********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) October 10, 2000 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling Scanning Features * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** VBS.LoveLetter, a new worm which has been wide-spread since May 4th, is detected by this definition set. The ten most commonly reported viruses, worldwide: 1 W32.HLLW.QAZ.A 2 W95.MTX 3 VBS.Stages.A 4 Wscript.KakWorm 5 W32.Funlove.4099 6 Happy99.Worm 7 VBS.LoveLetter 8 VBS.Network 9 PrettyPark.Worm 10 W95.CIH ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 8/19/98 * Excel heuristics which detect and repair new and unknown macro viruses in Excel 95 & 97 documents. 9/16/98 * Added repair for encrypted Excel 97 documents. 10/21/98 * Heuristics to detect AOL Password Stealer Trojans. * WORD Heuristics improvement to increase detection rate. 12/17/98 * Macro Exclusion Engine to speed up the scanning for Word and Excel documents. * PowerPoint engine to scan PowerPoint related viruses. To enable this technology please read "Enabling/Disabling PowerPoint Scanning" section later in this document. 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions (by Virus Name): Virus Name Infection Type Week added ---------- -------------- ---------- Backdoor.BlackD File infector 09/19/00 Backdoor.Devil File infector 10/03/00 Backdoor.Logged File infector 09/26/00 Backdoor.Psychward.B File infector 09/26/00 Backdoor.Smorph File infector 10/03/00 Backdoor.SysExploit File infector 09/19/00 Backdoor.TDS.SE File infector 10/03/00 BAT.Ditty File infector 09/11/00 ChainsawNuke.Trojan File infector 09/19/00 DeadBolt.Trojan File infector 10/03/00 Ear.421 File infector 10/10/00 Ear.421(2) File infector 10/10/00 Ear.443 File infector 10/10/00 Ear.443(2) File infector 10/10/00 Ear.Variant File infector 10/10/00 Henky.Trojan Boot infector 10/03/00 HLP.LuckyH File infector 09/11/00 IRC.Pnguin File infector 09/11/00 IRC.STD File infector 09/11/00 JS.LostSoul.Worm File infector 09/11/00 Nambul.1079 File infector 09/19/00 O97M.Toraja.E File infector 10/10/00 Palm.Phage.Dropper File infector 09/22/00 Palm.Vapor File infector 09/22/00 Sticks.432 File infector 09/19/00 Trojan.AOL.Beazly File infector 10/03/00 Trojan.Britney File infector 09/26/00 VBS.Disabled.Worm File infector 09/19/00 VBS.Funny.A File infector 09/26/00 VBS.Funny.B File infector 09/26/00 VBS.Funny.C File infector 10/03/00 VBS.Funny.Var File infector 10/03/00 VBS.Konfu.Intended File infector 10/03/00 VBS.LostSoul.Worm File infector 09/11/00 VBS.LuckyTwo File infector 10/03/00 VBS.Plan.B File infector 09/26/00 VBS.Plan.D File infector 10/10/00 VBS.Plan.dr File infector 09/26/00 VBS.Pnguin File infector 09/11/00 VBS.President.Worm File infector 10/03/00 VBS.Tune.B File infector 10/03/00 W32.Adil.A File infector 10/03/00 W32.Adson.1703.B File infector 09/26/00 W32.Alien.Worm File infector 10/10/00 W32.Alien.Worm (2) File infector 10/10/00 W32.Alien.Worm (3) File infector 10/10/00 W32.Alien.Worm (4) File infector 10/10/00 W32.Antim File infector 09/11/00 W32.Chainsaw.Worm File infector 09/19/00 W32.ClickIt File infector 10/03/00 W32.Dela.Worm File infector 10/03/00 W32.Dolly.11776.Mirc File infector 10/03/00 W32.Evul.8192 File infector 09/11/00 W32.Evul.8192.B File infector 10/10/00 W32.Explorezip.F.Worm File infector 09/11/00 W32.Gloria.2888.Int File infector 09/26/00 W32.Heathen.B File infector 09/19/00 W32.HLLP.GhostDog.C File infector 09/11/00 W32.HLLP.GhostDog.D File infector 09/11/00 W32.HLLP.MTV.4608 File infector 09/26/00 W32.HLLP.MTV.4608.B File infector 10/03/00 W32.HLLP.Scrambler.C File infector 09/11/00 W32.HLLP.Scrambler.D File infector 09/11/00 W32.HLLW.Click.A File infector 10/03/00 W32.Hortiga File infector 10/03/00 W32.Hortiga.dr File infector 10/03/00 W32.Hybris.22528 File infector 09/26/00 W32.Hybris.22528.dr File infector 09/26/00 W32.Hybris.22528.dr File infector 10/03/00 W32.Hybris.22528.dr 2 File infector 10/03/00 W32.Hybris.22528.dr 3 File infector 10/03/00 W32.Hybris.22528.dr 4 File infector 10/03/00 W32.Hybris.22528.dr 5 File infector 10/03/00 W32.Initx File infector 09/19/00 W32.Luck.A File infector 09/11/00 W32.Luck.B File infector 09/11/00 W32.LuckyH.Dr File infector 09/11/00 W32.Magic.3082.Int File infector 09/19/00 W32.Morodi.A File infector 09/19/00 W32.Mypicks.C.Worm File infector 09/11/00 W32.NOX.2290 File infector 09/26/00 W32.NOX.2346 File infector 09/26/00 W32.Pnguin.Worm File infector 09/11/00 W32.PrettyPark.P.Worm File infector 10/03/00 W32.Taxifoli.worm File infector 09/26/00 W32.TestMy.1334 File infector 09/26/00 W32.Totilix.Worm File infector 09/11/00 W32.Voyager.Int File infector 10/03/00 W32.Zelda File infector 10/03/00 W95.Auryn.1155 File infector 09/11/00 W95.Champ.5494.Int File infector 10/03/00 W95.Dawn.Gen File infector 09/11/00 W95.Ditto File infector 09/11/00 W95.Etymo.1308 File infector 09/11/00 W95.Fraz.993 File infector 09/11/00 W95.Fraz.993.G1 File infector 09/11/00 W95.Gara.640 File infector 10/03/00 W95.Gara.842.B File infector 09/26/00 W95.Gara.961 File infector 09/11/00 W95.Henky.1324 File infector 10/03/00 W95.Henky.1448 File infector 10/03/00 W95.Henky.1604 File infector 10/03/00 W95.Henky.24380 File infector 10/03/00 W95.Henky.3072 File infector 10/03/00 W95.Henky.5668 File infector 10/03/00 W95.Henky.Gen File infector 10/03/00 W95.Magic.3038.Int File infector 09/26/00 W95.Qozah.B File infector 10/10/00 W95.Radix.405 File infector 10/10/00 W95.Vampiro File infector 09/11/00 W95.Vampiro.2883 File infector 09/11/00 W95.Yildiz.323 File infector 10/10/00 W95.Zofo.864 File infector 09/26/00 W97M.Aida.Int File infector 10/03/00 W97M.Bablas.AK File infector 09/11/00 W97M.Bablas.AL File infector 09/11/00 W97M.Bablas.AM File infector 09/11/00 W97M.Bablas.AN File infector 09/19/00 W97M.Bablas.AO File infector 09/19/00 W97M.Bablas.AP File infector 09/19/00 W97M.Bablas.AX File infector 10/03/00 W97M.Bobo.B File infector 10/10/00 W97M.Chiq File infector 10/10/00 W97M.Claudio.C File infector 10/03/00 W97M.CyberHack.C File infector 10/03/00 W97M.Eight941.L File infector 09/26/00 W97M.Ethan.C File infector 10/03/00 W97M.Gullible File infector 10/10/00 W97M.Heathen.B File infector 09/19/00 W97M.Marker.Dam File infector 10/03/00 W97M.Marker.EI File infector 09/11/00 W97M.Matrix File infector 09/26/00 W97M.Nalp.A File infector 10/03/00 W97M.NewHope.C File infector 09/26/00 W97M.Opey.O.dropper File infector 10/10/00 W97M.Opey.R File infector 09/19/00 W97M.Opey.S File infector 09/26/00 W97M.Thus.Ad File infector 09/19/00 W97M.Thus.AL File infector 09/19/00 W97M.Thus.AM File infector 10/03/00 W97M.Thus.AN File infector 10/10/00 W97M.Title File infector 10/03/00 W97M.Verlor.I File infector 09/26/00 W97M.VMPCK1.CN File infector 10/03/00 W97M.VMPCK1.CO File infector 10/03/00 W97M.VMPCK1.DM File infector 09/26/00 W98.Fighter.Int File infector 10/10/00 Win.HLLP.Klon.13056 File infector 10/03/00 X97M.Barisada.Family File infector 10/03/00 X97M.Divi.N File infector 10/10/00 X97M.Looksn.C File infector 09/11/00 X97M.Looksn.D File infector 09/19/00 X97M.PathFinder File infector 09/19/00 X97M.Rellik File infector 10/03/00 X97M.SunFlower File infector 10/03/00 XF.Sic.K File infector 09/19/00 XM.Register.B File infector 10/03/00 New virus definitions (by Week added): Virus Name Infection Type Week added ---------- -------------- ---------- Ear.443 File infector 10/10/00 Ear.443(2) File infector 10/10/00 Ear.421 File infector 10/10/00 Ear.421(2) File infector 10/10/00 Ear.Variant File infector 10/10/00 W97M.Chiq File infector 10/10/00 W97M.Gullible File infector 10/10/00 X97M.Divi.N File infector 10/10/00 O97M.Toraja.E File infector 10/10/00 W97M.Thus.AN File infector 10/10/00 W97M.Opey.O.dropper File infector 10/10/00 W97M.Bobo.B File infector 10/10/00 VBS.Plan.D File infector 10/10/00 W32.Alien.Worm File infector 10/10/00 W32.Alien.Worm (2) File infector 10/10/00 W32.Alien.Worm (3) File infector 10/10/00 W32.Alien.Worm (4) File infector 10/10/00 W95.Yildiz.323 File infector 10/10/00 W95.Qozah.B File infector 10/10/00 W98.Fighter.Int File infector 10/10/00 W32.Evul.8192.B File infector 10/10/00 W95.Radix.405 File infector 10/10/00 Backdoor.Smorph File infector 10/03/00 DeadBolt.Trojan File infector 10/03/00 XM.Register.B File infector 10/03/00 VBS.President.Worm File infector 10/03/00 X97M.Barisada.Family File infector 10/03/00 W32.Hortiga File infector 10/03/00 W32.Hortiga.dr File infector 10/03/00 W32.Hybris.22528.dr File infector 10/03/00 W32.Hybris.22528.dr 2 File infector 10/03/00 W32.Hybris.22528.dr 3 File infector 10/03/00 W32.Hybris.22528.dr 4 File infector 10/03/00 W32.Hybris.22528.dr 5 File infector 10/03/00 W97M.VMPCK1.CN File infector 10/03/00 X97M.Rellik File infector 10/03/00 W97M.VMPCK1.CO File infector 10/03/00 W97M.Title File infector 10/03/00 X97M.SunFlower File infector 10/03/00 W97M.Aida.Int File infector 10/03/00 Trojan.AOL.Beazly File infector 10/03/00 Backdoor.Devil File infector 10/03/00 Backdoor.TDS.SE File infector 10/03/00 W97M.Thus.AM File infector 10/03/00 W97M.CyberHack.C File infector 10/03/00 W97M.Claudio.C File infector 10/03/00 W97M.Ethan.C File infector 10/03/00 W97M.Nalp.A File infector 10/03/00 W97M.Marker.Dam File infector 10/03/00 VBS.Konfu.Intended File infector 10/03/00 W97M.Bablas.AX File infector 10/03/00 VBS.Funny.C File infector 10/03/00 VBS.Funny.Var File infector 10/03/00 VBS.Tune.B File infector 10/03/00 VBS.LuckyTwo File infector 10/03/00 W95.Gara.640 File infector 10/03/00 W32.PrettyPark.P.Worm File infector 10/03/00 W95.Henky.Gen File infector 10/03/00 W95.Henky.24380 File infector 10/03/00 W95.Henky.5668 File infector 10/03/00 W95.Henky.1324 File infector 10/03/00 W95.Henky.3072 File infector 10/03/00 W95.Henky.1604 File infector 10/03/00 W95.Henky.1448 File infector 10/03/00 W32.HLLW.Click.A File infector 10/03/00 W32.Adil.A File infector 10/03/00 W95.Champ.5494.Int File infector 10/03/00 W32.ClickIt File infector 10/03/00 Henky.Trojan Boot infector 10/03/00 W32.Dolly.11776.Mirc File infector 10/03/00 W32.Voyager.Int File infector 10/03/00 W32.Zelda File infector 10/03/00 Win.HLLP.Klon.13056 File infector 10/03/00 W32.HLLP.MTV.4608.B File infector 10/03/00 W32.Dela.Worm File infector 10/03/00 W97M.NewHope.C File infector 09/26/00 Trojan.Britney File infector 09/26/00 Backdoor.Logged File infector 09/26/00 Backdoor.Psychward.B File infector 09/26/00 W32.Adson.1703.B File infector 09/26/00 W32.Gloria.2888.Int File infector 09/26/00 W32.Taxifoli.worm File infector 09/26/00 W95.Zofo.864 File infector 09/26/00 W32.Hybris.22528 File infector 09/26/00 W32.Hybris.22528.dr File infector 09/26/00 W97M.Verlor.I File infector 09/26/00 W97M.Eight941.L File infector 09/26/00 W97M.VMPCK1.DM File infector 09/26/00 VBS.Plan.B File infector 09/26/00 VBS.Plan.dr File infector 09/26/00 W95.Gara.842.B File infector 09/26/00 W95.Magic.3038.Int File infector 09/26/00 W32.TestMy.1334 File infector 09/26/00 VBS.Funny.A File infector 09/26/00 VBS.Funny.B File infector 09/26/00 W97M.Matrix File infector 09/26/00 W97M.Opey.S File infector 09/26/00 W32.HLLP.MTV.4608 File infector 09/26/00 W32.NOX.2290 File infector 09/26/00 W32.NOX.2346 File infector 09/26/00 Palm.Phage.Dropper File infector 09/22/00 Palm.Vapor File infector 09/22/00 XF.Sic.K File infector 09/19/00 X97M.PathFinder File infector 09/19/00 W97M.Bablas.AP File infector 09/19/00 Backdoor.BlackD File infector 09/19/00 X97M.Looksn.D File infector 09/19/00 Backdoor.SysExploit File infector 09/19/00 W97M.Thus.Ad File infector 09/19/00 W97M.Thus.AL File infector 09/19/00 W97M.Opey.R File infector 09/19/00 ChainsawNuke.Trojan File infector 09/19/00 VBS.Disabled.Worm File infector 09/19/00 W97M.Bablas.AO File infector 09/19/00 W97M.Heathen.B File infector 09/19/00 Sticks.432 File infector 09/19/00 W32.Magic.3082.Int File infector 09/19/00 W32.Chainsaw.Worm File infector 09/19/00 W32.Initx File infector 09/19/00 Nambul.1079 File infector 09/19/00 W97M.Bablas.AN File infector 09/19/00 W32.Morodi.A File infector 09/19/00 W32.Heathen.B File infector 09/19/00 BAT.Ditty File infector 09/11/00 X97M.Looksn.C File infector 09/11/00 W97M.Bablas.AK File infector 09/11/00 W97M.Bablas.AL File infector 09/11/00 W97M.Bablas.AM File infector 09/11/00 W97M.Marker.EI File infector 09/11/00 VBS.LostSoul.Worm File infector 09/11/00 JS.LostSoul.Worm File infector 09/11/00 W95.Etymo.1308 File infector 09/11/00 W95.Vampiro.2883 File infector 09/11/00 W95.Dawn.Gen File infector 09/11/00 W32.Evul.8192 File infector 09/11/00 W32.Explorezip.F.Worm File infector 09/11/00 W32.Mypicks.C.Worm File infector 09/11/00 W32.Totilix.Worm File infector 09/11/00 W32.HLLP.GhostDog.C File infector 09/11/00 W32.HLLP.GhostDog.D File infector 09/11/00 W32.LuckyH.Dr File infector 09/11/00 W32.Luck.A File infector 09/11/00 W32.Luck.B File infector 09/11/00 W95.Ditto File infector 09/11/00 IRC.STD File infector 09/11/00 W32.Pnguin.Worm File infector 09/11/00 IRC.Pnguin File infector 09/11/00 VBS.Pnguin File infector 09/11/00 W95.Vampiro File infector 09/11/00 W32.Antim File infector 09/11/00 W95.Auryn.1155 File infector 09/11/00 W95.Fraz.993 File infector 09/11/00 W95.Fraz.993.G1 File infector 09/11/00 HLP.LuckyH File infector 09/11/00 W95.Gara.961 File infector 09/11/00 W32.HLLP.Scrambler.D File infector 09/11/00 W32.HLLP.Scrambler.C File infector 09/11/00 Name Changes (by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Ear.443 to Ear.421 10/03/00 VBS.President.Worm to VBS.Plan.C 10/10/00 W2000M.Gargle to W97M.Gargle 10/03/00 W32.Hybris.22528.dr to W95.Drill 10/03/00 W95.MTX.dr (3) to W95.Oisdbo.dr 09/11/00 W97M.Basic to W97M.Tpro.A 10/03/00 W97M.DeathKiss to W97M.Death.A 10/03/00 W97M.Este.A to W97M.Este.Family 10/03/00 W97M.Magma.A to W97M.Nagem.A 10/03/00 W97M.Opey.P to W97M.FF.Family 10/03/00 W97M.Rendra.B to W97M.Rendra.Family 10/03/00 W97M.Serpent to W97M.Snake 10/03/00 X97M.Pacand.A to X97M.Adn.A 10/03/00 Name Changes (by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ VBS.President.Worm to VBS.Plan.C 10/10/00 Ear.443 to Ear.421 10/03/00 W32.Hybris.22528.dr to W95.Drill 10/03/00 W97M.Basic to W97M.Tpro.A 10/03/00 W97M.Serpent to W97M.Snake 10/03/00 W2000M.Gargle to W97M.Gargle 10/03/00 W97M.DeathKiss to W97M.Death.A 10/03/00 W97M.Este.A to W97M.Este.Family 10/03/00 W97M.Magma.A to W97M.Nagem.A 10/03/00 X97M.Pacand.A to X97M.Adn.A 10/03/00 W97M.Opey.P to W97M.FF.Family 10/03/00 W97M.Rendra.B to W97M.Rendra.Family 10/03/00 W95.MTX.dr (3) to W95.Oisdbo.dr 09/11/00 Deletions (by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Alien.Worm File infector 10/10/00 Dial900.Aga File infector 09/11/00 Ear.421 File infector 10/10/00 Kill98.Absturz File infector 09/11/00 PWSTEAL.AcidShivers File infector 09/11/00 Deletions (by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Alien.Worm File infector 10/10/00 Ear.421 File infector 10/10/00 Dial900.Aga File infector 09/11/00 Kill98.Absturz File infector 09/11/00 PWSTEAL.AcidShivers File infector 09/11/00 ********************************************************************** ** Enabling Scanning Features ** ********************************************************************** Several scanning features can be enabled through the use of an INF configuration file. For NAV for Windows 95/NT version 4.x and later, or NAV for OS/2, this configuration file should be called NAVEX15.INF and should be placed in the directory where NAV is installed (i.e., C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x, the file should be called NAVEX15.INF and should be placed in the directory where NAV 4.x is installed (i.e., sys:system\navnlm). For NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and should be placed in the directory where NAV is installed (i.e., C:\NAV). If this configuration file does not exist, create one in the appropriate directory if you want to change the default settings. To enable a scanning feature for a particular component, one or more entries need to be added to the configuration file under the correct section. For each platform there is a corresponding section that is used in the INF file. Below is a table of section names and platforms. Section Name Platform ------------ -------- NAVW32 Windows 95/98/NT NAVAP Windows 95/98/NT Auto-Protect NAVDX DOS NAVNLM Netware NAVWIN Windows 3.1 NAVOS2 OS/2 NAVAIX AIX NAVSOL Solaris Entries are case insensitive. Below is a description of possible entries. 1. Files can be excluded from scans by the NAVEX engine. To exclude a specific file from the NAVEX engine scan, add an entry with the full path and file name. This is case insensitive. No wildcards are allowed. To exclude multiple files, add a separate entry for each file. To exclude a file, add an entry like the one below where is the full path and file name. ExcludeFile = 2. Files within a directory can be excluded from scans by the NAVEX engine. To exclude all files within a directory, add an entry with the full directory path. This is case insensitive. No wildcards are allowed. This does not exclude files located in subdirectories of the specified directory. To exclude multiple directories, add a separate entry for each directory. To exclude a directory, add an entry like the one below where is the full path. ExcludeDirectory = The following example of an INF configuration file excludes two files, NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT Auto-Protect. [NAVW32] ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE ExcludeFile = C:\TEMP\BIGFILE.DOC [NAVAP] ExcludeDirectory = D:\PRIVATE ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.