********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) May 03, 2001 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling Scanning Features * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** VBS.LoveLetter, a new worm which has been wide-spread since May 4th, is detected by this definition set. The ten most commonly reported viruses, worldwide: 1 W32.Navidad 2 W95.MTX 3 W32.HLLW.QAZ.A 4 VBS.Stages.A 5 VBS.LoveLetter 6 VBS.Network 7 Wscript.KakWorm 8 W32.Funlove.4099 9 PrettyPark.Worm 10 Happy99.Worm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (by Virus Name): Virus Name Infection Type Week added ---------- -------------- ---------- BAT.Zeichen.192 File infector 04/20/01 Backdoor.Psychothug File infector 04/12/01 DR&ET.1710 (2x) File infector 05/01/01 DR&ET.1710 (3x) File infector 05/01/01 DR&ET.1710 (4) File infector 05/01/01 DR&ET.1710 (4x) File infector 05/01/01 DR&ET.1710 (x) File infector 05/01/01 IRC.Worm.Urbe File infector 05/03/01 JS.Congrats.A@mm File infector 04/19/01 JS.Prawn.A@mm File infector 05/01/01 Jordan.753 File infector 04/11/01 Mirc.LXD File infector 05/03/01 Nokr(b) Boot infector 05/01/01 Nutcracker.Int File infector 04/12/01 O97M.Confused.H@mm File infector 04/30/01 SadCase.Trojan File infector 04/26/01 Trojan.Unite.C File infector 05/03/01 V.693 File infector 04/11/01 VBS.Chameleon.C File infector 04/17/01 VBS.Dedicated.A File infector 04/18/01 VBS.Dedicated.B File infector 04/18/01 VBS.Dedicated.C@mm File infector 04/23/01 VBS.Enaid.A.ini File infector 04/11/01 VBS.Enaid.A@mm File infector 04/11/01 VBS.Gift.int File infector 04/26/01 VBS.Gorum.A@mm File infector 04/23/01 VBS.Help.A@mm File infector 04/27/01 VBS.Hustler.Intd File infector 04/24/01 VBS.IEUnsecure File infector 04/11/01 VBS.Ketip.A@mm File infector 04/25/01 VBS.Ketip.A@mm (2) File infector 04/25/01 VBS.Ketip.A@mm.ini File infector 04/25/01 VBS.Ketip.B@mm File infector 04/26/01 VBS.Kidarcade.D File infector 05/03/01 VBS.LoveLetter.CI File infector 04/23/01 VBS.Lumorg File infector 05/01/01 VBS.Pie@mm File infector 04/19/01 VBS.Seeker.E File infector 04/23/01 VBS.Urbe@mm File infector 05/03/01 VBS.Vbswg2.B@mm File infector 04/23/01 VBS.Vbswg2.C@mm File infector 04/30/01 VBS.Voodoo.A File infector 04/11/01 VBS.Zeichen.A File infector 04/20/01 VBS.Zeta.A@mm File infector 04/19/01 W32.Badtrans.13312@mm File infector 04/11/01 W32.Bika.1906 File infector 04/17/01 W32.Bolzano.2965 File infector 04/23/01 W32.Eva.E File infector 05/02/01 W32.Fakenap.worm@mm File infector 04/23/01 W32.Forever.B.Worm File infector 05/02/01 W32.FunnyFiles.Worm File infector 04/25/01 W32.HLLC.Pers File infector 05/03/01 W32.HLLW.Billrus File infector 05/02/01 W32.HLLW.Showgame File infector 05/02/01 W32.Lastword@mm File infector 04/19/01 W32.Matcher.Worm File infector 04/18/01 W32.Proge File infector 05/02/01 W32.Spit.8192.E File infector 05/02/01 W32.Stator@mm File infector 04/23/01 W32.Tinit File infector 04/24/01 W32.Younga.2384 File infector 04/17/01 W95.Blakan.2016 File infector 04/18/01 W95.Enaid.A.Trojan File infector 04/11/01 W95.MTX.INI File infector 05/03/01 W95.Repus.192 File infector 05/02/01 W95.Tapa.3882 File infector 04/27/01 W95.Urbe.Worm File infector 05/03/01 W97M.Automat.AFD File infector 05/03/01 W97M.Automat.AEZ File infector 04/30/01 W97M.Automat.AFA File infector 04/30/01 W97M.Automat.AFB File infector 04/30/01 W97M.Bebop.A File infector 04/17/01 W97M.Bebop.Gen File infector 04/17/01 W97M.Bench.A File infector 04/18/01 W97M.Bench.B File infector 04/18/01 W97M.Bench.D File infector 04/18/01 W97M.Bench.F File infector 04/18/01 W97M.Bench.Gen File infector 04/18/01 W97M.Bentba.A.Gen File infector 04/19/01 W97M.Bleck.Family File infector 04/20/01 W97M.Blockout.A File infector 04/17/01 W97M.Bobo.F.Gen File infector 04/11/01 W97M.Break.C File infector 04/17/01 W97M.Breeze.Family File infector 04/17/01 W97M.Brenda.B File infector 04/16/01 W97M.Brenda.C File infector 04/16/01 W97M.Brenda.D File infector 04/16/01 W97M.Bridge.B File infector 04/16/01 W97M.Bro.A File infector 04/20/01 W97M.Buffer.A@mm File infector 04/20/01 W97M.Bunny.A File infector 04/19/01 W97M.Bunny.B File infector 04/19/01 W97M.Caligula.C File infector 04/30/01 W97M.Caligula.D File infector 04/30/01 W97M.Chameleon.C File infector 04/17/01 W97M.Cobra.F@mm File infector 05/03/01 W97M.Cobra.U.Gen File infector 05/03/01 W97M.Cuenta.B File infector 05/01/01 W97M.Ecutor.Intd File infector 04/27/01 W97M.Eight941.O File infector 04/19/01 W97M.LuLung.D.Gen File infector 04/27/01 W97M.Macroble.F.Gen File infector 05/03/01 W97M.Marker.EQ.Gen File infector 04/30/01 W97M.Mxfile.A File infector 04/12/01 W97M.Nort.A.Gen File infector 04/19/01 W97M.Philippines.A File infector 04/20/01 W97M.Quitter.A.Trojan File infector 04/17/01 W97M.Rendra.D.Gen File infector 05/01/01 W97M.Sacep.A File infector 04/17/01 W97M.Sherlock.E File infector 04/23/01 W97M.Sunirt.A.Gen File infector 04/20/01 W97M.Thus.CR File infector 04/24/01 W97M.Thus.EE File infector 05/02/01 W97M.Thus.EF File infector 05/02/01 W97M.Thus.EG File infector 05/02/01 X97M.Adn.C.Gen File infector 04/13/01 X97M.Bonker.A File infector 04/17/01 X97M.Confused.I:Tw File infector 04/17/01 X97M.Hihihoho File infector 04/12/01 X97M.Pink.A.Gen File infector 04/30/01 X97M.Squared.B.Gen File infector 04/24/01 XM.Laroux.EA File infector 05/02/01 XM.Laroux.EM File infector 05/02/01 XM.Laroux.EU File infector 05/02/01 XM.Laroux.EV File infector 05/02/01 XM.Laroux.EW File infector 05/02/01 XM.Laroux.EY File infector 05/02/01 XM.Laroux.FB File infector 05/02/01 XM.Laroux.FE File infector 05/02/01 XM.Laroux.FI File infector 05/03/01 XM.Laroux.FK File infector 05/03/01 XM.Laroux.FN File infector 05/03/01 XM.Laroux.FS File infector 05/03/01 XM.Laroux.FT File infector 05/03/01 XM.Laroux.FV File infector 05/03/01 XM.Laroux.FZ File infector 05/03/01 XM.Laroux.GB File infector 05/03/01 XM.Laroux.GC File infector 05/03/01 XM.Laroux.GD File infector 05/03/01 XM.Laroux.GE File infector 05/03/01 XM.Laroux.GF File infector 05/03/01 XM.Laroux.GH File infector 05/03/01 XM.Laroux.GM File infector 05/03/01 XM.Laroux.GN File infector 05/03/01 XM.Laroux.GO File infector 05/03/01 XM.Laroux.GP File infector 05/03/01 XM.Laroux.GT File infector 05/03/01 XM.Laroux.GU File infector 05/03/01 XM.Laroux.GV File infector 05/03/01 XM.Laroux.GW File infector 05/03/01 XM.Laroux.GY File infector 05/03/01 XM.Laroux.GZ File infector 05/03/01 Zag.1106 File infector 04/24/01 New virus definitions (by Week added): Virus Name Infection Type Week added ---------- -------------- ---------- W97M.Automat.AFD File infector 05/03/01 XM.Laroux.GB File infector 05/03/01 XM.Laroux.GC File infector 05/03/01 XM.Laroux.GD File infector 05/03/01 XM.Laroux.GE File infector 05/03/01 XM.Laroux.GF File infector 05/03/01 XM.Laroux.GH File infector 05/03/01 XM.Laroux.GM File infector 05/03/01 XM.Laroux.GN File infector 05/03/01 XM.Laroux.GO File infector 05/03/01 XM.Laroux.GP File infector 05/03/01 XM.Laroux.GT File infector 05/03/01 XM.Laroux.GU File infector 05/03/01 XM.Laroux.GV File infector 05/03/01 XM.Laroux.GW File infector 05/03/01 XM.Laroux.GY File infector 05/03/01 XM.Laroux.GZ File infector 05/03/01 IRC.Worm.Urbe File infector 05/03/01 Mirc.LXD File infector 05/03/01 Trojan.Unite.C File infector 05/03/01 VBS.Kidarcade.D File infector 05/03/01 VBS.Urbe@mm File infector 05/03/01 W32.HLLC.Pers File infector 05/03/01 W95.MTX.INI File infector 05/03/01 W95.Urbe.Worm File infector 05/03/01 W97M.Cobra.F@mm File infector 05/03/01 W97M.Cobra.U.Gen File infector 05/03/01 W97M.Macroble.F.Gen File infector 05/03/01 XM.Laroux.FI File infector 05/03/01 XM.Laroux.FK File infector 05/03/01 XM.Laroux.FN File infector 05/03/01 XM.Laroux.FS File infector 05/03/01 XM.Laroux.FT File infector 05/03/01 XM.Laroux.FV File infector 05/03/01 XM.Laroux.FZ File infector 05/03/01 W32.Eva.E File infector 05/02/01 W32.Forever.B.Worm File infector 05/02/01 W32.HLLW.Billrus File infector 05/02/01 W32.HLLW.Showgame File infector 05/02/01 W32.Proge File infector 05/02/01 W32.Spit.8192.E File infector 05/02/01 W95.Repus.192 File infector 05/02/01 W97M.Thus.EE File infector 05/02/01 W97M.Thus.EF File infector 05/02/01 W97M.Thus.EG File infector 05/02/01 XM.Laroux.EA File infector 05/02/01 XM.Laroux.EM File infector 05/02/01 XM.Laroux.EU File infector 05/02/01 XM.Laroux.EV File infector 05/02/01 XM.Laroux.EW File infector 05/02/01 XM.Laroux.EY File infector 05/02/01 XM.Laroux.FB File infector 05/02/01 XM.Laroux.FE File infector 05/02/01 DR&ET.1710 (2x) File infector 05/01/01 DR&ET.1710 (3x) File infector 05/01/01 DR&ET.1710 (4) File infector 05/01/01 DR&ET.1710 (4x) File infector 05/01/01 DR&ET.1710 (x) File infector 05/01/01 JS.Prawn.A@mm File infector 05/01/01 Nokr(b) Boot infector 05/01/01 VBS.Lumorg File infector 05/01/01 W97M.Cuenta.B File infector 05/01/01 W97M.Rendra.D.Gen File infector 05/01/01 O97M.Confused.H@mm File infector 04/30/01 VBS.Vbswg2.C@mm File infector 04/30/01 W97M.Automat.AEZ File infector 04/30/01 W97M.Automat.AFA File infector 04/30/01 W97M.Automat.AFB File infector 04/30/01 W97M.Caligula.C File infector 04/30/01 W97M.Caligula.D File infector 04/30/01 W97M.Marker.EQ.Gen File infector 04/30/01 X97M.Pink.A.Gen File infector 04/30/01 VBS.Help.A@mm File infector 04/27/01 W95.Tapa.3882 File infector 04/27/01 W97M.Ecutor.Intd File infector 04/27/01 W97M.LuLung.D.Gen File infector 04/27/01 SadCase.Trojan File infector 04/26/01 VBS.Gift.int File infector 04/26/01 VBS.Ketip.B@mm File infector 04/26/01 VBS.Ketip.A@mm File infector 04/25/01 VBS.Ketip.A@mm (2) File infector 04/25/01 VBS.Ketip.A@mm.ini File infector 04/25/01 W32.FunnyFiles.Worm File infector 04/25/01 VBS.Hustler.Intd File infector 04/24/01 W32.Tinit File infector 04/24/01 W97M.Thus.CR File infector 04/24/01 X97M.Squared.B.Gen File infector 04/24/01 Zag.1106 File infector 04/24/01 VBS.Dedicated.C@mm File infector 04/23/01 VBS.Gorum.A@mm File infector 04/23/01 VBS.LoveLetter.CI File infector 04/23/01 VBS.Seeker.E File infector 04/23/01 VBS.Vbswg2.B@mm File infector 04/23/01 W32.Bolzano.2965 File infector 04/23/01 W32.Fakenap.worm@mm File infector 04/23/01 W32.Stator@mm File infector 04/23/01 W97M.Sherlock.E File infector 04/23/01 BAT.Zeichen.192 File infector 04/20/01 VBS.Zeichen.A File infector 04/20/01 W97M.Bleck.Family File infector 04/20/01 W97M.Bro.A File infector 04/20/01 W97M.Buffer.A@mm File infector 04/20/01 W97M.Philippines.A File infector 04/20/01 W97M.Sunirt.A.Gen File infector 04/20/01 JS.Congrats.A@mm File infector 04/19/01 VBS.Pie@mm File infector 04/19/01 VBS.Zeta.A@mm File infector 04/19/01 W32.Lastword@mm File infector 04/19/01 W97M.Bentba.A.Gen File infector 04/19/01 W97M.Bunny.A File infector 04/19/01 W97M.Bunny.B File infector 04/19/01 W97M.Eight941.O File infector 04/19/01 W97M.Nort.A.Gen File infector 04/19/01 VBS.Dedicated.A File infector 04/18/01 VBS.Dedicated.B File infector 04/18/01 W32.Matcher.Worm File infector 04/18/01 W95.Blakan.2016 File infector 04/18/01 W97M.Bench.A File infector 04/18/01 W97M.Bench.B File infector 04/18/01 W97M.Bench.D File infector 04/18/01 W97M.Bench.F File infector 04/18/01 W97M.Bench.Gen File infector 04/18/01 VBS.Chameleon.C File infector 04/17/01 W32.Bika.1906 File infector 04/17/01 W32.Younga.2384 File infector 04/17/01 W97M.Bebop.A File infector 04/17/01 W97M.Bebop.Gen File infector 04/17/01 W97M.Blockout.A File infector 04/17/01 W97M.Break.C File infector 04/17/01 W97M.Breeze.Family File infector 04/17/01 W97M.Chameleon.C File infector 04/17/01 W97M.Quitter.A.Trojan File infector 04/17/01 W97M.Sacep.A File infector 04/17/01 X97M.Bonker.A File infector 04/17/01 X97M.Confused.I:Tw File infector 04/17/01 W97M.Brenda.B File infector 04/16/01 W97M.Brenda.C File infector 04/16/01 W97M.Brenda.D File infector 04/16/01 W97M.Bridge.B File infector 04/16/01 X97M.Adn.C.Gen File infector 04/13/01 Backdoor.Psychothug File infector 04/12/01 Nutcracker.Int File infector 04/12/01 W97M.Mxfile.A File infector 04/12/01 X97M.Hihihoho File infector 04/12/01 Jordan.753 File infector 04/11/01 V.693 File infector 04/11/01 VBS.Enaid.A.ini File infector 04/11/01 VBS.Enaid.A@mm File infector 04/11/01 VBS.IEUnsecure File infector 04/11/01 VBS.Voodoo.A File infector 04/11/01 W32.Badtrans.13312@mm File infector 04/11/01 W95.Enaid.A.Trojan File infector 04/11/01 W97M.Bobo.F.Gen File infector 04/11/01 Name Changes (by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Eka.4096 to Eka.4096 (x) 03/26/01 VBS.Moridin.Worm to VBS.Moridin@mm 03/28/01 W32.Check.Worm to W32.Check.Mirc 04/04/01 W97M.Aida.Int to W97M.Aida.A 04/09/01 W97.Bablas.BW.Gen to W97M.Bablas.Gen 04/25/01 W97M.Bablas.AJ to W97M.Bablas.AU 04/25/01 W97M.Balblas.Y to W97M.Bablas.Y 04/16/01 W97M.Black.Gen to W97M.Bleck.Gen 04/23/01 W97M.Bobo.F.Gen to W97M.Bobo.Gen 04/16/01 W97M.Bunny to W97M.Chameleon.E 04/19/01 W97M.Contec.A to W97M.Bridge.A 04/16/01 W97M.Cross.Epik to W97M.Epik.A 03/20/01 W97M.Gunda.A to W97M.Bablas.BS 05/03/01 W97M.Melissa.X to W97M.Assilem.C 04/03/01 X97M.Confused.E:Ru to O97M.Confused.E:Ru 04/30/01 XM.Laroux.CU to XM.Laroux.AX 04/02/01 Name Changes (by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W97M.Gunda.A to W97M.Bablas.BS 05/03/01 X97M.Confused.E:Ru to O97M.Confused.E:Ru 04/30/01 W97.Bablas.BW.Gen to W97M.Bablas.Gen 04/25/01 W97M.Bablas.AJ to W97M.Bablas.AU 04/25/01 W97M.Black.Gen to W97M.Bleck.Gen 04/23/01 W97M.Bunny to W97M.Chameleon.E 04/19/01 W97M.Balblas.Y to W97M.Bablas.Y 04/16/01 W97M.Bobo.F.Gen to W97M.Bobo.Gen 04/16/01 W97M.Contec.A to W97M.Bridge.A 04/16/01 W97M.Aida.Int to W97M.Aida.A 04/09/01 W32.Check.Worm to W32.Check.Mirc 04/04/01 W97M.Melissa.X to W97M.Assilem.C 04/03/01 XM.Laroux.CU to XM.Laroux.AX 04/02/01 VBS.Moridin.Worm to VBS.Moridin@mm 03/28/01 Eka.4096 to Eka.4096 (x) 03/26/01 Millenium.350 to TinyM.350 03/20/01 W97M.Cross.Epik to W97M.Epik.A 03/20/01 Deletions (by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Linux.Peelf.2132 File infector 04/02/01 Predator.1784 File and Boot infector 04/03/01 Slovakia (2) File infector 04/05/01 Tequila.2469 (1) File and Boot infector 04/03/01 VBS.IEUnsecure File infector 04/17/01 W32.Taek.1275 File infector 04/18/01 Deletions (by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.Taek.1275 File infector 04/18/01 VBS.IEUnsecure File infector 04/17/01 Slovakia (2) File infector 04/05/01 Predator.1784 File and Boot infector 04/03/01 Tequila.2469 (1) File and Boot infector 04/03/01 Linux.Peelf.2132 File infector 04/02/01 VKit.650 File infector 03/06/01 ********************************************************************** ** Enabling Scanning Features ** ********************************************************************** Several scanning features can be enabled through the use of an INF configuration file. For NAV for Windows 95/NT version 4.x and later, or NAV for OS/2, this configuration file should be called NAVEX15.INF and should be placed in the directory where NAV is installed (i.e., C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x, the file should be called NAVEX15.INF and should be placed in the directory where NAV 4.x is installed (i.e., sys:system\navnlm). For NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and should be placed in the directory where NAV is installed (i.e., C:\NAV). If this configuration file does not exist, create one in the appropriate directory if you want to change the default settings. To enable a scanning feature for a particular component, one or more entries need to be added to the configuration file under the correct section. For each platform there is a corresponding section that is used in the INF file. Below is a table of section names and platforms. Section Name Platform ------------ -------- NAVW32 Windows 95/98/NT NAVAP Windows 95/98/NT Auto-Protect NAVDX DOS NAVNLM Netware NAVWIN Windows 3.1 NAVOS2 OS/2 NAVAIX AIX NAVSOL Solaris Entries are case insensitive. Below is a description of possible entries. 1. Files can be excluded from scans by the NAVEX engine. To exclude a specific file from the NAVEX engine scan, add an entry with the full path and file name. This is case insensitive. No wildcards are allowed. To exclude multiple files, add a separate entry for each file. To exclude a file, add an entry like the one below where is the full path and file name. ExcludeFile = 2. Files within a directory can be excluded from scans by the NAVEX engine. To exclude all files within a directory, add an entry with the full directory path. This is case insensitive. No wildcards are allowed. This does not exclude files located in subdirectories of the specified directory. To exclude multiple directories, add a separate entry for each directory. To exclude a directory, add an entry like the one below where is the full path. ExcludeDirectory = The following example of an INF configuration file excludes two files, NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT Auto-Protect. [NAVW32] ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE ExcludeFile = C:\TEMP\BIGFILE.DOC [NAVAP] ExcludeDirectory = D:\PRIVATE ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.