********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec AntiVirus Research Center (SARC) October 03, 2001 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Enabling Scanning Features * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W95.Hybris.worm 2 W95.MTX 3 Wscript.KakWorm 4 W32.HLLW.Bymer 5 W32.Magistr.24876@mm 6 W32.Badtrans.13312@mm 7 W32.Navidad.16896 8 Happy99.Worm 9 VBS.LoveLetter 10 W32.HLLW.Qaz ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- ---------- A97M.AMG.Kit File infector 09/17/01 ACAD.Pobresito File infector 10/01/01 Adif.732 File infector 09/12/01 Alad.2293 File infector 09/05/01 BAT.Ende File infector 09/10/01 BAT.Execom.cmp File infector 09/10/01 BAT.Inkbatch File infector 09/10/01 BAT.Mem2 File infector 09/10/01 Backdoor.Granst File infector 09/14/01 Backdoor.IRC.Critical File infector 09/18/01 Backdoor.NetThief File infector 09/14/01 Backdoor.Oblivion File infector 09/28/01 Backdoor.Scorpina File infector 09/13/01 Backdoor.Trojan.dr(5) File infector 09/05/01 Backdoor.Trojan.dr(6) File infector 09/14/01 Backdoor.Y3KRat.12 File infector 09/06/01 Bat.Nice.2634 File infector 10/01/01 Bat.Putes File infector 10/01/01 Bin.Auto.AQT File infector 09/27/01 Bloodhound.Import File infector 09/10/01 Bloodhound.OrgCopy File infector 09/10/01 BugHunter.200 File infector 09/06/01 BugHunter.206 File infector 09/06/01 DT.6144 File infector 10/01/01 Dilo.667 File infector 09/17/01 DonaldD.Trojan.C File infector 09/12/01 Eddy.gen (x) File infector 09/10/01 Frizer.995 File infector 09/17/01 HLL.IRC.Merlin File infector 09/06/01 Hacktool.Exebind File infector 09/12/01 Hacktool.Rootkit File infector 09/27/01 HiTechAssasin.453 File infector 09/06/01 Hllw.17892 File infector 09/05/01 Hllw.Naston.19000 File infector 09/05/01 Holon.Trojan File infector 09/17/01 IRC.Forca.Worm File infector 09/05/01 IRC.Shiver File infector 09/06/01 Invert.622 File infector 10/01/01 JS.Alert.Trojan File infector 09/18/01 Kula.Trojan File infector 09/24/01 Linux.Abulia File infector 10/01/01 LittleBrother.299(2) File infector 10/03/01 Macro.src File infector 09/12/01 O97M.Coco.A File infector 09/05/01 O97M.Nostyle.D File infector 10/03/01 P98M.Eikrad File infector 09/24/01 PWS.Cain.dr File infector 09/13/01 Shake.Trojan File infector 09/24/01 SillyC.200.e File infector 09/06/01 Trex.Trojan File infector 09/24/01 Trojan.Badmacro File infector 09/05/01 Trojan.Bat.Rude File infector 09/10/01 Trojan.Hackin File infector 09/05/01 Trojan.Hackin File infector 09/06/01 Trojan.IRC.Lipserf File infector 09/12/01 Trojan.Kingnoon.int File infector 09/05/01 Trojan.VBS.Lipserf File infector 09/12/01 Trojan.VBS.PingBash File infector 09/10/01 Trojan.W97M.Abre File infector 09/10/01 Trojan.ZeroBoot File infector 09/10/01 Umisy.2322 File infector 09/10/01 V5M.Kolera.A File infector 09/10/01 VBS.Aleat@mm File infector 10/01/01 VBS.Alert.A@mm File infector 09/24/01 VBS.Bark File infector 09/12/01 VBS.Blank.Gen File infector 09/26/01 VBS.Boluc@mm File infector 10/01/01 VBS.Cosa.A@mm File infector 09/04/01 VBS.Cuerpo File infector 09/12/01 VBS.Funny@mm File infector 10/01/01 VBS.Gribble File infector 09/12/01 VBS.Hotdog.gen File infector 09/06/01 VBS.IE5Grab.A File infector 10/01/01 VBS.Lam@mm File infector 09/24/01 VBS.Loveletter.CQ File infector 09/06/01 VBS.Reality.C File infector 09/05/01 VBS.Trappy@mm File infector 09/06/01 VBS.VBSWT File infector 09/27/01 VBS.Xendi.Trojan File infector 09/26/01 VBSWT.Generator File infector 09/27/01 W2K.Ketam File infector 09/17/01 W32.Apost.Worm@mm File infector 09/04/01 W32.Assic.worm File infector 09/14/01 W32.Beavuh File infector 09/14/01 W32.BlueCode.Worm File infector 09/07/01 W32.Calm File infector 09/14/01 W32.Creepy@mm File infector 09/24/01 W32.Fanta.worm File infector 09/14/01 W32.HLLO.A File infector 10/03/01 W32.HLLO.Antz.gen File infector 10/03/01 W32.HLLP.Imel File infector 10/03/01 W32.HLLW.Giwin File infector 10/03/01 W32.HLLW.Myset File infector 10/03/01 W32.HLLW.Overlo File infector 10/03/01 W32.Jimm File infector 10/03/01 W32.Kan File infector 09/18/01 W32.Lesbot File infector 10/03/01 W32.Magistr.39921@mm File infector 09/04/01 W32.Magistr.trojan File infector 09/04/01 W32.Mahter File infector 10/03/01 W32.Makegr File infector 09/14/01 W32.Nimda.A@mm File infector 09/18/01 W32.Nimda.A@mm (dll) File infector 09/18/01 W32.Nimda.A@mm (dr) File infector 09/18/01 W32.Nimda.A@mm(html) File infector 09/18/01 W32.Nimda.enc File infector 09/18/01 W32.Nimda.enc(1) File infector 09/18/01 W32.Nuk File infector 10/03/01 W32.PAME.B File infector 09/17/01 W32.Revaz.gen File infector 10/03/01 W32.Row@mm File infector 09/24/01 W32.Toush File infector 10/03/01 W32.Twea@mm File infector 09/27/01 W32.Unce@mm File infector 09/28/01 W32.Vicious.Int File infector 10/03/01 W32.Vote.A@mm File infector 09/24/01 W32.Vote.B@mm File infector 09/26/01 W32.Whiter.Trojan File infector 09/26/01 W32.Zush@mm File infector 09/26/01 W95.Apop File infector 09/06/01 W95.CIH.corrupt File infector 09/06/01 W95.CIH.damaged File infector 09/14/01 W95.Fix2001.36864 File infector 09/26/01 W95.MTXII File infector 09/14/01 W97M.Ami.C File infector 09/17/01 W97M.Arm.A File infector 09/05/01 W97M.Automat.AGH File infector 09/05/01 W97M.Bablas.BW File infector 09/06/01 W97M.Been.A File infector 09/05/01 W97M.CaptainL File infector 09/06/01 W97M.Cooldown File infector 09/10/01 W97M.Dihlo File infector 10/01/01 W97M.Doccopy.C File infector 10/01/01 W97M.Ethan.EK.src File infector 09/10/01 W97M.Ethan.EL File infector 09/12/01 W97M.Fox.Trojan File infector 09/17/01 W97M.Likon.A File infector 10/03/01 W97M.Minimal.BY File infector 09/14/01 W97M.Mtrue.B File infector 10/01/01 W97M.Muna.A File infector 10/03/01 W97M.Peat File infector 10/03/01 W97M.Remos.A File infector 09/24/01 W97M.Sting File infector 09/18/01 W97M.Tador.A File infector 10/03/01 W97M.Thus.ES File infector 09/26/01 W97M.VMPCK1.gen File infector 09/04/01 W97M.Verlor.K.vbs File infector 09/05/01 W97M.Volcano.A@mm File infector 09/20/01 W97M.Vp File infector 10/01/01 W97M.Zeitung.E File infector 10/01/01 WM.Wazzu.GH File infector 10/01/01 WNT.Frangible.int File infector 10/01/01 WNT.Jater File infector 09/26/01 WNT.Pasti@mm File infector 10/01/01 Win.HLLW.Macho File infector 09/27/01 X97M.Adn.E File infector 10/01/01 X97M.Amuka.A File infector 10/03/01 X97M.Amuka.B File infector 10/03/01 X97M.Bonker.gen File infector 09/10/01 X97M.DBT.gen File infector 09/10/01 X97M.Ellar.A File infector 09/27/01 XM.Robocop.B File infector 09/04/01 YankeeDoodle.2772 File infector 09/12/01 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- LittleBrother.299(2) File infector 10/03/01 O97M.Nostyle.D File infector 10/03/01 W32.HLLO.A File infector 10/03/01 W32.HLLO.Antz.gen File infector 10/03/01 W32.HLLP.Imel File infector 10/03/01 W32.HLLW.Giwin File infector 10/03/01 W32.HLLW.Myset File infector 10/03/01 W32.HLLW.Overlo File infector 10/03/01 W32.Jimm File infector 10/03/01 W32.Lesbot File infector 10/03/01 W32.Mahter File infector 10/03/01 W32.Nuk File infector 10/03/01 W32.Revaz.gen File infector 10/03/01 W32.Toush File infector 10/03/01 W32.Vicious.Int File infector 10/03/01 W97M.Likon.A File infector 10/03/01 W97M.Muna.A File infector 10/03/01 W97M.Peat File infector 10/03/01 W97M.Tador.A File infector 10/03/01 X97M.Amuka.A File infector 10/03/01 X97M.Amuka.B File infector 10/03/01 ACAD.Pobresito File infector 10/01/01 Bat.Nice.2634 File infector 10/01/01 Bat.Putes File infector 10/01/01 DT.6144 File infector 10/01/01 Invert.622 File infector 10/01/01 Linux.Abulia File infector 10/01/01 VBS.Aleat@mm File infector 10/01/01 VBS.Boluc@mm File infector 10/01/01 VBS.Funny@mm File infector 10/01/01 VBS.IE5Grab.A File infector 10/01/01 X97M.Adn.E File infector 10/01/01 W97M.Dihlo File infector 10/01/01 W97M.Doccopy.C File infector 10/01/01 W97M.Mtrue.B File infector 10/01/01 W97M.Vp File infector 10/01/01 W97M.Zeitung.E File infector 10/01/01 WM.Wazzu.GH File infector 10/01/01 WNT.Frangible.int File infector 10/01/01 WNT.Pasti@mm File infector 10/01/01 Backdoor.Oblivion File infector 09/28/01 W32.Unce@mm File infector 09/28/01 Bin.Auto.AQT File infector 09/27/01 Hacktool.Rootkit File infector 09/27/01 VBS.VBSWT File infector 09/27/01 VBSWT.Generator File infector 09/27/01 W32.Twea@mm File infector 09/27/01 Win.HLLW.Macho File infector 09/27/01 X97M.Ellar.A File infector 09/27/01 VBS.Blank.Gen File infector 09/26/01 VBS.Xendi.Trojan File infector 09/26/01 W32.Vote.B@mm File infector 09/26/01 W32.Whiter.Trojan File infector 09/26/01 W32.Zush@mm File infector 09/26/01 W95.Fix2001.36864 File infector 09/26/01 W97M.Thus.ES File infector 09/26/01 WNT.Jater File infector 09/26/01 Kula.Trojan File infector 09/24/01 P98M.Eikrad File infector 09/24/01 Shake.Trojan File infector 09/24/01 Trex.Trojan File infector 09/24/01 VBS.Alert.A@mm File infector 09/24/01 VBS.Lam@mm File infector 09/24/01 W32.Creepy@mm File infector 09/24/01 W32.Row@mm File infector 09/24/01 W32.Vote.A@mm File infector 09/24/01 W97M.Remos.A File infector 09/24/01 W97M.Volcano.A@mm File infector 09/20/01 JS.Alert.Trojan File infector 09/18/01 W32.Nimda.A@mm (dll) File infector 09/18/01 W32.Nimda.A@mm (dr) File infector 09/18/01 W32.Nimda.A@mm(html) File infector 09/18/01 W32.Nimda.enc File infector 09/18/01 W32.Nimda.enc(1) File infector 09/18/01 W97M.Sting File infector 09/18/01 Backdoor.IRC.Critical File infector 09/18/01 W32.Kan File infector 09/18/01 W32.Nimda.A@mm File infector 09/18/01 A97M.AMG.Kit File infector 09/17/01 W2K.Ketam File infector 09/17/01 W97M.Ami.C File infector 09/17/01 W97M.Fox.Trojan File infector 09/17/01 Dilo.667 File infector 09/17/01 Frizer.995 File infector 09/17/01 Holon.Trojan File infector 09/17/01 W32.PAME.B File infector 09/17/01 Backdoor.Granst File infector 09/14/01 Backdoor.NetThief File infector 09/14/01 Backdoor.Trojan.dr(6) File infector 09/14/01 W32.Assic.worm File infector 09/14/01 W32.Beavuh File infector 09/14/01 W32.Calm File infector 09/14/01 W32.Fanta.worm File infector 09/14/01 W32.Makegr File infector 09/14/01 W95.CIH.damaged File infector 09/14/01 W95.MTXII File infector 09/14/01 W97M.Minimal.BY File infector 09/14/01 Backdoor.Scorpina File infector 09/13/01 PWS.Cain.dr File infector 09/13/01 DonaldD.Trojan.C File infector 09/12/01 Hacktool.Exebind File infector 09/12/01 VBS.Gribble File infector 09/12/01 W97M.Ethan.EL File infector 09/12/01 Adif.732 File infector 09/12/01 Macro.src File infector 09/12/01 Trojan.IRC.Lipserf File infector 09/12/01 Trojan.VBS.Lipserf File infector 09/12/01 VBS.Bark File infector 09/12/01 VBS.Cuerpo File infector 09/12/01 YankeeDoodle.2772 File infector 09/12/01 BAT.Ende File infector 09/10/01 BAT.Execom.cmp File infector 09/10/01 BAT.Inkbatch File infector 09/10/01 BAT.Mem2 File infector 09/10/01 Bloodhound.Import File infector 09/10/01 Bloodhound.OrgCopy File infector 09/10/01 Eddy.gen (x) File infector 09/10/01 Trojan.Bat.Rude File infector 09/10/01 Trojan.VBS.PingBash File infector 09/10/01 Trojan.W97M.Abre File infector 09/10/01 Trojan.ZeroBoot File infector 09/10/01 Umisy.2322 File infector 09/10/01 V5M.Kolera.A File infector 09/10/01 W97M.Cooldown File infector 09/10/01 W97M.Ethan.EK.src File infector 09/10/01 X97M.Bonker.gen File infector 09/10/01 X97M.DBT.gen File infector 09/10/01 W32.BlueCode.Worm File infector 09/07/01 Backdoor.Y3KRat.12 File infector 09/06/01 HLL.IRC.Merlin File infector 09/06/01 IRC.Shiver File infector 09/06/01 Trojan.Hackin File infector 09/06/01 VBS.Hotdog.gen File infector 09/06/01 VBS.Loveletter.CQ File infector 09/06/01 W95.Apop File infector 09/06/01 W95.CIH.corrupt File infector 09/06/01 W97M.CaptainL File infector 09/06/01 BugHunter.200 File infector 09/06/01 BugHunter.206 File infector 09/06/01 HiTechAssasin.453 File infector 09/06/01 SillyC.200.e File infector 09/06/01 VBS.Trappy@mm File infector 09/06/01 W97M.Bablas.BW File infector 09/06/01 Alad.2293 File infector 09/05/01 Backdoor.Trojan.dr(5) File infector 09/05/01 Hllw.17892 File infector 09/05/01 Hllw.Naston.19000 File infector 09/05/01 IRC.Forca.Worm File infector 09/05/01 O97M.Coco.A File infector 09/05/01 Trojan.Badmacro File infector 09/05/01 Trojan.Hackin File infector 09/05/01 Trojan.Kingnoon.int File infector 09/05/01 VBS.Reality.C File infector 09/05/01 W97M.Arm.A File infector 09/05/01 W97M.Automat.AGH File infector 09/05/01 W97M.Been.A File infector 09/05/01 W97M.Verlor.K.vbs File infector 09/05/01 VBS.Cosa.A@mm File infector 09/04/01 W32.Apost.Worm@mm File infector 09/04/01 W32.Magistr.39921@mm File infector 09/04/01 W32.Magistr.trojan File infector 09/04/01 W97M.VMPCK1.gen File infector 09/04/01 XM.Robocop.B File infector 09/04/01 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Mandi to Backdoor.WebDL.C 08/29/01 Backdoor.WebDL.C to Backdoor.WebDL.Family 09/10/01 Bat.Putes to Bat.Stupe 10/01/01 ConCon.Trojan to Trojan.VBS.Concon 09/04/01 IRC.Acnu.Worm to Backdoor.IRC.SubSeven 09/13/01 JS.Clid.A@mm to VBS.Loding.B@mm 08/29/01 JV.Exception.Exploit to JS.Exception.Exploit 08/22/01 Trojan.BAT.Regbomb.A to BAT.Regbomb.A.Trojan 10/03/01 Trojan.Bat.AntiDN to Bat.AntiDN.Trojan 10/03/01 Trojan.Bat.Autorun to Bat.Autorun.Trojan 10/03/01 Trojan.Bat.BatKiller to Bat.BatKiller.Trojan 10/03/01 Trojan.Bat.DelFiles to Bat.DelFiles.Trojan 10/03/01 Trojan.Bat.DelFolder to Bat.DelFolder.Trojan 10/03/01 Trojan.Bat.Delauto to Bat.Delauto.Trojan 10/03/01 Trojan.Bat.Delini.192 to Bat.Delini.192.Trojan 10/03/01 Trojan.Bat.Delsys to Bat.Delsys.Trojan 10/03/01 Trojan.Bat.Deltree to Bat.Deltree.Trojan 10/03/01 Trojan.Bat.DirMaker to Bat.DirMaker.Trojan 10/03/01 Trojan.Bat.FakeAV.A to Bat.FakeAV.A.Trojan 10/03/01 Trojan.Bat.FakeAV.B to Bat.FakeAV.B.Trojan 10/03/01 Trojan.Bat.HDFill to Bat.HDFill.Trojan 10/03/01 Trojan.Bat.Hardhead to Bat.Hardhead.Trojan 10/03/01 Trojan.Bat.Loop to Bat.Loop.Trojan 10/03/01 Trojan.Bat.NTHack to Bat.NTHack.Trojan 10/03/01 Trojan.Bat.NTHack.vbs to Bat.NTHack.vbs.Trojan 10/03/01 Trojan.Bat.Phat to Bat.Phat.Trojan 10/03/01 Trojan.Bat.QuickFormat to Bat.QuickFormat.Trojan 10/03/01 Trojan.Bat.Season.A to Bat.Season.A.Trojan 10/03/01 Trojan.Error to Trojan.Pounds 08/29/01 Trojan.IRC.Lipserf to Trojan.IRC.Gribble 09/13/01 Trojan.Offensive to Trojan.JS.Offensive 08/22/01 Trojan.VBS.Lipserf to Trojan.VBS.Gribble 09/13/01 VBS.Alert.A@mm to VBS.Erul.A@mm 09/26/01 VBS.AutoExec.Trojan to Trojan.VBS.Never 08/29/01 VBS.Fujim.A@mm to VBS.Informer.A@mm 08/10/01 VBS.Fujimori.A@mm to VBS.Fujim.A@mm 08/08/01 VBS.IO.A@mm to VBS.Thea.A 08/22/01 VBS.LoveLetter.Variant to VBS.LoveLetter.Var 09/12/01 VBS.Loveletter.ini to IRC.Worm.gen 09/10/01 VBS.Mensa.A@mm to VBS.Proud.A@mm 08/22/01 VBS.Merlin.C.Int to VBS.XPJunexp.C.Int 08/10/01 VBS.Merlin.D@mm to VBS.Merlin.C@mm 08/10/01 VBS.Peace.Worm to VBS.Elimence.A 08/31/01 VBS.Rewind.A@mm to VBS.SSIWG.gen@mm 08/17/01 VBS.Ruzz to VBS.Fiber.A 08/13/01 VBS.SNights to VBS.Zync.A 08/22/01 VBS.Wordsworth to VBS.Yello 08/13/01 VBS.Zulu.pdf@mm to VBS.PeachyPDF@mm 08/08/01 W2K.Stream.A to W2K.Strea 09/26/01 W32.Pimpo@mm to W32.Pimpol.B@mm 08/05/01 W32.Ralvek.int to W32.Pet_Tick.M 08/24/01 W32.Vote.A@mm to W32.Vote.gen@mm 09/27/01 W97M.CaptainL to W97M.Ethan.EK 09/10/01 W97M.Epik.A to O97M.Epik.A 09/06/01 W97M.Ethan.EL to VBS.Bluemail.A@mm 09/26/01 W97M.Gub to O97M.Gub 10/03/01 W97M.Minimal.AX.gen to W97M.Minimal.AX 08/13/01 W97M.Philippines.A to W97M.Liberate.A 10/03/01 W97M.Remos.A to W97M.Ethan.EL (2) 09/26/01 W97M.Thus.ES to W97M.Thus.FC 10/01/01 W97M.Thus.FA@mm to W97M.Cruson.A@mm 08/29/01 W97M.Volcano.A@mm to W97M.Camino.A@mm 09/24/01 X97M.Automat.AH to X97M.Divi.I 10/03/01 X97M.Automat.AK to X97M.Divi.K 10/03/01 X97M.DIVI.K to X97M.DIVI.Family 10/03/01 X97M.Yawn.gen to XM.Yawn 08/17/01 XM.Automat.S to XM.Clonar.A 10/03/01 XM.Diablos to XM.Diablo.gen 10/03/01 XM.Tabej.B to XM.Tabej.C 10/03/01 XM.Tabej.C to XM.Tabej.B 10/03/01 XM.Yawn to XM.Yawn.Family 10/03/01 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Trojan.BAT.Regbomb.A to BAT.Regbomb.A.Trojan 10/03/01 Trojan.Bat.AntiDN to Bat.AntiDN.Trojan 10/03/01 Trojan.Bat.Autorun to Bat.Autorun.Trojan 10/03/01 Trojan.Bat.BatKiller to Bat.BatKiller.Trojan 10/03/01 Trojan.Bat.DelFiles to Bat.DelFiles.Trojan 10/03/01 Trojan.Bat.DelFolder to Bat.DelFolder.Trojan 10/03/01 Trojan.Bat.Delauto to Bat.Delauto.Trojan 10/03/01 Trojan.Bat.Delini.192 to Bat.Delini.192.Trojan 10/03/01 Trojan.Bat.Delsys to Bat.Delsys.Trojan 10/03/01 Trojan.Bat.Deltree to Bat.Deltree.Trojan 10/03/01 Trojan.Bat.DirMaker to Bat.DirMaker.Trojan 10/03/01 Trojan.Bat.FakeAV.A to Bat.FakeAV.A.Trojan 10/03/01 Trojan.Bat.FakeAV.B to Bat.FakeAV.B.Trojan 10/03/01 Trojan.Bat.HDFill to Bat.HDFill.Trojan 10/03/01 Trojan.Bat.Hardhead to Bat.Hardhead.Trojan 10/03/01 Trojan.Bat.Loop to Bat.Loop.Trojan 10/03/01 Trojan.Bat.NTHack to Bat.NTHack.Trojan 10/03/01 Trojan.Bat.NTHack.vbs to Bat.NTHack.vbs.Trojan 10/03/01 Trojan.Bat.Phat to Bat.Phat.Trojan 10/03/01 Trojan.Bat.QuickFormat to Bat.QuickFormat.Trojan 10/03/01 Trojan.Bat.Season.A to Bat.Season.A.Trojan 10/03/01 W97M.Gub to O97M.Gub 10/03/01 W97M.Philippines.A to W97M.Liberate.A 10/03/01 X97M.Automat.AH to X97M.Divi.I 10/03/01 X97M.Automat.AK to X97M.Divi.K 10/03/01 X97M.DIVI.K to X97M.DIVI.Family 10/03/01 XM.Automat.S to XM.Clonar.A 10/03/01 XM.Diablos to XM.Diablo.gen 10/03/01 XM.Tabej.B to XM.Tabej.C 10/03/01 XM.Tabej.C to XM.Tabej.B 10/03/01 XM.Yawn to XM.Yawn.Family 10/03/01 Bat.Putes to Bat.Stupe 10/01/01 W97M.Thus.ES to W97M.Thus.FC 10/01/01 W32.Vote.A@mm to W32.Vote.gen@mm 09/27/01 VBS.Alert.A@mm to VBS.Erul.A@mm 09/26/01 W2K.Stream.A to W2K.Strea 09/26/01 W97M.Ethan.EL to VBS.Bluemail.A@mm 09/26/01 W97M.Remos.A to W97M.Ethan.EL (2) 09/26/01 W97M.Volcano.A@mm to W97M.Camino.A@mm 09/24/01 IRC.Acnu.Worm to Backdoor.IRC.SubSeven 09/13/01 Trojan.IRC.Lipserf to Trojan.IRC.Gribble 09/13/01 Trojan.VBS.Lipserf to Trojan.VBS.Gribble 09/13/01 VBS.LoveLetter.Variant to VBS.LoveLetter.Var 09/12/01 Backdoor.WebDL.C to Backdoor.WebDL.Family 09/10/01 VBS.Loveletter.ini to IRC.Worm.gen 09/10/01 W97M.CaptainL to W97M.Ethan.EK 09/10/01 W97M.Epik.A to O97M.Epik.A 09/06/01 ConCon.Trojan to Trojan.VBS.Concon 09/04/01 VBS.Peace.Worm to VBS.Elimence.A 08/31/01 Backdoor.Mandi to Backdoor.WebDL.C 08/29/01 JS.Clid.A@mm to VBS.Loding.B@mm 08/29/01 Trojan.Error to Trojan.Pounds 08/29/01 VBS.AutoExec.Trojan to Trojan.VBS.Never 08/29/01 W97M.Thus.FA@mm to W97M.Cruson.A@mm 08/29/01 W32.Ralvek.int to W32.Pet_Tick.M 08/24/01 JV.Exception.Exploit to JS.Exception.Exploit 08/22/01 Trojan.Offensive to Trojan.JS.Offensive 08/22/01 VBS.SNights to VBS.Zync.A 08/22/01 VBS.IO.A@mm to VBS.Thea.A 08/22/01 VBS.Mensa.A@mm to VBS.Proud.A@mm 08/22/01 VBS.Rewind.A@mm to VBS.SSIWG.gen@mm 08/17/01 X97M.Yawn.gen to XM.Yawn 08/17/01 VBS.Ruzz to VBS.Fiber.A 08/13/01 VBS.Wordsworth to VBS.Yello 08/13/01 W97M.Minimal.AX.gen to W97M.Minimal.AX 08/13/01 VBS.Fujim.A@mm to VBS.Informer.A@mm 08/10/01 VBS.Merlin.C.Int to VBS.XPJunexp.C.Int 08/10/01 VBS.Merlin.D@mm to VBS.Merlin.C@mm 08/10/01 VBS.Fujimori.A@mm to VBS.Fujim.A@mm 08/08/01 VBS.Zulu.pdf@mm to VBS.PeachyPDF@mm 08/08/01 W32.Pimpo@mm to W32.Pimpol.B@mm 08/05/01 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ A97M.Amg.A File infector 06/15/01 Backdoor.Teste File infector 08/24/01 CLS.Win.Joke.34520(1) File infector 07/17/01 CLS.Win.Joke.34520(2) File infector 07/17/01 Eumel.363.A File infector 08/20/01 Invalid Certificate File infector 05/14/01 MtE.Groove (5) File infector 06/05/01 PWS.Cain.dr File infector 09/17/01 Sailor.1108 File infector 08/22/01 Trojan.Billrus.Texto File infector 07/13/01 Trojan.VBS.Autoexec File infector 08/29/01 Unlucky.2008 (2) File infector 06/11/01 Unlucky.2008 (3) File infector 06/11/01 W32.Antiqfx.B.worm File infector 08/01/01 W32.Antiqfx.C.worm File infector 08/01/01 W32.Bedtime.2304 File infector 07/02/01 W32.Vote.B@mm File infector 09/27/01 W95.Mul.2012 File infector 05/31/01 W95.Smoker.Worm@mm File infector 07/12/01 WM.Kam File infector 08/20/01 X97M.Activated.A File infector 10/03/01 X97M.DIVI.J File infector 10/03/01 X97M.Divi.G File infector 10/03/01 X97M.Divi.M File infector 10/03/01 Yosha.761 File infector 08/22/01 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ X97M.Activated.A File infector 10/03/01 X97M.DIVI.J File infector 10/03/01 X97M.Divi.G File infector 10/03/01 X97M.Divi.M File infector 10/03/01 W32.Vote.B@mm File infector 09/27/01 PWS.Cain.dr File infector 09/17/01 Trojan.VBS.Autoexec File infector 08/29/01 Backdoor.Teste File infector 08/24/01 Sailor.1108 File infector 08/22/01 Yosha.761 File infector 08/22/01 Eumel.363.A File infector 08/20/01 WM.Kam File infector 08/20/01 W32.Antiqfx.B.worm File infector 08/01/01 W32.Antiqfx.C.worm File infector 08/01/01 CLS.Win.Joke.34520(1) File infector 07/17/01 CLS.Win.Joke.34520(2) File infector 07/17/01 Trojan.Billrus.Texto File infector 07/13/01 W95.Smoker.Worm@mm File infector 07/12/01 W32.Bedtime.2304 File infector 07/02/01 A97M.Amg.A File infector 06/15/01 Unlucky.2008 (2) File infector 06/11/01 Unlucky.2008 (3) File infector 06/11/01 MtE.Groove (5) File infector 06/05/01 W95.Mul.2012 File infector 05/31/01 Invalid Certificate File infector 05/14/01 ********************************************************************** ** Enabling Scanning Features ** ********************************************************************** Several scanning features can be enabled through the use of an INF configuration file. For NAV for Windows 95/NT version 4.x and later, or NAV for OS/2, this configuration file should be called NAVEX15.INF and should be placed in the directory where NAV is installed (i.e., C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x, the file should be called NAVEX15.INF and should be placed in the directory where NAV 4.x is installed (i.e., sys:system\navnlm). For NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and should be placed in the directory where NAV is installed (i.e., C:\NAV). If this configuration file does not exist, create one in the appropriate directory if you want to change the default settings. To enable a scanning feature for a particular component, one or more entries need to be added to the configuration file under the correct section. For each platform there is a corresponding section that is used in the INF file. Below is a table of section names and platforms. Section Name Platform ------------ -------- NAVW32 Windows 95/98/NT NAVAP Windows 95/98/NT Auto-Protect NAVDX DOS NAVNLM Netware NAVWIN Windows 3.1 NAVOS2 OS/2 NAVAIX AIX NAVSOL Solaris Entries are case insensitive. Below is a description of possible entries. 1. Files can be excluded from scans by the NAVEX engine. To exclude a specific file from the NAVEX engine scan, add an entry with the full path and file name. This is case insensitive. No wildcards are allowed. To exclude multiple files, add a separate entry for each file. To exclude a file, add an entry like the one below where is the full path and file name. ExcludeFile = 2. Files within a directory can be excluded from scans by the NAVEX engine. To exclude all files within a directory, add an entry with the full directory path. This is case insensitive. No wildcards are allowed. This does not exclude files located in subdirectories of the specified directory. To exclude multiple directories, add a separate entry for each directory. To exclude a directory, add an entry like the one below where is the full path. ExcludeDirectory = The following example of an INF configuration file excludes two files, NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT Auto-Protect. [NAVW32] ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE ExcludeFile = C:\TEMP\BIGFILE.DOC [NAVAP] ExcludeDirectory = D:\PRIVATE ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.