********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) March 8, 1999 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling/Disabling PowerPoint Scanning * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The fifteen most commonly reported viruses, worldwide: 1 XM.Laroux 2 WM.Concept 3 XM.Extra 4 WM.Cap 5 W97M.Class 6 WM.CopyCap 7 NYB 8 AntiCMOS.A 9 Stealth_Boot.B 10 W95.CIH 11 XF.Paix 12 Stoned.Empire.Monk 13 AntiExe 14 Form.A 15 WM.Wazzu ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 8/19/98 * Excel heuristics which detect and repair new and unknown macro viruses in Excel 95 & 97 documents. 9/16/98 * Added repair for encrypted Excel 97 documents. 10/21/98 * Heuristics to detect AOL Password Stealer Trojans. * WORD Heuristics improvement to increase detection rate. 12/17/98 * Macro Exclusion Engine to speed up the scanning for Word and Excel documents. * PowerPoint engine to scan PowerPoint related viruses. To enable this technology please read "Enabling/Disabling PowerPoint Scanning" section later in this document. 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions: Virus Name Infection Type Week added ---------- -------------- ---------- Alar.4873 File and Boot infector 02/16/99 Alar.4873(b) Boot infector 03/01/99 Alphavirus.1628 File infector 03/01/99 Antifort.1723 File infector 03/01/99 Antifort.1723 (2) File infector 03/01/99 Antifort.1723 (3) File infector 03/01/99 Antifort.1723 (b) Boot infector 03/01/99 Ascii.675 File infector 03/01/99 Backdoor.Trojan File infector 02/16/99 Beast.A.Trojan File infector 03/01/99 Bottle Trojan File infector 02/08/99 Bottle Trojan (2) File infector 02/08/99 Bottle Trojan (3) File infector 02/08/99 Cluster Bomb.1423 (x) File infector 03/01/99 COMIlliad.312 File infector 02/16/99 COMIlliad.312(2) File infector 02/16/99 Darkmatter.2074 File infector 02/18/99 Dead.1373 File infector 03/01/99 Dead.1373 (2) File infector 03/01/99 Dead.1373 (x) File infector 03/01/99 DeathBoy.893 File infector 03/01/99 Diehard2.4000.I File infector 03/01/99 DoRen VirSimul (b) Boot Virus Simulator 03/08/99 DoRen VirSimulator Virus Simulator 03/08/99 DoRen VirSimulator.B Virus Simulator 03/08/99 DoRen VirSimulator.C Virus Simulator 03/08/99 FindABCD File infector 03/01/99 FindABCD (1) File infector 03/01/99 Gollum.7167 File infector 02/08/99 Gollum.7167(2) File infector 02/08/99 Gollum.7167(VxD) File infector 02/08/99 GU.1500 File infector 03/01/99 GU.1500 (2) File infector 03/01/99 GU.1500 (3) File infector 03/01/99 GU.1594 File infector 03/01/99 GU.1594 (2) File infector 03/01/99 H-Ware.4199 File infector 02/08/99 HLLC.Sebek.4407 File infector 03/01/99 HLLC.Sebek.4407 (2) File infector 03/01/99 HLLC.Sebek.4407 (3) File infector 03/01/99 HLLC.Sebek.4407 (4) File infector 03/01/99 HLLO.Pick.3808 File infector 03/01/99 HLLO.Pick.3808 (2) File infector 03/01/99 HLLO.Pick.3808 (3) File infector 03/01/99 HLLO.Pick.4016 File infector 03/01/99 HLLO.Pick.4016 (2) File infector 03/01/99 HLLO.Pick.4016 (3) File infector 03/01/99 HLLO.Pick.4256 File infector 03/01/99 HLLO.Pick.4256 (2) File infector 03/01/99 HLLO.Pick.4256 (3) File infector 03/01/99 HLLP.Jumper.6702 File infector 03/01/99 HLLP.Jumper.6702 (2) File infector 03/01/99 HLLP.Jumper.6702 (3) File infector 03/01/99 HLLP.Jumper.6702 (4) File infector 03/01/99 HLLP.Koles.4493 File infector 03/01/99 HLLP.Koles.4493(2) File infector 03/01/99 HLLP.Kondor.6800 File infector 03/01/99 HLLP.Kondor.6800 (2) File infector 03/01/99 HLLP.Kondor.6800 (3) File infector 03/01/99 HLLP.UX.7088 File infector 03/01/99 HLLP.UX.7088 (2) File infector 03/01/99 HLLP.UX.7088 (3) File infector 03/01/99 HLLT.4758 File infector 03/08/99 HLLT.4758(2) File infector 03/08/99 HLLT.4758U File infector 03/08/99 HLLT.4758U(2) File infector 03/08/99 IVPBased.912 File infector 02/16/99 Jorgito.726 File infector 03/01/99 Jurasic.3242 File infector 02/08/99 Jurasic.3242 (2) File infector 02/08/99 KillMe.1972 File infector 03/08/99 KillMe.1972 (x) File infector 03/08/99 KillMe.1972 (x2) File infector 03/08/99 LittleDevil.2109 (x) File infector 02/16/99 LittleDevil.2109 (x2) File infector 02/16/99 lpJahack File infector 03/01/99 Nephew.3760 File infector 03/01/99 Netbus.170 dropper File infector 02/08/99 Netbus.170 dropper (2) File infector 02/08/99 Netbus.170 dropper (3) File infector 02/08/99 Nomad.1302 File infector 03/08/99 Nomad.1302 (2) File infector 03/08/99 O97M.HalfCross.A File infector 03/08/99 O97M.Jerk File infector 03/08/99 O97M.Shiver.D File infector 03/01/99 O97M.Tristate.A File infector 02/18/99 O97M.Tristate.C File infector 03/01/99 O97M.Tristate.Variant File infector 03/01/99 Piggy.709 File infector 03/08/99 PLIK.2154 File infector 03/01/99 PQRVW Boot infector 03/01/99 Project.801 File infector 03/08/99 PS-MPC (1) File infector 03/01/99 Radom.2688 File infector 03/01/99 RDA-Based File infector 03/08/99 Sebek.4407 (unp) File infector 03/01/99 Sebek.4407 (unp) (2) File infector 03/01/99 Sebek.4407 (unp) (3) File infector 03/01/99 SillyC.125 File infector 03/01/99 SillyC.126 File infector 03/01/99 SillyC.140B File infector 03/01/99 SillyC.87 File infector 03/01/99 Sillyoc.167 File infector 03/01/99 SillyRC.328 File infector 03/01/99 Soulburn.1509 File infector 03/01/99 SPE.718 File infector 03/01/99 SPE.718 (2) File infector 03/01/99 SPE.791 File infector 03/01/99 SPE.791 (2) File infector 03/01/99 SPE.844 File infector 03/01/99 SPE.844 (2) File infector 03/01/99 SPing.Trojan(1) File infector 03/01/99 SPing.Trojan(2) File infector 03/01/99 Suleiman.692 File infector 03/01/99 Suleiman.692 (2) File infector 03/01/99 Systers.2181 File infector 03/01/99 Systers.2181 (x) File infector 03/01/99 Termite.B File infector 02/08/99 Termite.B(2) File infector 02/08/99 TFSG.2805 File infector 03/01/99 TFSG.2805 (2) File infector 03/01/99 TFSG.3000 File infector 03/01/99 TFSG.3000 (2) File infector 03/01/99 TFSG.3000 (3) File infector 03/01/99 Trivial.159 File infector 02/18/99 Trivial.159 (2) File infector 02/18/99 Trivial.27.G File infector 03/01/99 Trivial.call.243 File infector 03/01/99 Trivial.Count.35 File infector 03/01/99 Trivial.Win.118 File infector 03/01/99 Trivial.Win.118 (2) File infector 03/01/99 Trivial.Word.642 File infector 03/01/99 Trivial.Word.642 (2) File infector 03/01/99 Urkel.B (b) Boot infector 03/01/99 VCLBased.Comp.241 File infector 02/16/99 VCLBased.Comp.241(2) File infector 02/16/99 Vein (b) Boot infector 03/01/99 Veronika.1490.B File infector 03/08/99 Vien.435.B File infector 02/16/99 Viva.695 File infector 03/01/99 W95.Kenston File infector 02/08/99 W97M.Argh.A File infector 02/16/99 W97M.Argh.B File infector 03/01/99 W97M.Beast.A File infector 03/01/99 W97M.Class.BE File infector 03/01/99 W97M.Class.BQ File infector 02/08/99 W97M.Class.BT File infector 02/16/99 W97M.Derroche File infector 02/16/99 W97M.Hark.B File infector 03/08/99 W97M.LafS.A File infector 03/01/99 W97M.Nottice.N File infector 03/01/99 W97M.Opey.A File infector 02/08/99 W97M.Passbox.E File infector 02/08/99 W97M.Satt.A File infector 02/08/99 W97M.Setmd.G File infector 02/16/99 W97M.Switch File infector 03/01/99 W97M.Vampire.Q File infector 03/01/99 W97M.ZMK.P File infector 02/16/99 WM.Decept.A File infector 03/01/99 WM.Ivana.G File infector 02/08/99 WM.KMT.Family File infector 02/16/99 WM.Niceday.X.Family File infector 02/16/99 X97M.Sugar.Dropper File infector 02/08/99 XM.Laroux.GI File infector 02/16/99 XM.Laroux.GJ File infector 02/08/99 XM.Laroux.GK File infector 03/08/99 XM.Laroux.HO File infector 02/08/99 XM.Laroux.HP File infector 02/08/99 XM.Laroux.HW File infector 03/08/99 XM.Ueda File infector 03/01/99 Name Changes: Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Trojan.APS to PWsteal.Trojan.4409 10/12/98 Trojan.BOD to BOD.Trojan 10/12/98 Trojan.Bruces.GF (1) to Bruces.GF.Trojan 10/12/98 Trojan.Bruces.GF (2) to Bruces.GF(2).Trojan 10/12/98 Trojan.Bruces.GF (3) to Bruces.GF.Trojan(3) 10/12/98 Trojan.Candy to Candy.Trojan 10/12/98 Trojan.DMSetup2 to DMSetup2.IRC.Trojan 10/12/98 Trojan.Hacked to Hacked.Trojan 10/12/98 Trojan.HaltYou to HaltYou.Trojan 10/12/98 Trojan.ICKiller to ICKiller.Trojan 10/12/98 Trojan.Orchid to Orchid.Trojan 10/12/98 Trojan.Plimo to Plimo.Trojan 10/12/98 Trojan.Typhoon to Typhoon.Trojan 10/12/98 Trojan.ViperX to ViperX.Trojan 10/12/98 Trojan.W95.Netbus to Netbus.W95.Trojan 10/12/98 Trojan.W95.Netbus.160 to Netbus.160.W95.Trojan 10/12/98 Trojan.Win.Dontt to Dontt.Win.Trojan 10/12/98 Trojan.Win.FY to FY.Win.Trojan 10/12/98 Trojan.Win.Taskkill to Taskkill.Win.Trojan 10/12/98 Trojan.Win95.Jerk to Jerk.Win95.Trojan 10/12/98 Trojan_4283 to Trojan_4283.Trojan 10/12/98 WM.Concept.CN to WM.Leveler.A 10/12/98 XM.Laroux.DR to XM.Laroux.DX 10/12/98 XM.Laroux.DX to XM.Laroux.DZ 10/12/98 Deletions: Virus Name Infection Type Date removed ---------- -------------- ------------ Bottle Trojan File infector 02/08/99 Cuki.Trojan File infector 02/01/99 Gollum.7167 File infector 02/08/99 HLLO.3816 File infector 02/01/99 June 12th.2265 (2) File infector 02/08/99 LittleDevil.2109 (x) File infector 02/08/99 PS-MPC (1) File infector 03/01/99 Vien.435.B File infector 02/01/99 W95.Spawn.cmp File infector 03/08/99 X97M.Sugar.Dropper File infector 02/08/99 ********************************************************************** ** Enabling/Disabling PowerPoint Scanning ** ********************************************************************** To enable PowerPoint scanning in NAV for Windows 95/NT version 4.0 or greater, a text file named NAVEX15.INF should be placed in the directory where NAV 4.0 is installed (i.e., C:\Program Files\Norton AntiVirus). To enable PowerPoint scanning in NAV for Netware version 4.0, a text file named NAVEX15.INF should be placed in the directory where NAV 4.0 is installed (i.e., sys:system\navnlm). To enable PowerPoint scanning in NAV for Windows 95/NT version 2.0, NAV 4.0 for Windows 3.1/DOS, NAVIEG 1.0, or NAVFW 1.0 a text file named NAVEX.INF should be placed in the directory where NAV is installed (i.e., C:\NAV). The contents of the text file, NAVEX15.INF or NAVEX.INF, determine which components of NAV have PowerPoint scanning enabled. To enable PowerPoint scanning for a particular component, use the following table to determine the lines to add to the text file. PowerPoint scanning can be enabled for more than one component if needed by adding the required lines for the desired components. +---------------------+--------------------------+--------------------+ |Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner | +---------------------+--------------------------+--------------------+ |[NAVW32] |[NAVAP] |[NAVDX] | |PowerPointScanning=1 |PowerPointScanning=1 |PowerPointScanning=1| +---------------------+--------------------------+--------------------+ +----------------------+--------------------+ |Windows 3.1 scanner/AP|Netware scanner | +----------------------+--------------------+ |[NAVWIN] |[NAVNLM] | |PowerPointScanning=1 |PowerPointScanning=1| +----------------------+--------------------+ To disable PowerPoint scanning for a component, delete the lines added for that component from the NAVEX15.INF or NAVEX.INF file. ********************************************************************** ** Additional Information ** ********************************************************************** SARC has equipped Norton AntiVirus with a new feature called "Infestation Mode." If a large number of new or unknown viruses is found on the system during a scan, Norton AntiVirus will automatically enable its highest level of detection. This gives users the most comprehensive protection in cases where a viral infestation may have been detected. If you would like to disable this feature, you can do so by following these instructions: 1. Create a text File called NAVEX15.INF in your Norton AntiVirus directory,e.g., C:\Program Files\Norton AntiVirus. If this file already exist go to step two. 2. Place the following lines in this File on the left-hand margin: [NAVW32] infestmode=0 [NAVDX] infestmode=0 3. Save the File. Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.