********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) August 09, 1999 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling/Disabling PowerPoint Scanning * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W97M.Class 2 XM.Laroux 3 O97M.Tristate 4 W95.CIH 5 Happy99.Worm 6 WM.Cap 7 W97M.ColdApe 8 W97M.Ethan 9 W97M.Melissa 10 Worm.ExploreZip ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 8/19/98 * Excel heuristics which detect and repair new and unknown macro viruses in Excel 95 & 97 documents. 9/16/98 * Added repair for encrypted Excel 97 documents. 10/21/98 * Heuristics to detect AOL Password Stealer Trojans. * WORD Heuristics improvement to increase detection rate. 12/17/98 * Macro Exclusion Engine to speed up the scanning for Word and Excel documents. * PowerPoint engine to scan PowerPoint related viruses. To enable this technology please read "Enabling/Disabling PowerPoint Scanning" section later in this document. 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/12/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions: Virus Name Infection Type Week added ---------- -------------- ---------- ACG.B File infector 07/12/99 Airwalker.300 File infector 07/12/99 Airwalker.303 File infector 07/12/99 Airwalker.384 File infector 07/12/99 Airwalker.385 File infector 07/12/99 Airwalker.386 File infector 07/12/99 Ala-eh.2279 File infector 07/12/99 Anna.734 File infector 07/12/99 Anna.734 Gen(1) File infector 07/12/99 AnsJovis.12695 File infector 07/12/99 Antiwin.633.B File infector 07/19/99 Apadana.1500 File infector 07/12/99 Atb.1522 File infector 07/12/99 Avenger.1344 File infector 07/19/99 Avenger.1344 (x) File infector 07/26/99 Avvaddon.1100 File infector 07/12/99 AZD Trojan File infector 07/12/99 Backdoor.Netbus.153 File infector 07/12/99 Backdoor.Netbus.153 2 File infector 07/12/99 Backdoor.Netbus.153 3 File infector 07/12/99 BackOrifice2K.Inst File infector 07/12/99 BackOrifice2K.Inst(2) File infector 07/12/99 BackOrifice2K.Inst(3) File infector 07/12/99 BackOrifice2K.Inst(4) File infector 07/12/99 BackOrifice2K.Inst2 File infector 07/12/99 BackOrifice2K.Inst2(2) File infector 07/12/99 BackOrifice2K.Inst2(3) File infector 07/12/99 BackOrifice2K.Inst2(4) File infector 07/12/99 BackOrifice2K.Inst3 File infector 07/26/99 BackOrifice2K.Inst4 File infector 07/26/99 BackOrifice2K.Trojan File infector 07/10/99 BackOrifice2K.Trojan File infector 07/12/99 BALOO.897 File infector 08/02/99 BitAddict.432 File infector 07/12/99 Block.246 File infector 07/12/99 BO2K.Inst3 (2) File infector 07/26/99 BO2K.Inst3 (3) File infector 07/26/99 BO2K.Inst3 (4) File infector 07/26/99 BO2K.Inst4 (2) File infector 07/26/99 BO2K.Inst4 (3) File infector 07/26/99 BO2K.Inst4 (4) File infector 07/26/99 BO2K.Trojan Variant File infector 08/09/99 Boot.666.A Boot infector 07/19/99 Boot.Killer File and Boot infector 07/19/99 Bowl.135 File infector 07/12/99 Bowl.754 File infector 07/12/99 Bowl.756 File infector 07/12/99 BRONTOZAVR.5632.D File infector 07/19/99 BRONTOZAVR.5632.D (x) File infector 07/19/99 BW.GR.Borg.1002 File infector 07/12/99 BW.GR.Borg.1047 File infector 07/12/99 BW.GR.Borg.912 File infector 07/12/99 BW.GR.Borg.922 File infector 07/12/99 BW.GR.Borg.927 File infector 07/12/99 BW.GR.Borg.932 File infector 07/12/99 BW.GR.Borg.937 File infector 07/12/99 BW.GR.Borg.942 File infector 07/12/99 BW.GR.Borg.947 File infector 07/12/99 BW.GR.Borg.952 File infector 07/12/99 BW.GR.Borg.957 File infector 07/12/99 BW.GR.Borg.967 File infector 07/12/99 BW.GR.Borg.972 File infector 07/12/99 BW.GR.Borg.977 File infector 07/12/99 BW.GR.Borg.982 File infector 07/12/99 BW.GR.Borg.987 File infector 07/12/99 BW.GR.Borg.992 File infector 07/12/99 BW.GR.Borg.997 File infector 07/12/99 BW.GR.Drole.790 File infector 07/12/99 BW.GR.Drole.796 File infector 07/12/99 BW.GR.Drole.801 File infector 07/12/99 BW.GR.Drole.806 File infector 07/12/99 BW.GR.Drole.811 File infector 07/12/99 BW.GR.Drole.816 File infector 07/12/99 BW.GR.Drole.821 File infector 07/12/99 BW.GR.Drole.826 File infector 07/12/99 BW.ROET.753 File infector 07/12/99 CAMILO.256 File infector 07/19/99 Chad.307 File infector 07/12/99 CLME.Ming.1528 File infector 08/09/99 Coconut.2015 File infector 07/12/99 Coconut.2071 File infector 07/12/99 Coconut.2324 File infector 07/12/99 Codebreaker.1665 File infector 07/19/99 Companion.289 File infector 07/19/99 CVM.1367 File infector 07/12/99 CyberTech.581 File infector 07/12/99 Daffodil.525 File infector 07/12/99 Deadman.943 File infector 07/19/99 DELEK.2070 File infector 07/12/99 DELFI.1800 File infector 07/12/99 DELFI.2000 File infector 07/12/99 DELFI.2300 File infector 07/12/99 DELTA.1177 File infector 07/19/99 Deltree Trojan #4 File infector 07/26/99 Deltree Trojan #4 (2) File infector 07/26/99 DEMENTIA.4207.C File infector 07/12/99 Denzuk.G Boot infector 07/19/99 DIKSHEV.COMP.38 File infector 08/02/99 DIKSHEV.COMP.40 File infector 08/02/99 DIKSHEV.COMP.41 File infector 08/02/99 DIKSHEV.COMP.43.a File infector 08/02/99 DIKSHEV.COMP.43.b File infector 08/02/99 DIKSHEV.COMP.44.a File infector 08/02/99 DIKSHEV.COMP.44.b File infector 08/02/99 DIKSHEV.COMP.45.A File infector 08/02/99 DIKSHEV.COMP.45.d File infector 08/02/99 DIKSHEV.COMP.46.a File infector 08/02/99 DIKSHEV.COMP.46.b File infector 08/02/99 DIKSHEV.COMP.47 File infector 08/02/99 DIKSHEV.COMP.48 File infector 08/09/99 DIKSHEV.COMP.49 File infector 08/09/99 DIKSHEV.COMP.50 File infector 08/09/99 DIKSHEV.COMP.52 File infector 08/09/99 DIKSHEV.COMP.53 File infector 08/09/99 DIKSHEV.COMP.54 File infector 08/09/99 DIKSHEV.COMP.55 File infector 08/09/99 DIKSHEV.COMP.67 File infector 08/02/99 DIR2.A.V File infector 07/12/99 DIR2.A.X File infector 07/12/99 DIR2.A.Y File infector 07/12/99 DISN.1516 File infector 07/12/99 Dosinfo.Worm File infector 07/02/99 Dosinfo.Worm 2 File infector 07/02/99 DOTT.3969 File infector 07/12/99 DREG.0465 File infector 07/12/99 DREG.0510 File infector 07/12/99 DREG.0581 File infector 07/12/99 DREG.0883 File infector 07/12/99 DREG.1232 File infector 07/12/99 DREG.2365 File infector 07/12/99 Drizzle.1600 File and Boot infector 07/12/99 DVC.336 File infector 07/12/99 Dying Oath.cav.268 File infector 07/12/99 Dying Oath.cav.270 File infector 07/12/99 Explore.59904 File infector 07/12/99 Explore.59904 2 File infector 07/12/99 Explore.59904 3 File infector 07/12/99 Explore.59904 4 File infector 07/12/99 Explore.59904 5 File infector 07/12/99 Fair.2083 (x) File infector 07/19/99 Fayte.494 File infector 07/02/99 Fayte.494 (2) File infector 07/02/99 Glew.4245 Boot infector 07/19/99 Gullich.B Boot infector 07/19/99 HAL-COM.2901 File infector 07/19/99 HBV.2000 File infector 08/02/99 HBV.2000 (x) File infector 08/02/99 HLLC.HEBRA.7413 File infector 08/02/99 HLLC.HEBRA.7413(2) File infector 08/02/99 HLLC.UNVISIBLE.D File infector 08/02/99 HLLC.UNVISIBLE.D(2) File infector 08/02/99 HLLO.13112 File infector 07/12/99 HLLO.13112(2) File infector 07/12/99 HLLO.2944 File infector 07/19/99 HLLO.2944(2) File infector 07/19/99 HLLO.3520 File infector 08/02/99 HLLO.3520 (2) File infector 08/02/99 HLLO.3520 (3) File infector 08/02/99 HLLO.3552 File infector 07/19/99 HLLO.3552(2) File infector 07/19/99 HLLO.4880 File infector 08/02/99 HLLO.4880 (2) File infector 08/02/99 HLLO.4880 (3) File infector 08/02/99 HLLO.9000 File infector 07/12/99 HLLO.9000(2) File infector 07/12/99 HLLO.Anti-NATO.4496 File infector 08/02/99 HLLO.Anti-NATO.4496(2) File infector 08/02/99 HLLO.Anti-NATO.4496(3) File infector 08/02/99 HLLO.BIGC.12224 File infector 07/19/99 HLLO.BIGC.12224(2) File infector 07/19/99 HLLO.Chest.2340 File infector 07/19/99 HLLO.Dandler.13112 File infector 07/19/99 HLLO.MBUCK.3760 File infector 07/19/99 HLLO.MBUCK.3760(2) File infector 07/19/99 HLLO.MYON.3549 File infector 08/02/99 HLLO.MYON.3549(2) File infector 08/02/99 HLLP.4384 File infector 07/12/99 HLLP.4384(2) File infector 07/12/99 hllp.Arian.8936 File infector 07/19/99 hllp.Arian.8936 (2) File infector 07/19/99 hllp.Arian.8936 (3) File infector 07/19/99 HLLP.FIDOSPY.15000 File infector 07/19/99 HLLP.FIDOSPY.15000(2) File infector 07/19/99 HLLP.HARRY.4696 File infector 07/19/99 HLLP.HARRY.4696(2) File infector 07/19/99 HLLP.MacBeth.5894 File infector 07/19/99 HLLP.Rock.8875 File infector 07/19/99 HLLP.Sysn.10776 File infector 07/19/99 HLLT.4156 File infector 07/12/99 HLLT.4156(2) File infector 07/12/99 HLLT.4423 File infector 07/12/99 HLLT.4423(2) File infector 07/12/99 HLLT.7909 File infector 07/12/99 HLLT.7909(2) File infector 07/12/99 HLLT.8297 File infector 07/12/99 HLLT.8297(2) File infector 07/12/99 Intended.Armagedon File infector 07/19/99 Intended.DJ.2486 File infector 07/19/99 Intended.Mutation File infector 07/19/99 Intended.Numbless.512 File infector 07/19/99 Intended.Silly.142 File infector 07/19/99 Intended.Tchechen Boot infector 07/19/99 Intended.Trivial.1414 File infector 07/19/99 Intended.Trivial.25 File infector 07/19/99 INTENDED.TRIVIAL.25.c File infector 07/19/99 Intended.Trivial.26 File infector 07/19/99 INTENDED.TRIVIAL.26.D File infector 07/19/99 Intended.Zorm.458 File infector 07/19/99 Intended.Zorm.464 File infector 07/19/99 Intended.Zorm.495 File infector 07/19/99 Intented.Silly.229 File infector 07/19/99 Karag.2764 File infector 07/19/99 Khizhnjak.Beer.1133 File infector 07/19/99 KKY File infector 07/19/99 KTCP.200 Trojan File infector 07/12/99 KTCP.200 Trojan 2 File infector 07/12/99 Linux.Bliss.b File infector 08/09/99 MARK.1024 File infector 07/12/99 MBD.1258 File infector 07/12/99 Messiah.4535 (x) File infector 07/02/99 MiniMad.346 File infector 07/12/99 MiniMad.347 File infector 07/12/99 MiniMad.349.B File infector 07/12/99 MiniMad.350 File infector 07/12/99 Miny.200 File infector 07/12/99 Miny.222 File infector 07/12/99 Miny.237 File infector 07/12/99 Miny.512 File infector 07/12/99 MinyO.433 File infector 07/12/99 Mora.2725 File infector 07/12/99 MUR.3449.B File infector 07/12/99 Nanjing.1284 File infector 07/12/99 Nat.4872 Boot infector 07/19/99 Nautilus.1716 File infector 07/19/99 NAX.1402 File infector 07/12/99 NEPT.938 File infector 07/12/99 New_Model.533 File infector 07/12/99 Nilz.1000.Dropper File infector 07/12/99 NOBODY.374 File infector 08/02/99 NPOX.1634 File infector 07/12/99 NPOX.1641 File infector 07/12/99 O97M.Shiver.G File infector 07/12/99 Olivia.GR.2374 File infector 07/19/99 Olivia.GR.Dropper File infector 07/19/99 Org.Boot Boot infector 07/19/99 PM Trojan (TIM) File infector 07/07/99 Praios.747 File infector 07/26/99 Predator.1879 (x) File infector 07/12/99 PROH.1454 File infector 08/02/99 PROH.1454 (x) File infector 08/02/99 PWSteal.4564 File infector 08/09/99 PWSteal.4564 (2) File infector 08/09/99 QUAINT.C Boot infector 07/19/99 Radioactive.873 File infector 07/02/99 SAHAND.2406 File infector 07/19/99 SAMARA.1536 File infector 07/19/99 Samara.1536 (b) Boot infector 07/19/99 SeeYou.A Boot infector 07/19/99 SILLYOC.588 File infector 07/19/99 Sillyrce.400 File infector 07/12/99 Sillyrce.400 (x) File infector 07/12/99 Stardot.1100 File infector 07/07/99 SVC.1174.Based File infector 07/19/99 SX.749 File infector 07/19/99 SX.749 (2) File infector 07/19/99 TARO.DumbVir File infector 07/12/99 Tazman.706 File infector 07/19/99 Termite.6585 File infector 08/02/99 Tie.512 File infector 07/12/99 Tiny.195 File infector 07/19/99 TRIVIAL.121 File infector 07/19/99 TRIVIAL.27.H File infector 08/02/99 TRIVIAL.50D File infector 07/19/99 TRIVIAL.51A File infector 07/19/99 TRIVIAL.52C File infector 07/19/99 Trivial.59 File infector 07/12/99 Trivial.77.b File infector 07/12/99 Trivial.81.b File infector 07/12/99 Trojan.KillAV File infector 08/09/99 Trojan.KillAV (2) File infector 08/09/99 Trojan.KillAV (3) File infector 08/09/99 Trojan.KillAV (4) File infector 08/09/99 Trojan.Shutdown File infector 08/09/99 Trojan.Shutdown (2) File infector 08/09/99 Trojan.Shutdown (3) File infector 08/09/99 TypeII.988 File infector 07/19/99 VBS.Freelink File infector 07/02/99 VBS.Monopoly File infector 08/09/99 VCG.1403 File infector 07/19/99 VCG.6609 File infector 07/19/99 VCG.6609.Dropper File infector 07/19/99 VCG.6638 File infector 07/19/99 VCG.6638.Dropper File infector 07/19/99 VGPSI.193 File infector 07/12/99 VS.944 File infector 07/12/99 W32.Bolzano File infector 08/09/99 W95.Becoming File infector 07/26/99 W95.CIH.Killer File infector 07/19/99 W95.Manowar File infector 07/26/99 W95.Orez File infector 08/09/99 W95.Sab.512 File infector 08/09/99 W95.Spit File infector 07/26/99 W95.Sysn.Dropper File infector 07/19/99 W95.Weird File infector 07/12/99 W95.Weird.Dropper File infector 07/12/99 W95.Zombie.B (Gen1) File infector 07/26/99 W97M.Aleja File infector 07/12/99 W97M.AntiSocial File infector 07/19/99 W97M.Automat.A File infector 08/02/99 W97M.Automat.B File infector 08/02/99 W97M.Automat.H File infector 08/09/99 W97M.Automat.I File infector 08/09/99 W97M.Automat.IY File infector 07/19/99 W97M.Automat.JC File infector 07/19/99 W97M.Automat.LX File infector 07/26/99 W97M.Automat.MF File infector 07/26/99 W97M.Botschafter File infector 07/12/99 W97M.Chack.Y File infector 07/12/99 W97M.Creeper File infector 07/12/99 W97M.Ethan.B File infector 07/12/99 W97M.Hopper.Q.Int File infector 07/12/99 W97M.India.C File infector 07/26/99 W97M.IRCJack.B File infector 08/02/99 W97M.JulyKiller File infector 07/02/99 W97M.Lulung.B File infector 07/26/99 W97M.Marker.O File infector 07/19/99 W97M.Marker.P File infector 07/26/99 W97M.Marker.Q File infector 07/19/99 W97M.Melissa.M File infector 07/12/99 W97M.Password.B File infector 07/02/99 W97M.VMPCK1.BK File infector 07/02/99 W97M.VMPCK1.BM File infector 08/02/99 W97M.VMPCK1.BN File infector 08/02/99 W97M.Wazzu.FR File infector 08/09/99 WM.Automat.BK File infector 07/02/99 WM.Automat.IX File infector 07/19/99 WM.Automat.JB File infector 07/19/99 WM.Automat.LZ File infector 07/26/99 WM.Mental.I File infector 07/12/99 WM.NPAD.FAMILY File infector 07/12/99 WM.WAZZU.FAMILY File infector 07/12/99 WUHAN.3289 File infector 07/19/99 WUHAN.3289 (x) File infector 07/19/99 X97M.Automat.BF File infector 07/02/99 X97M.Automat.F File infector 08/09/99 X97M.Laroux.FO File infector 07/19/99 X97M.NEG.D File infector 07/12/99 X97M.XLSCAN.A File infector 07/19/99 X97M.Xlscan.b File infector 08/09/99 XM.Automat.BI File infector 07/02/99 XM.Automat.C File infector 08/02/99 XM.Automat.D File infector 08/09/99 XM.Automat.FS File infector 07/12/99 XM.Automat.G File infector 08/09/99 XM.Automat.GQ File infector 07/12/99 XM.Automat.HE File infector 07/12/99 XM.Automat.IZ File infector 07/19/99 XM.Automat.JM File infector 07/19/99 XM.Automat.LK File infector 07/19/99 XM.Automat.LL File infector 07/19/99 XM.Automat.LW File infector 07/26/99 XM.Laroux.CE.var File infector 08/02/99 XM.Laroux.ES File infector 08/02/99 XM.Laroux.ET File infector 08/09/99 XM.Laroux.JH File infector 08/02/99 XM.Laroux.JU File infector 07/19/99 XM.Modul File infector 07/12/99 XM.Sugar File infector 07/02/99 YLT.2001 File infector 07/19/99 Zhu.1743 File infector 07/12/99 Zuca.677 File infector 07/12/99 Zyrtec.4300 File infector 07/19/99 Name Changes: Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Blankey.STCN to Bloodhound.Unknown 08/09/99 Deltree.Trojan to Deltree Trojan #3 07/26/99 Termite to Termite.5000.A 08/02/99 W97M.Automat.B to W97M.Locale.A 08/09/99 WM.Uka.C to WM.Uka.Family 07/19/99 Deletions: Virus Name Infection Type Date removed ---------- -------------- ------------ Antiwin.633.B File infector 07/12/99 HLLP.2783 File infector 07/26/99 HLLP.2783 (2) File infector 07/26/99 HLLT.7909 File infector 07/26/99 HLLT.7909(2) File infector 07/26/99 JOPA8.0 File infector 07/26/99 Olivia.GR.Dropper File infector 08/02/99 PASCASIO.402 File infector 07/26/99 PASCASIO.402(2) File infector 07/26/99 PM Trojan (TIM) File infector 07/02/99 Stardot.1100 File infector 07/02/99 Termite.C File infector 08/02/99 W95.Weird.Dropper File infector 07/26/99 ********************************************************************** ** Enabling/Disabling PowerPoint Scanning ** ********************************************************************** PowerPoint Scanning is now enabled by default and can be optionally disabled. However, you may want to verify that files with PowerPoint extensions will be scanned by making sure that your NAV options have both ".PPT" and ".POT" in the list of extensions to scan. To disable PowerPoint scanning in NAV for Windows 95/NT version 4.x or NAV for OS/2, a text file named NAVEX15.INF should be placed in the directory where NAV 4.x or NAV 5.x is installed (i.e., C:\Program Files\Norton AntiVirus). To disable PowerPoint scanning in NAV for Netware version 4.x, a text file named NAVEX15.INF should be placed in the directory where NAV 4.x is installed (i.e., sys:system\navnlm). To disable PowerPoint scanning in NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x a text file named NAVEX.INF should be placed in the directory where NAV is installed (i.e., C:\NAV). The contents of the text file, NAVEX15.INF or NAVEX.INF, determine which components of NAV have PowerPoint scanning disabled. To disable PowerPoint scanning for a particular component, use the following table to determine the lines to add to the text file. PowerPoint scanning can be disabled for more than one component if needed by adding the required lines for the desired components. +---------------------+--------------------------+--------------------+ |Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner | +---------------------+--------------------------+--------------------+ |[NAVW32] |[NAVAP] |[NAVDX] | |PowerPointScanning=0 |PowerPointScanning=0 |PowerPointScanning=0| +---------------------+--------------------------+--------------------+ +----------------------+--------------------+--------------------+ |Windows 3.1 scanner/AP|Netware scanner |OS/2 scanner/AP | +----------------------+--------------------+--------------------+ |[NAVWIN] |[NAVNLM] |[NAVOS2] | |PowerPointScanning=0 |PowerPointScanning=0|PowerPointScanning=0| +----------------------+--------------------+--------------------+ To enable PowerPoint scanning for a component, delete the lines added for that component from the NAVEX15.INF or NAVEX.INF file. ********************************************************************** ** Additional Information ** ********************************************************************** SARC has equipped Norton AntiVirus with a new feature called "Infestation Mode." If a large number of new or unknown viruses is found on the system during a scan, Norton AntiVirus will automatically enable its highest level of detection. This gives users the most comprehensive protection in cases where a viral infestation may have been detected. If you would like to disable this feature, you can do so by following these instructions: 1. Create a text File called NAVEX15.INF in your Norton AntiVirus directory,e.g., C:\Program Files\Norton AntiVirus. If this file already exist go to step two. 2. Place the following lines in this File on the left-hand margin: [NAVW32] infestmode=0 [NAVDX] infestmode=0 3. Save the File. Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.