********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) January 18, 1999 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling/Disabling PowerPoint Scanning * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The fifteen most commonly reported viruses, worldwide: 1 XM.Laroux 2 WM.Concept 3 XM.Extra 4 WM.Cap 5 W97M.Class 6 WM.CopyCap 7 NYB 8 AntiCMOS.A 9 Stealth_Boot.B 10 W95.CIH 11 XF.Paix 12 Stoned.Empire.Monk 13 AntiExe 14 Form.A 15 WM.Wazzu ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 8/19/98 * Excel heuristics which detect and repair new and unknown macro viruses in Excel 95 & 97 documents. 9/16/98 * Added repair for encrypted Excel 97 documents. 10/21/98 * Heuristics to detect AOL Password Stealer Trojans. * WORD Heuristics improvement to increase detection rate. 12/17/98 * Macro Exclusion Engine to speed up the scanning for Word and Excel documents. * PowerPoint engine to scan PowerPoint related viruses. To enable this technology please read "Enabling/Disabling PowerPoint Scanning" section later in this document. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions: Virus Name Infection Type Week added ---------- -------------- ---------- A97M.Amg.Trojan File infector 01/05/99 Alar.4265 File and Boot infector 01/11/99 Anticad.mp.4096.k (b) Boot infector 01/18/99 Antifort.1725 File infector 01/18/99 Antifort.1725 (2) File infector 01/18/99 Antifort.1725 (3) File infector 01/18/99 AP.A (b) Boot infector 01/18/99 Atmosphere.1070 File infector 12/28/98 Avispa.2048.a File infector 12/28/98 Avispa.2048.b File infector 12/28/98 Avispa.2048.d File infector 12/28/98 Azboo (b) Boot infector 01/05/99 Azusa Boot infector 12/14/98 Backform.2000(x) File infector 12/28/98 Bauh.974 File infector 12/28/98 Beda.609 File infector 01/18/99 Beda.609 (2) File infector 01/18/99 Beda.609 (3) File infector 01/18/99 Berlin.434b File infector 12/28/98 Blagg.624 File infector 01/05/99 Bleah.E (b) Boot infector 01/18/99 BoringBat.441 File infector 01/05/99 Butterfly (x) File infector 12/28/98 BYE.641 File infector 01/05/99 BYE.641(2) File infector 01/05/99 BYE.641(3) File infector 01/05/99 BZZ-Based.522 File infector 12/28/98 Carriers.6582 File infector 12/28/98 Carriers.6589 File infector 01/11/99 Catal.660 File infector 12/28/98 Coca.509 File infector 12/28/98 Crazypunk.500 File infector 12/28/98 Crazypunk.500(2) File infector 12/28/98 Crazypunk.500(3) File infector 12/28/98 Crazypunk.500(4) File infector 12/28/98 Creeper.472d File infector 01/05/99 Cricri.mp (b) Boot infector 01/18/99 CRUNCHER.2092 File infector 12/28/98 DarkMatter.744 File infector 12/28/98 DeepThroat.Trojan File infector 12/17/98 Die.490 File infector 01/05/99 Dinamo (b) Boot infector 01/18/99 Dogcher.mp (b) Boot infector 01/18/99 Dre.756 File infector 12/28/98 DuBug.3999 (1) File infector 12/17/98 DuBug.3999 (2) File infector 12/17/98 Energy (b) Boot infector 12/17/98 Ermua (b) Boot infector 12/17/98 Evasor.145 File infector 01/18/99 EVC.Gr.u File infector 12/28/98 Fatty.MP (b) Boot infector 01/18/99 Flag (b) Boot infector 01/18/99 Flame Boot infector 12/14/98 GCAE.SPHINX.2578 File infector 12/28/98 GeeZee.464 File infector 01/11/99 Gimp (b) Boot infector 01/18/99 Ginger.o/R.mp.gen (b) Boot infector 01/18/99 Gonzal.60 File infector 01/11/99 GW.1000 File infector 12/28/98 HLL.14042 File infector 12/14/98 HLL.14042(2) File infector 12/14/98 HLLC.12896 File infector 12/14/98 HLLC.12896(2) File infector 12/14/98 HLLC.8210 File infector 12/14/98 HLLC.8210(2) File infector 12/14/98 HLLC.Godsquad File infector 12/28/98 HLLC.Godsquad(2) File infector 12/28/98 HLLC.Godsquad(3) File infector 12/28/98 HLLC.MF.5216 File infector 01/18/99 HLLC.MF.5216 (2) File infector 01/18/99 HLLO.6726 File infector 12/28/98 HLLO.6726(2) File infector 12/28/98 HLLO.6726(3) File infector 12/28/98 HLLO.9856 File infector 12/28/98 HLLO.9856(2) File infector 12/28/98 HLLO.9856(3) File infector 12/28/98 HLLo.Invader.4751(2) File infector 12/28/98 HLLO.Invader.7451 File infector 12/28/98 HLLO.MF.2688 File infector 01/18/99 HLLO.MF.2688(2) File infector 01/18/99 HLLP.16196 File infector 12/28/98 HLLP.16196(2) File infector 12/28/98 HLLP.16196(3) File infector 12/28/98 HLLP.16196(4) File infector 12/28/98 HLLP.4109 File infector 12/28/98 HLLP.4109(2) File infector 12/28/98 HLLP.5952 File infector 12/28/98 HLLP.5952 (2) File infector 12/28/98 HLLP.5952 (3) File infector 12/28/98 HLLP.7102 File infector 01/18/99 HLLP.7102(2) File infector 01/18/99 HLLP.7299 File infector 12/28/98 HLLP.7299(2) File infector 12/28/98 HLLP.Eek.9652 File infector 12/28/98 HLLP.MF.6014 File infector 01/18/99 HLLP.MF.6014 (2) File infector 01/18/99 HLLP.MF.6014 (3) File infector 01/18/99 HLLP.MF.6014 (4) File infector 01/18/99 HLLT.5236 File infector 12/28/98 HLLT.5326(2) File infector 12/28/98 HLLT.5326(3) File infector 12/28/98 HLP.37931 File infector 01/18/99 HLP.37931 (2) File infector 01/18/99 HLP.37931 (3) File infector 01/18/99 House.397 (1) File infector 01/05/99 ICQ.Revenge.Trojan File infector 12/17/98 Idie.3520 File and Boot infector 01/05/99 Idie.3520 (2) File and Boot infector 01/05/99 Idie.3520 (b) Boot infector 01/05/99 Implant.mp.6128.a File and Boot infector 12/17/98 Intended.Ontario (b) Boot infector 12/28/98 Intended.Tbyte File infector 01/05/99 Intended.Tbyte (2) File infector 01/05/99 Iris.567 File infector 12/28/98 Italian (b) Boot infector 01/18/99 IVP.608 File infector 01/05/99 Jilt.667 File infector 12/28/98 Jindra (b) Boot infector 12/17/98 Jonny5.486 File infector 12/28/98 Jorgito.GR File infector 12/28/98 Kampi.4181 File infector 12/17/98 Kampi.4181 (1) File infector 12/28/98 Kampi.4181 (2) File infector 12/17/98 Kampi.4181(2) File infector 12/28/98 Kampi.4181(3) File infector 12/28/98 Kampi.4181(4) File infector 12/28/98 KARA.739 File infector 01/05/99 KARA.739(2) File infector 01/05/99 KARA.739(3) File infector 01/05/99 KARA.739(4) File infector 01/05/99 Keypress.1232 (x) File infector 12/17/98 Khizhnjak.406 File infector 01/05/99 Khizhnjak.406(2) File infector 01/05/99 Khizhnjak.406(3) File infector 01/05/99 Khizhnjak.406(4) File infector 01/05/99 Kitana.C (b) Boot infector 01/18/99 Kl.c (b) Boot infector 12/17/98 Kotos.870 File infector 12/28/98 Kusps.658 File infector 01/05/99 Kusps.658(x) File infector 01/05/99 Lamerman.b File infector 12/28/98 Lamerman.b (2) File infector 12/28/98 Lamerman.b (b) Boot infector 12/28/98 LEO.293 File infector 01/05/99 LEO.293(2) File infector 01/05/99 LEO.293(3) File infector 01/05/99 LEO.293(4) File infector 01/05/99 Leprosy.591 File infector 01/18/99 LittleDevil.2109 File infector 01/18/99 LittleDevil.2109 (2) File infector 01/18/99 LittleDevil.2109 (x) File infector 01/18/99 LLP.791 File infector 12/28/98 LLP.791 (1) File infector 01/05/99 LLP.791 (2) File infector 12/28/98 LLP.791(2) File infector 01/05/99 LLP.791(3) File infector 01/05/99 Locust.1456 File infector 12/28/98 Locust.1456 (2) File infector 12/28/98 MAINMAIN.200(3) File infector 01/05/99 MAINMAN.200 File infector 01/05/99 MAINMAN.200(2) File infector 01/05/99 Markus.mp.6001 (b) Boot infector 01/18/99 Maverick.3584 File infector 01/11/99 Mercury.831 File infector 12/28/98 Messew.3016 File and Boot infector 01/18/99 Messew.3016 (2) File and Boot infector 01/18/99 Messew.3016 (3) File and Boot infector 01/18/99 Messiah.4591 File infector 01/18/99 Messiah.4591 (x) File infector 01/18/99 Mogollon (b) Boot infector 12/17/98 MOSKAU.846 File infector 12/28/98 MPCd.727 File infector 12/28/98 MPCe.283 File infector 12/28/98 MPCe.284 File infector 12/28/98 Mpei.mp (b) Boot infector 01/18/99 Mr.Schu.490 File infector 12/28/98 Natas.mp File and Boot infector 01/18/99 Nauru.444 File infector 01/05/99 Nemo.848 File infector 12/28/98 Netspy.Trojan File infector 12/17/98 Noker.mp.4575 (b) Boot infector 01/18/99 Nov-7 (b) Boot infector 01/18/99 NSD.300 File infector 12/28/98 Odessa.727 (1) File infector 01/05/99 Olivia.GR File infector 12/14/98 Olivia.GR (X) File infector 12/14/98 One-Half.mp.3666 (b) Boot infector 01/18/99 Org.b (b) Boot infector 01/18/99 P97M.Vic.A File infector 12/17/98 Paraguay.2750 File infector 01/11/99 Peru (b) Boot infector 12/17/98 PH33R.1262 File infector 01/05/99 Phoenix.2000 (4) File infector 12/17/98 PictureNote.Trojan File infector 01/18/99 Pirate (b) Boot infector 01/18/99 PIZ.1176 File infector 12/28/98 Predator.1055 File infector 01/05/99 Predator.1055(2) File infector 01/05/99 Predator.b (b) Boot infector 01/18/99 Printscreen.b (b) Boot infector 12/28/98 QNPC.Thief.Trojan File infector 12/17/98 Quandary (b) Boot infector 01/18/99 Radyum.427 File infector 01/05/99 Rainbow.2501 (b) Boot infector 01/18/99 RDA.KeyB File infector 01/11/99 Redarc.343 File infector 12/28/98 Redarc.343(2) File infector 12/28/98 Revenge.2816 File infector 01/05/99 Rhubarb (b) Boot infector 12/17/98 Rift (b) Boot infector 01/18/99 Rusti.225 File infector 12/28/98 Sailor.Boot.A (b) Boot infector 01/18/99 Secretary (b) Boot infector 01/18/99 SGWW.Bomber.1371 File infector 01/11/99 SillyOC-52 File infector 01/05/99 SillyOC-52 (2) File infector 01/05/99 SillyORC.144 File infector 01/05/99 SillyORC.144 (2) File infector 01/05/99 Skopal.1599 (m) File infector 12/17/98 Spanska.4270 File infector 12/28/98 Spanska_II.427 File infector 01/05/99 Stoned.AntiExe Boot infector 01/11/99 Stoned.Elythnia (b) Boot infector 12/28/98 Stoned.WXYC (b) Boot infector 12/28/98 Tesv.232 File infector 01/05/99 TMC.B File infector 12/17/98 Trivial.c.ow (1) File infector 01/05/99 Trivial.Renegade (2) File infector 12/28/98 Trivial.Renegade (3) File infector 12/28/98 Trivial.Renegade.1842 File infector 12/28/98 TrivialMut.80 File infector 12/28/98 TrivialMut.80(2) File infector 12/28/98 TrivialMut.80(3) File infector 12/28/98 TSM.5536 File infector 12/17/98 Tula.1997 File infector 12/28/98 Tved.test.770 File infector 01/11/99 Vanq.688 File infector 01/05/99 VCCb.436 File infector 12/28/98 VCL.Timothy.641 File infector 01/05/99 Vini.793 File infector 12/28/98 Virogen.Pinworm.b File infector 12/17/98 Viva.691 File infector 01/18/99 VLAD.SLY (b) Boot infector 01/18/99 Vulcan.227 File infector 12/28/98 Vulcan.294 File infector 12/28/98 Vulcan.307 File infector 12/28/98 Vulcan.480 File infector 12/28/98 Vulcan.480(x) File infector 12/28/98 Vulcan.484 File infector 12/28/98 W32.RemExp.Corrupt File infector 12/28/98 W32.RemExp.Corrupt(2) File infector 12/28/98 W32.RemoteExplore File Infector 12/22/98 W95.K32 File infector 12/17/98 W97M.ColdApe.C File infector 12/28/98 W97M.Ethan.A File infector 01/18/99 W97M.Nottice.K File infector 12/17/98 W97M.VMPCK1.BE File infector 12/17/98 W97M.VMPCK1.BF File infector 12/17/98 W97M.VMPCK1.BG File infector 01/18/99 WinNuke.Trojan File infector 12/28/98 WM.Imposter.G File infector 12/17/98 WM.MDMA.BK File infector 12/17/98 WM.Mentes.C File infector 12/17/98 WM.Niceday.AA File infector 01/05/99 WM.Schumann.AA File infector 12/17/98 WM.Twno.AR File infector 12/17/98 WM.Wazzu.FQ File infector 12/17/98 WWPE.RSA.4819 File infector 01/11/99 X97M.Laroux.FG File infector 12/28/98 X97M.Laroux.HK File infector 01/11/99 X97M.Laroux.HN File infector 01/18/99 Xany.314 File infector 12/28/98 XM.2401 File infector 01/11/99 XM.Laroux.BO.var File infector 01/18/99 XM.Laroux.DX.var File infector 01/18/99 XM.Laroux.EO.var File infector 01/18/99 XM.Laroux.FW File infector 01/18/99 XM.Laroux.FX File infector 01/18/99 XM.Laroux.FY File infector 01/18/99 XRF.3730 File infector 12/28/98 Yeast.702 File infector 12/28/98 Yosha.b (b) Boot infector 12/17/98 Yosha.Zadig.1276 File infector 01/11/99 Yowler (1) File infector 12/28/98 Yowler (2) File infector 12/28/98 Zany.129 File infector 12/28/98 Zany.160e File infector 01/05/99 Zany.181b File infector 12/28/98 Zany.218b File infector 12/28/98 Name Changes: Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Beware.1643 to Dual_GTM.1643 (x) 12/28/98 HLLP.4109 to HLLP.4109 (1) 12/28/98 HLLP.4109(2) to HLLP.4109 (2) 12/28/98 Trojan.APS to PWsteal.Trojan.4409 10/12/98 Trojan.BOD to BOD.Trojan 10/12/98 Trojan.Bruces.GF (1) to Bruces.GF.Trojan 10/12/98 Trojan.Bruces.GF (2) to Bruces.GF(2).Trojan 10/12/98 Trojan.Bruces.GF (3) to Bruces.GF.Trojan(3) 10/12/98 Trojan.Candy to Candy.Trojan 10/12/98 Trojan.DMSetup2 to DMSetup2.IRC.Trojan 10/12/98 Trojan.Hacked to Hacked.Trojan 10/12/98 Trojan.HaltYou to HaltYou.Trojan 10/12/98 Trojan.ICKiller to ICKiller.Trojan 10/12/98 Trojan.Orchid to Orchid.Trojan 10/12/98 Trojan.Plimo to Plimo.Trojan 10/12/98 Trojan.Typhoon to Typhoon.Trojan 10/12/98 Trojan.ViperX to ViperX.Trojan 10/12/98 Trojan.W95.Netbus to Netbus.W95.Trojan 10/12/98 Trojan.W95.Netbus.160 to Netbus.160.W95.Trojan 10/12/98 Trojan.Win.Dontt to Dontt.Win.Trojan 10/12/98 Trojan.Win.FY to FY.Win.Trojan 10/12/98 Trojan.Win.Taskkill to Taskkill.Win.Trojan 10/12/98 Trojan.Win95.Jerk to Jerk.Win95.Trojan 10/12/98 Trojan_4283 to Trojan_4283.Trojan 10/12/98 WM.Concept.CN to WM.Leveler.A 10/12/98 WWPE.RSA.4819 to Trivial.d.ow (4) 01/18/99 XM.Laroux.DR to XM.Laroux.DX 10/12/98 XM.Laroux.DW to XM.Laroux.EI 01/11/99 XM.Laroux.DX to XM.Laroux.DZ 10/12/98 XM.Laroux.FW to XM.Forecast 01/11/99 Deletions: Virus Name Infection Type Date removed ---------- -------------- ------------ Avispa File infector 12/17/98 Azusa (z) Boot infector 12/14/98 DuBug.3999 (1) File infector 12/17/98 DuBug.3999 (2) File infector 12/17/98 Flame (z) Boot infector 12/14/98 HLLP.4983 (1) File infector 12/14/98 HLLP.4983 (2) File infector 12/14/98 HLLP.4983 (3) File infector 12/14/98 Hlp.37931 File infector 01/18/99 Hlp.37931 (2) File infector 01/18/99 PHX.823 File infector 01/18/99 TMC.B File infector 01/11/99 Virogen.Pinworm (1) File infector 12/17/98 Virogen.Pinworm (2) File infector 12/17/98 Virogen.Pinworm (3) File infector 12/17/98 W95.Memorial File infector 01/18/99 W95.Memorial (DOS) File infector 01/18/99 ********************************************************************** ** Enabling/Disabling PowerPoint Scanning ** ********************************************************************** To enable PowerPoint scanning in NAV for Windows 95/NT version 4.0 or greater, a text file named NAVEX15.INF should be placed in the directory where NAV 4.0 is installed (i.e., C:\Program Files\Norton AntiVirus). To enable PowerPoint scanning in NAV for Windows 95/NT version 2.0, NAV 4.0 for Windows 3.1/DOS, NAVIEG 1.0, or NAVFW 1.0 a text file named NAVEX.INF should be placed in the directory where NAV is installed (i.e., C:\NAV). The contents of the text file, NAVEX15.INF or NAVEX.INF, determine which components of NAV have PowerPoint scanning enabled. To enable PowerPoint scanning for a particular component, use the following table to determine the lines to add to the text file. PowerPoint scanning can be enabled for more than one component if needed by adding the required lines for the desired components. +---------------------+--------------------------+--------------------+ |Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner | +---------------------+--------------------------+--------------------+ |[NAVW32] |[NAVAP] |[NAVDX] | |PowerPointScanning=1 |PowerPointScanning=1 |PowerPointScanning=1| +---------------------+--------------------------+--------------------+ +----------------------+ |Windows 3.1 scanner/AP| +----------------------+ |[NAVWIN] | |PowerPointScanning=1 | +----------------------+ To disable PowerPoint scanning for a component, delete the lines added for that component from the NAVEX15.INF or NAVEX.INF file. ********************************************************************** ** Additional Information ** ********************************************************************** SARC has equipped Norton AntiVirus with a new feature called "Infestation Mode." If a large number of new or unknown viruses is found on the system during a scan, Norton AntiVirus will automatically enable its highest level of detection. This gives users the most comprehensive protection in cases where a viral infestation may have been detected. If you would like to disable this feature, you can do so by following these instructions: 1. Create a text File called NAVEX15.INF in your Norton AntiVirus directory,e.g., C:\Program Files\Norton AntiVirus. If this file already exist go to step two. 2. Place the following lines in this File on the left-hand margin: [NAVW32] infestmode=0 [NAVDX] infestmode=0 3. Save the File. Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.