Pls. help me understand :)

Discussion in 'WormGuard' started by Tired, Feb 2, 2004.

Thread Status:
Not open for further replies.
  1. Tired

    Tired Registered Member

    Joined:
    Oct 18, 2002
    Posts:
    50
    Location:
    Boston
    I have been reading through quite a bit of the posts and threads regarding the addition of info to the database in Wormguard. I compiled a long list this morning and set out to see if others had made lists to share.
    In the topic
    question re wormguard database
    « on: October 14, 2002, 11:07:57 PM »
    Started by Tassie, he and average joe and peaches posted their lists.
    If I understand correctly if files are added to the database manually they need to be an extension or an executable type?? How do you find this out?

    For example-( I just added some at random because I am not sure)

    **Is it true ?To add these would NOT work: ?

    Worm.Mydoom.a
    Worm.Brit
    I-Worm.BubbleBoy
    I-Worm.Burnox
    I-Worm.Buzill
    I-Worm.Calil
    I-Worm.Calposa

    **Is it true? To add these WOULD work: ?

    .hta, .idq, .ida, .htw, .idc
    SMSS.EXE and CSRSS.EXE
    Win32.HLLC.Vedex
    Win32.HLLW.Scareg
    Win32.Spreder

    I understand that it does not have to have these (the correct ones) but it would not hurt if they were added.
    Would some one help my understand what is valid or not ? I would weed it out and post it back here .
    OR if someone would look at it for me and let me know.
    I love my wormguard and it has saved me a couple of times.
    However, I would rather be double safe than sorry. I just had to reformat/reinstall this week:(.

    I use WG,TDS3 & PE

    Thanks in advance.
    Tired (Tracy)
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Re:pls. help me understand :) valid files for database

    Hello Tred, welcome!
    If you like to add them, use the executable file, like blaser.exe, iloveyou.scr iloveyou.exe whatever the names are. For the MyDoom you should have to look for the executable and other names, but i think those are created ad randum ...........
    In the left pane don't put all *.exe to be blocked as that would create an unworkable situation.

    Hope you don't need to go through such rebuilds again!
     
  3. Tired

    Tired Registered Member

    Joined:
    Oct 18, 2002
    Posts:
    50
    Location:
    Boston
    Re:pls. help me understand :) valid files for database

    Thanks Jooske.
    So putting in something like : Worm.Mydoom.b would not work?
    Is there a recent list that you know of?

    Cheers.
    T
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
Thread Status:
Not open for further replies.