********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) July 7, 1999 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling/Disabling PowerPoint Scanning * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W97M.Class 2 XM.Laroux 3 O97M.Tristate 4 W95.CIH 5 Happy99.Worm 6 WM.Cap 7 W97M.ColdApe 8 W97M.Ethan 9 W97M.Melissa 10 Worm.ExploreZip ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 8/19/98 * Excel heuristics which detect and repair new and unknown macro viruses in Excel 95 & 97 documents. 9/16/98 * Added repair for encrypted Excel 97 documents. 10/21/98 * Heuristics to detect AOL Password Stealer Trojans. * WORD Heuristics improvement to increase detection rate. 12/17/98 * Macro Exclusion Engine to speed up the scanning for Word and Excel documents. * PowerPoint engine to scan PowerPoint related viruses. To enable this technology please read "Enabling/Disabling PowerPoint Scanning" section later in this document. 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/12/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions: Virus Name Infection Type Week added ---------- -------------- ---------- Abbas.1100 File infector 06/10/99 Alladin.1827 File infector 06/28/99 AOD.385 File infector 06/10/99 AOD.385 (2) File infector 06/10/99 AOL Trojan 1 File infector 06/07/99 AOL Trojan 2 File infector 06/07/99 AOL Trojan 3 File infector 06/07/99 AOL Trojan 4 File infector 06/07/99 AOL Trojan 5 File infector 06/07/99 AOL Trojan 6 File infector 06/07/99 AOL Trojan 7 File infector 06/07/99 AOL Trojan 8 File infector 06/07/99 AOL Trojan 9 File infector 06/07/99 AOL Trojan Buddy File infector 06/07/99 AOL Trojan Buddy 2 File infector 06/07/99 AOL Trojan Buddy 3 File infector 06/07/99 AOL Trojan Winsyst File infector 06/07/99 AOL Trojan Winsyst 2 File infector 06/07/99 AOL Trojan Winsyst 3 File infector 06/07/99 AOL.PWSteal.32512 File infector 06/28/99 Appender.1210 File infector 06/21/99 Backdoor.SubSeven File infector 06/07/99 BackdoorG-DLL.Trojan File infector 06/07/99 Beast.B.Trojan File infector 06/21/99 BIOS.Password.Trojan File infector 06/21/99 Burglar.1150 (Gen1) File infector 06/21/99 Burglar.1150 (Gen1) 2 File infector 06/21/99 Companion.Friendb.330 File infector 06/01/99 Crash.475 File infector 06/28/99 DBO-3 (b) Boot infector 06/01/99 Derwolf.2219 File infector 06/01/99 Derwolf.2219 (2) File infector 06/01/99 Dosinfo.Worm File infector 07/02/99 Dosinfo.Worm 2 File infector 07/02/99 Emperor File and Boot infector 06/01/99 Fake Server Trojan File infector 06/21/99 Fake Server Trojan 2 File infector 06/21/99 Fake Server Trojan 3 File infector 06/21/99 Fake Server Trojan 4 File infector 06/21/99 Fayte.494 File infector 07/02/99 Fayte.494 (2) File infector 07/02/99 FCL.2044 File infector 06/07/99 FCL.2044 (2) File infector 06/07/99 FCL.2044 (3) File infector 06/07/99 Gene.454 File infector 06/10/99 Gene.454 File infector 06/28/99 Gift.1630 File infector 06/28/99 Goma.1002 File infector 06/01/99 Goma.743 File infector 06/01/99 Hack Server Trojan File infector 06/21/99 Hack Server Trojan 2 File infector 06/21/99 Hack Server Trojan 3 File infector 06/21/99 Hack Server Trojan 4 File infector 06/21/99 Hack Svr v1 Trojan File infector 06/28/99 Hack Svr v1 Trojan 2 File infector 06/28/99 Hack Svr v1 Trojan 3 File infector 06/28/99 Hack Svr v1 Trojan 4 File infector 06/28/99 Hack v1.0 Trojan File infector 06/28/99 Hack v1.0 Trojan 2 File infector 06/28/99 Hack v1.0 Trojan 3 File infector 06/28/99 Hack v1.0 Trojan 4 File infector 06/28/99 Hack v1.12 Trojan File infector 06/21/99 Hack v1.12 Trojan 2 File infector 06/21/99 Hack v1.12 Trojan 3 File infector 06/21/99 Hack v1.12 Trojan 4 File infector 06/21/99 Hack'a'Tack Trojan File infector 06/21/99 Hack'a'Tack Trojan 2 File infector 06/21/99 Hack'a'Tack Trojan 3 File infector 06/21/99 Hack'a'Tack Trojan 4 File infector 06/21/99 Hal-Com.2862 File infector 06/10/99 HBR.135 File infector 06/10/99 Heathen.12288(DLL) File infector 06/21/99 HKILL.1468 File infector 06/28/99 HKILL.1468 (2) File infector 06/28/99 HKILL.997 File infector 06/28/99 HLLC.4528 File infector 06/07/99 HLLC.4528(2) File infector 06/07/99 HLLO.2229 File infector 06/28/99 HLLO.2229(2) File infector 06/28/99 HLLO.2400 File infector 06/28/99 HLLO.2400(2) File infector 06/28/99 HLLO.2673 File infector 06/28/99 HLLO.2673(2) File infector 06/28/99 HLLO.DVPG.4128 File infector 06/28/99 HLLO.DVPG.4128(2) File infector 06/28/99 HLLO.Maniac.5946 File infector 06/01/99 HLLO.Maniac.5946 (2) File infector 06/01/99 HLLP.3678 File infector 06/28/99 HLLP.3678(2) File infector 06/28/99 HLLP.4631 File infector 06/28/99 HLLP.4631(2) File infector 06/28/99 HLLP.4754 File infector 06/28/99 HLLP.4754(2) File infector 06/28/99 HLLP.5062 File infector 06/28/99 HLLP.5062(2) File infector 06/28/99 HLLP.5192 File infector 06/07/99 HLLP.5192(2) File infector 06/07/99 HLLP.7616 File infector 06/28/99 HLLP.7616(2) File infector 06/28/99 HLLP.8080 File infector 06/28/99 HLLP.8080(2) File infector 06/28/99 HLLP.Jurasic.6227 File infector 06/28/99 HLLP.Jurasic.6227(2) File infector 06/28/99 HLLP.PPZ.8586 File infector 06/28/99 HLLP.PPZ.8586(2) File infector 06/28/99 HLLT.4754 File infector 06/28/99 HLLT.4754(2) File infector 06/28/99 HLLW.8560 File infector 06/07/99 HLLW.8560(2) File infector 06/07/99 Infector.5864 File infector 06/28/99 Istanbul.1385 File infector 06/01/99 Istanbul.1385 (x) File infector 06/01/99 Jackie2.5743 File infector 06/21/99 Jackie2.5743 (2) File infector 06/21/99 Jacklyn.12301 File infector 06/21/99 Jacklyn.12301 (2) File infector 06/21/99 Jags.394 File infector 06/01/99 JAP_HAL (b) Boot infector 06/01/99 JDC.1165 File infector 06/10/99 JDC.1165 (2) File infector 06/10/99 JDC.1165 (3) File infector 06/10/99 Jessica.1261 File infector 06/10/99 Jessica.1261 (x) File infector 06/10/99 Ktcp.200 File infector 06/28/99 KuSuMah.3967 File infector 06/01/99 KuSuMah.4268 (x) File infector 06/01/99 Lazarus.2222 File infector 06/01/99 Magichole.512 File infector 06/01/99 Mahon.1372 File infector 06/01/99 Messiah.4535 (x) File infector 07/02/99 Mwin.a File infector 06/28/99 Mwin.a (2) File infector 06/28/99 Mwin.b File infector 06/28/99 Mwin.b (2) File infector 06/28/99 Nelson.226 File infector 06/10/99 Nephew.3758 File infector 06/01/99 Nephew.3758 (2) File infector 06/01/99 Nephew.3758 (x) File infector 06/01/99 Nephew.3758 (x2) File infector 06/01/99 Netbus 2.01 Trojan 1 File infector 06/07/99 Netbus 2.01 Trojan 10 File infector 06/07/99 Netbus 2.01 Trojan 11 File infector 06/07/99 Netbus 2.01 Trojan 12 File infector 06/07/99 Netbus 2.01 Trojan 13 File infector 06/07/99 Netbus 2.01 Trojan 14 File infector 06/07/99 Netbus 2.01 Trojan 15 File infector 06/07/99 Netbus 2.01 Trojan 2 File infector 06/07/99 Netbus 2.01 Trojan 3 File infector 06/07/99 Netbus 2.01 Trojan 4 File infector 06/07/99 Netbus 2.01 Trojan 5 File infector 06/07/99 Netbus 2.01 Trojan 6 File infector 06/07/99 Netbus 2.01 Trojan 7 File infector 06/07/99 Netbus 2.01 Trojan 8 File infector 06/07/99 Netbus 2.01 Trojan 9 File infector 06/07/99 Ninja.1264 File infector 06/28/99 Nipple.823 File infector 06/01/99 Nipple.823 (2) File infector 06/01/99 Nomad.1022 File infector 06/10/99 November 17.768.B (x) File infector 06/28/99 Onkelz.527.c File infector 06/10/99 PM Trojan File infector 06/21/99 PM Trojan (2) File infector 06/21/99 PM Trojan (3) File infector 06/21/99 PM Trojan (4) File infector 06/21/99 PM Trojan (DLL) File infector 06/21/99 PM Trojan (DLL) (2) File infector 06/21/99 PM Trojan (DLL) (3) File infector 06/21/99 PM Trojan (DLL) (4) File infector 06/21/99 PM Trojan (OCX) File infector 06/21/99 PM Trojan (OCX) (2) File infector 06/21/99 PM Trojan (OCX) (3) File infector 06/21/99 PM Trojan (TIM) File infector 07/07/99 PM Trojan (TIM) File infector 06/21/99 PM Trojan (TIM) (2) File infector 06/21/99 PM Trojan (TIM) (3) File infector 06/21/99 PrettyPark.Worm File infector 06/07/99 PS-MPC.Mudshark File infector 06/07/99 Radioactive.873 File infector 07/02/99 Reizfaktor (Bat) File infector 06/01/99 Reizfaktor (inf) File infector 06/01/99 Reizfaktor (inf2) File infector 06/01/99 Restive.543 File infector 06/10/99 Retro.974 File infector 06/01/99 Retro.974 (2) File infector 06/01/99 Retro.974 (3) File infector 06/01/99 Saboteur.1391 File infector 06/10/99 Slam.Hunter.253 File infector 06/28/99 Snake.787 File infector 06/10/99 Snake.787 (2) File infector 06/10/99 Snake.787 (3) File infector 06/10/99 SP1 Basic.Trojan File infector 06/01/99 SP1 Basic.Trojan (2) File infector 06/01/99 Sphinx.2534 File infector 06/28/99 Stardot.1100 File infector 07/07/99 Termite.5000.B File infector 06/21/99 Termite.C File infector 06/21/99 Tosha.3314 File infector 06/10/99 Trivial.52.b File infector 06/21/99 Trivial.53.f File infector 06/21/99 Trivial.54.c File infector 06/10/99 Trivial.55.d File infector 06/21/99 Trivial.56.b File infector 06/10/99 Trivial.56.c File infector 06/10/99 Trivial.57 File infector 06/10/99 Trivial.58 File infector 06/21/99 Trivial.59.b File infector 06/21/99 Troi.926 File infector 06/07/99 Troi.926 (2) File infector 06/07/99 Typer.215 File infector 06/28/99 V.1906 File infector 06/21/99 VBS.Freelink File infector 07/02/99 VCL.156 File infector 06/10/99 VirDem.824 File infector 06/07/99 Viva.752 File infector 06/01/99 W97M.Class.DN File infector 06/21/99 W97M.CopyTemp.intd File infector 06/01/99 W97M.Daydream.A File infector 06/01/99 W97M.Heathen.12288.A File infector 06/21/99 W97M.Iis.H File infector 06/28/99 W97M.IIS.I File infector 06/10/99 W97M.IRCJack.A File infector 06/21/99 W97M.JulyKiller File infector 07/02/99 W97M.KillGood.Trojan File infector 06/21/99 W97M.Mago.A File infector 06/28/99 W97M.Melissa.I File infector 06/21/99 W97M.MFV File infector 06/21/99 W97M.Nail.A File infector 06/10/99 W97M.NiceDay.AB File infector 06/28/99 W97M.No_va.D File infector 06/01/99 W97M.Password.A File infector 06/28/99 W97M.Password.B File infector 07/02/99 W97M.Reizfaktor File infector 06/01/99 W97M.Steak.A File infector 06/21/99 W97M.Steak.B File infector 06/21/99 W97M.VMAN.A File infector 06/10/99 W97M.VMPCK1.BK File infector 07/02/99 WM.Automat.BK File infector 07/02/99 WM.CBA.B File infector 06/10/99 WM.Mentes.E File infector 06/07/99 WM.Prizm.A File infector 06/28/99 Worm.ExploreZip File infector 06/07/99 WuChing.Boot.Dropper Boot infector 06/01/99 X97M.Automat.BF File infector 07/02/99 X97M.Flyaway.A File infector 06/10/99 XM.Automat.BI File infector 07/02/99 XM.Friend.B File infector 06/07/99 XM.Laroux.C File infector 06/10/99 XM.Laroux.HQ File infector 06/01/99 XM.Laroux.HR File infector 06/07/99 XM.Sugar File infector 07/02/99 XM.Trasher.Cobra File infector 06/10/99 XM.Trasher.Enigma File infector 06/10/99 XM.Trasher.Freezer File infector 06/10/99 Zasta.2546 File infector 06/28/99 Zasta.2546 (2) File infector 06/28/99 Zohr.4160 File infector 06/01/99 Zorm.573 File infector 06/01/99 Name Changes: Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Bleem.Trojan to Fake Bleem Trojan 06/28/99 Explore666.59932 to Explore666.59392 06/07/99 Explore666.59932(2) to Explore666.59392(2) 06/07/99 Gene.454 to Gene.454.b 06/28/99 Deletions: Virus Name Infection Type Date removed ---------- -------------- ------------ AOL Trojan Buddy File infector 06/21/99 AOL Trojan Buddy 2 File infector 06/21/99 AOL Trojan Buddy 3 File infector 06/21/99 Bupt.1279 File infector 06/01/99 FCL.2044 File infector 06/07/99 FCL.2044 (2) File infector 06/07/99 FCL.2044 (3) File infector 06/07/99 JAP_HAL (b) Boot infector 06/07/99 Laufwerk File infector 06/21/99 November 17.768.B (x) File infector 06/07/99 PM Trojan (TIM) File infector 07/02/99 PS-MPC.Mudshark File infector 06/01/99 Stardot.1100 File infector 07/02/99 VirDem.824 File infector 06/01/99 Virogen.Asexual (2) File infector 06/28/99 WM.Automat.Q File infector 06/28/99 ********************************************************************** ** Enabling/Disabling PowerPoint Scanning ** ********************************************************************** PowerPoint Scanning is now enabled by default and can be optionally disabled. However, you may want to verify that files with PowerPoint extensions will be scanned by making sure that your NAV options have both ".PPT" and ".POT" in the list of extensions to scan. To disable PowerPoint scanning in NAV for Windows 95/NT version 4.x or NAV for OS/2, a text file named NAVEX15.INF should be placed in the directory where NAV 4.x or NAV 5.x is installed (i.e., C:\Program Files\Norton AntiVirus). To disable PowerPoint scanning in NAV for Netware version 4.x, a text file named NAVEX15.INF should be placed in the directory where NAV 4.x is installed (i.e., sys:system\navnlm). To disable PowerPoint scanning in NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x a text file named NAVEX.INF should be placed in the directory where NAV is installed (i.e., C:\NAV). The contents of the text file, NAVEX15.INF or NAVEX.INF, determine which components of NAV have PowerPoint scanning disabled. To disable PowerPoint scanning for a particular component, use the following table to determine the lines to add to the text file. PowerPoint scanning can be disabled for more than one component if needed by adding the required lines for the desired components. +---------------------+--------------------------+--------------------+ |Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner | +---------------------+--------------------------+--------------------+ |[NAVW32] |[NAVAP] |[NAVDX] | |PowerPointScanning=0 |PowerPointScanning=0 |PowerPointScanning=0| +---------------------+--------------------------+--------------------+ +----------------------+--------------------+--------------------+ |Windows 3.1 scanner/AP|Netware scanner |OS/2 scanner/AP | +----------------------+--------------------+--------------------+ |[NAVWIN] |[NAVNLM] |[NAVOS2] | |PowerPointScanning=0 |PowerPointScanning=0|PowerPointScanning=0| +----------------------+--------------------+--------------------+ To enable PowerPoint scanning for a component, delete the lines added for that component from the NAVEX15.INF or NAVEX.INF file. ********************************************************************** ** Additional Information ** ********************************************************************** SARC has equipped Norton AntiVirus with a new feature called "Infestation Mode." If a large number of new or unknown viruses is found on the system during a scan, Norton AntiVirus will automatically enable its highest level of detection. This gives users the most comprehensive protection in cases where a viral infestation may have been detected. If you would like to disable this feature, you can do so by following these instructions: 1. Create a text File called NAVEX15.INF in your Norton AntiVirus directory,e.g., C:\Program Files\Norton AntiVirus. If this file already exist go to step two. 2. Place the following lines in this File on the left-hand margin: [NAVW32] infestmode=0 [NAVDX] infestmode=0 3. Save the File. Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.