QYU1foMY8AA[^ ]*$
* 300^0 ^[^ ]*JfeCDfdwAdA9[^ ]*$
* 300^0 ^[^ ]*UOjLQAAAg8QM[^ ]*$
* 300^0 ^[^ ]*wxoPA1BAOsFa[^ ]*$
* 300^0 ^[^ ]*91COgnjwAAhc[^ ]*$
* 300^0 ^[^ ]*iUXgPQIBAAB1[^ ]*$
* 300^0 ^[^ ]*4tFCItN8GSJD[^ ]*$
* 300^0 ^[^ ]*WUh0FEh0Ckh1[^ ]*$
* 300^0 ^[^ ]*6wxoPA1BAOsF[^ ]*$
{
SBLOG="A1S-Swen-A Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# SysClock Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*A7ABXlv[^ ]*$
* 300^0 ^[^ ]*AACB5gD[^ ]*$
* 300^0 ^[^ ]*PeBAAAB[^ ]*$
* 300^0 ^[^ ]*PSBBAAB[^ ]*$
* 300^0 ^[^ ]*iXAIgf4[^ ]*$
* 300^0 ^[^ ]*A8H4Aos[^ ]*$
{
SBLOG="A1S-SysClock Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Torvil-D Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*w/rORhs[^ ]*$
* 300^0 ^[^ ]*2X83Vn1[^ ]*$
* 300^0 ^[^ ]*Z3Z/Q5Y[^ ]*$
* 300^0 ^[^ ]*NkHs/SN[^ ]*$
* 300^0 ^[^ ]*fuReVGe[^ ]*$
{
SBLOG="A1S-Torvil-D Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Trood Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*6Yr\+//9[^ ]*$
* 300^0 ^[^ ]*AFBZXuj[^ ]*$
* 300^0 ^[^ ]*QACLDVg[^ ]*$
* 300^0 ^[^ ]*AABJLVd[^ ]*$
* 300^0 ^[^ ]*QAD/Jeh[^ ]*$
{
SBLOG="A1S-Trood Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Ultraset Trojan Downloader
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*agGLyFq[^ ]*$
* 300^0 ^[^ ]*Q0AA/xV[^ ]*$
* 300^0 ^[^ ]*cgsAAIh[^ ]*$
* 300^0 ^[^ ]*wAsAAIl[^ ]*$
* 300^0 ^[^ ]*DAaDxAz[^ ]*$
{
SBLOG="A1S-Ultraset Trojan"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Yaha Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*Li4uLi4[^ ]*$
* 300^0 ^[^ ]*NWAdUqk[^ ]*$
* 300^0 ^[^ ]*7EnICe9[^ ]*$
* 300^0 ^[^ ]*0DyYxQl[^ ]*$
* 300^0 ^[^ ]*6agF0Ok[^ ]*$
* 300^0 ^[^ ]*N\+SwUge[^ ]*$
* 300^0 ^[^ ]*hFCMT8t[^ ]*$
* 300^0 ^[^ ]*Duk7Aoh[^ ]*$
* 300^0 ^[^ ]*fC24DGH[^ ]*$
* 300^0 ^[^ ]*VExyKUw[^ ]*$
{
SBLOG="A1S-Yaha (Lentin) Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Zafi-B Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*MhFaGiEBvhuG[^ ]*$
* 300^0 ^[^ ]*44VaX3hGPVNF[^ ]*$
* 300^0 ^[^ ]*qIBGxqzO2C6A[^ ]*$
* 300^0 ^[^ ]*YmN2f67RQuzQ[^ ]*$
* 300^0 ^[^ ]*ITnWiwoFg0Mw[^ ]*$
{
SBLOG="A1S-Zafi-B Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Zafi-D Virus/Worm
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*GiGmxG9QGN3d[^ ]*$
* 300^0 ^[^ ]*tEHnxOcs58Xn[^ ]*$
* 300^0 ^[^ ]*AuvzqVKhQRno[^ ]*$
* 300^0 ^[^ ]*RM7ewmJVRJdJ[^ ]*$
* 300^0 ^[^ ]*aCUObp55IkHK[^ ]*$
* 300^0 ^[^ ]*KDcSq6ScXSEJ[^ ]*$
* 300^0 ^[^ ]*Rg8cZqWdPMWL[^ ]*$
* 300^0 ^[^ ]*iX2Rv9KcLMIo[^ ]*$
* 300^0 ^[^ ]*8FueS64AlcNc[^ ]*$
* 300^0 ^[^ ]*NjQjUnFAJg5X[^ ]*$
* 300^0 ^[^ ]*S6mphTL4yjQm[^ ]*$
* 300^0 ^[^ ]*NaOg4vXl0AXx[^ ]*$
* 300^0 ^[^ ]*ZHS7SBku2n0n[^ ]*$
* 300^0 ^[^ ]*whD8oRCuRGyY[^ ]*$
* 300^0 ^[^ ]*CiQ8xJBNLUXC[^ ]*$
{
SBLOG="A1S-Zafi-D Virus/Worm"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Hidden executables (typical of viruses)
#
# This catches those file attachment names like IEEE802WAPTER.doc.pif,
# hello.doc.bat, and readme.HTML.vbs.
#
:0 BH
* VIRUSTAG ?? no
* ^Content-Type: application/[0-9a-z][-_0-9a-z]+(; |$[^0-9a-z]*)name( )?=( )?(\")?([0-9a-z][-_0-9a-z]+\.)+[0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.(hta|vbs|exe|scr|pif|lnk|bat|com|cpl)(\")?$
{
SBLOG="A1S-DANGER! Hidden Executable Attachment"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Unnamed Virus #1
#
# 10/07/05:
# Outbreak. Looks like another Mytob, but could be something else.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*tqaL4D28IFT5[^ ]*$
* 300^0 ^[^ ]*ZGpgeFW8CJPH[^ ]*$
* 300^0 ^[^ ]*a6SYVkYBYQoa[^ ]*$
* 300^0 ^[^ ]*DwRBVZwadGKX[^ ]*$
* 300^0 ^[^ ]*2IRTF4roBPDE[^ ]*$
{
SBLOG="A1S-Unnamed Virus #1"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Unnamed Virus #2
#
# 10/07/05:
# Outbreak. Looks like another Mytob, but could be something else.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*hTVSSLbDok2w[^ ]*$
* 300^0 ^[^ ]*Inq4AQYoUBog[^ ]*$
* 300^0 ^[^ ]*ZP4OBA34f6BD[^ ]*$
* 300^0 ^[^ ]*SxrLhDRw2Vr1[^ ]*$
* 300^0 ^[^ ]*Az5QN5sVM0ya[^ ]*$
{
SBLOG="A1S-Unnamed Virus #2"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}
# Unnamed Virus #3
#
# 10/07/05:
# Outbreak. Looks like another Mytob, but could be something else.
#
:0 BD
* VIRUSTAG ?? no
* -1000^0
* 300^0 ^[^ ]*qCAiNe3ErD0T[^ ]*$
* 300^0 ^[^ ]*EDDmqLiHPcbi[^ ]*$
* 300^0 ^[^ ]*8NAVE4C9n5Zz[^ ]*$
* 300^0 ^[^ ]*7rOatUmYXW98[^ ]*$
* 300^0 ^[^ ]*DgPoK3uHMdBU[^ ]*$
{
SBLOG="A1S-Unnamed Virus #3"
INCLUDERC=${SBDIR}/functions/loglevel.rc
:0
{ VIRUSTAG=yes }
:0
{ DANGEROUS=yes }
}