Doctor Web supplies its anti-virus products to end users through its partners. Find out where you can buy Dr.Web for personal or corporate use. An emergency tool for removing incorrect/damaged installations of Dr.Web for Windows. The supported versions are 4.33, 4.44, 5.0, 6.0, 7.0, 8.0, 9.0, 10.0, 11.0, 11.5, and 12.0. The utility can also be used with Dr.Web KATANA 1.0 and Dr.Web Enterprise Suite client software of the same versions in cases when standard removal tools are.
Anti-virus Dr.Web Light. Quick or full file system scans, as well as custom scans, of user-specified files and folders. The SpIDer Guard monitor scans file systems in real-time whenever an attempt is made to store files and applications in the device’s memory. Neutralisation of ransomware lockers: malicious processes are terminated. Dr.Web URL filter. Install Dr.Web Security Space for Android which comes with a component called an URL Filter.This module will prevent anyone using your device from accessing non-recommended and potentially dangerous sites that fall into several categories; this is especially important for protecting children from unwanted Internet content.
1. Download Dr.Web CureIt! and save the utility on your hard drive.
Dr.Web was one of the world’s first anti-viruses. However, Dr.Web would likely never have been created if the first viruses had not appeared; and they, in turn, would never have appeared were it not for the fact that a habitat exists for them—i.e., computers and computer networks. On the occasion of the Dr.Web anti-virus’s birthday, which.
2. Double-click the saved file to launch it.
3. Wait until scanning is complete and then examine the scan report.
This version doesn't collect statistics
For curing office PCs/servers or for providing other users with malware removal services
The Dr.Web CureIt! utility will cure an infected system once, but it is not designed to provide your PC with real-time protection from viruses. The utility available on our website always features the latest virus definitions, but its virus databases aren’t updated automatically. Included in Dr.Web CureIt! is a set of virus databases that are only current until a new update is released (usually one or more times per hour).
and to perform another scan of your system using the most recently updated virus databases, you will have to download Dr.Web CureIt! again.
download regularly updated distributions of Dr.Web CureIt! in your My Dr.Web CureIt! personal account area throughout the entire license period. You can access it from the program, or by serial number.
Study the course materials and take the “Certified Dr.Web user” exams.
Dr.Web Security SpaceComprehensive protection from Internet threats for Windows, MacOS, Linux, and Android
1 PC/1 year
Dr.Web KATANAThe most lightweight non-signature anti-virus for Windows
1 PC/1 year
Back to news
April 4, 2012
According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com.
Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012.
The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1. Similarly to the older versions, the launched malware first searches the hard drive for the following components:
If the files are not found, the Trojan uses a special routine to generate a list of control servers, sends an installation success notification to intruders' statistics server and sends consecutive queries at control server addresses.
It should be noted that the malware utilizes a very peculiar routine for generating such addresses. It can also switch between several servers for better load balancing. After receiving a reply from a control server, BackDoor.Flashback.39 verifies its RSA signature and then, if successful, downloads and runs payload on the infected machine. It may get and run any executable specified in a directive received from a server.
Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.
Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification. Most infected computers reside in the United States (56.6%, or 303,449 infected hosts), Canada comes second (19.8%, or 106,379 infected computers), the third place is taken by the United Kingdom (12.8% or 68,577 cases of infection) and Australia with 6.1% (32,527 infected hosts) is the fourth.
Doctor Web recommends Mac users to download and install a security update released by Apple from support.apple.com/kb/HT5228 to prevent infection of their systems by BackDoor.Flashback.39.
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.