home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2000 February
/
PCWorld_2000-02_cd.bin
/
Software
/
Antiviry
/
nav32
/
0103i32.exe
/
WHATSNEW.TXT
< prev
next >
Wrap
Text File
|
2000-01-03
|
23KB
|
402 lines
**********************************************************************
** **
** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
** **
** Symantec AntiVirus Research Center (SARC) January 3, 2000 **
** **
**********************************************************************
This document contains the following topics:
* Virus Alerts
* New Technologies
* Changes Incorporated Into This Update
* Enabling/Disabling PowerPoint Scanning
* Additional Information
**********************************************************************
** Virus Alerts **
**********************************************************************
The ten most commonly reported viruses, worldwide:
1 W97M.Class
2 XM.Laroux
3 O97M.Tristate
4 W95.CIH
5 Happy99.Worm
6 WM.Cap
7 W97M.ColdApe
8 W97M.Ethan
9 W97M.Melissa
10 Worm.ExploreZip
**********************************************************************
** New Technologies **
**********************************************************************
DATE Technologies Added
---- ------------------
8/19/98 * Excel heuristics which detect and repair new and unknown
macro viruses in Excel 95 & 97 documents.
9/16/98 * Added repair for encrypted Excel 97 documents.
10/21/98 * Heuristics to detect AOL Password Stealer Trojans.
* WORD Heuristics improvement to increase detection rate.
12/17/98 * Macro Exclusion Engine to speed up the scanning for Word
and Excel documents.
* PowerPoint engine to scan PowerPoint related viruses.
To enable this technology please read "Enabling/Disabling
PowerPoint Scanning" section later in this document.
02/18/99 * Detection and repair of macro viruses in Word and Excel
2000 documents.
05/12/99 * Added repair for PowerPoint viruses.
* Improved heuristics to detect more WORD 97 related
viruses.
06/10/99 * Menu repair technology for WORD macro viruses that change
command bar customizations in NORMAL.DOT.
07/12/99 * Added support for scanning of Ichitaro 8/9 documents.
(Ichitaro is a Japanese word processing program).
08/19/99 * Added detection and repair for embedded documents inside
PowerPoint 97.
11/22/99 * Added detection and repair for Trojans embedded in OLE
files, such as Windows scrap files and MS Office
documents.
* Added detection for viruses which infect Microsoft
Project documents (P98M.Corner.A, for example).
**********************************************************************
** Changes Incorporated Into This Virus Definitions Update **
**********************************************************************
New virus definitions:
Virus Name Infection Type Week added
---------- -------------- ----------
Backdoor-G.ldr File infector 12/06/99
Backdoor.BO.d File infector 12/30/99
Backdoor.Netget.A file infector 01/03/00
Backdoor.Netspy (2) File infector 11/29/99
Backdoor.Netspy (3) File infector 11/29/99
Backdoor.Netspy (4) File infector 11/29/99
Backdoor.Netspy.10 File infector 11/29/99
Backdoor.Netspy.10.e File infector 11/29/99
Backdoor.SchoolBus.A File infector 12/30/99
Backdoor.sysinst File infector 12/27/99
Backdoor.TheThing.b File infector 12/27/99
Backdoor.TheThing.c File infector 12/30/99
BAT.Chantal.B File infector 12/30/99
Danny.872 File infector 12/30/99
Fixit.Trojan File infector 11/29/99
IExpand.trojan File infector 12/06/99
Info.trojan File infector 12/15/99
Kill98.Trojan file infector 01/03/00
Macro Family (2) File infector 12/15/99
Macro Family (3) File infector 12/15/99
Marzia.2048.ww.c file and boot infector 01/03/00
Marzia.2048.ww.c (2) file and boot infector 01/03/00
Marzia.2048.ww.c (b) file and boot infector 01/03/00
Marzia.C (b) File and Boot infector 11/29/99
Marzia.C (x) File and Boot infector 11/29/99
Marzia.D File and Boot infector 11/29/99
Marzia.D File and Boot infector 12/30/99
Marzia.D (2) File and Boot infector 12/30/99
O97M.Hopper.S File infector 12/27/99
O97M.Toraja.A File infector 12/27/99
O97M.Tristate.S File infector 12/10/99
Orifice.dr file infector 01/03/00
PSW.Weird.Trojan File infector 12/30/99
QScare.cascade File infector 12/15/99
SillyRCE.664 File infector 12/15/99
SpyingKing.Trojan File infector 12/06/99
THE_FLY File infector 12/27/99
Trivial.i.ow.15360 File infector 12/30/99
Trojan.AOL.PS.ok File infector 11/29/99
Trojan.AOL.Winsyst File infector 12/27/99
Trojan.Logger File infector 12/27/99
Trojan.MSREXE File infector 12/27/99
Trojan.RFPoison File infector 12/27/99
Trojan.Watcher file infector 01/03/00
VBS.Bhong File infector 12/21/99
VBS.Chantal.B File infector 12/30/99
VBS.Illen File infector 12/27/99
VBS.Lucky file infector 01/03/00
VBS.Mix.1852.A file infector 01/03/00
VBS.Tune File infector 12/30/99
W32.Antiqfx.Worm File infector 12/30/99
W32.Bolzano.R File infector 11/29/99
W32.Crypto file infector 01/03/00
W32.HLLC.StupRed.A File infector 11/29/99
W32.HLLO.Fed.A File infector 11/29/99
W32.HLLP.Pawel.9000 File infector 11/29/99
W32.HLLP.Text.A File infector 11/29/99
W32.HLLP.Text.B File infector 11/29/99
W32.HLLP.Text.C File infector 11/29/99
W32.HLLP.Zomby.17920 File infector 12/06/99
W32.HLLW.Soft6 File infector 12/06/99
W32.HLLW.Soft6.B File infector 12/15/99
W32.HLPDemo.Dropper File infector 12/27/99
W32.IhSix.3048 file infector 01/03/00
W32.IhSix.Wsock file infector 01/03/00
W32.Legacy file infector 01/03/00
W32.Mix.1852 file infector 01/03/00
W32.Mix.1852.dr file infector 01/03/00
W32.Mypics.worm File infector 12/03/99
W32.Mypics.worm (2) File infector 12/03/99
W32.Mypics.worm (3) File infector 12/03/99
W32.Mypics.worm (4) File infector 12/03/99
W32.Mypics.worm (5) File infector 12/03/99
W32.Mypics.worm (6) File infector 12/03/99
W32.Mypics.Worm (bat) File infector 12/03/99
W32.Mypics.Worm (bat2) File infector 12/03/99
W32.Mypics.Worm (bat3) File infector 12/03/99
W32.Mypics.Worm (com) File infector 12/03/99
W32.NewApt.B.Worm File infector 12/21/99
W32.NewApt.C.Worm File infector 12/21/99
W32.NewApt.Worm File infector 12/14/99
W32.NewApt.Worm(2) File infector 12/14/99
W32.NewApt.Worm(3) File infector 12/14/99
W32.NewApt.Worm(4) File infector 12/14/99
W32.Oporto.3074 File infector 12/27/99
W32.Passion.26112 File infector 12/27/99
W32.Passion.27648 File infector 12/10/99
W32.Passion.27648(2) File infector 12/10/99
W32.Sahara.9728 File infector 12/27/99
W32.Stupid.B file infector 01/03/00
W32.Thorin File infector 12/21/99
W32.Video.25600.Worm File infector 12/14/99
W32.Video.25600.Wrm2 File infector 12/14/99
W32.Video.25600.Wrm3 File infector 12/14/99
W95.Babylonia File infector 12/06/99
W95.Babylonia (dat) File infector 12/06/99
W95.Babylonia (HLP) File infector 12/15/99
W95.Caw File infector 12/27/99
W95.Esmeralda.807 File infector 12/30/99
W95.Lovesong.998 File infector 12/30/99
W95.Murkry.399 file infector 01/03/00
W95.Nathan File infector 12/27/99
W95.Sign.2028 File infector 11/29/99
W95.SK file infector 01/03/00
W95.Spaces.1633 File infector 12/30/99
W95.Vulcano.Int File infector 12/27/99
W95.WG.12288 file infector 01/03/00
W95.Ylang.1024 File infector 12/27/99
W97M.Akuma.Family File infector 12/27/99
W97M.Aleja5.C File infector 11/29/99
W97M.Aleja5.D File infector 12/15/99
W97M.Aleja5.E File infector 12/21/99
W97M.Alliance.A File infector 12/27/99
W97M.Alliance.I File infector 12/27/99
W97M.Anime.A.Troj File infector 12/27/99
W97M.Armagid.A file infector 01/03/00
W97M.Astia.W File infector 12/30/99
W97M.Backhand.A File infector 12/30/99
W97M.Biolord File infector 12/15/99
W97M.Brisk.A File infector 12/27/99
W97M.Bumble.B File infector 12/27/99
W97M.Chantal.B File infector 12/30/99
W97M.Chydow.A File infector 12/27/99
W97M.Class.ED File infector 12/15/99
W97M.CPSDI File infector 12/21/99
W97M.CyberHack.b File infector 12/15/99
W97M.Destro File infector 12/06/99
W97M.Eitern.A File infector 12/27/99
W97M.Emelia.A File infector 12/27/99
W97M.Emelia.B File infector 12/27/99
W97M.Evolution File infector 11/29/99
W97M.Example.B File infector 12/15/99
W97M.Goober.B File infector 12/15/99
W97M.Ipid File infector 12/15/99
W97M.Iseng File infector 12/15/99
W97M.Liar File infector 12/27/99
W97M.Marker.BA File infector 12/15/99
W97M.Marker.J File infector 12/21/99
W97M.Marker.R File infector 12/06/99
W97M.Melissa.AA File infector 12/03/99
W97M.Minimal.BH File infector 12/27/99
W97M.Minimorph.B File infector 12/27/99
W97M.Mono.A File infector 12/27/99
W97M.Multino.A File infector 12/27/99
W97M.Neo.A File infector 12/27/99
W97M.Opey.M file infector 01/03/00
W97M.Overlord File infector 12/15/99
W97M.Pathetic.B File infector 12/27/99
W97M.Pene.A File infector 12/27/99
W97M.Pip.A File infector 12/27/99
W97M.Poc.B/C File infector 12/15/99
W97M.Pr.A File infector 12/27/99
W97M.Proteced.B File infector 11/29/99
W97M.Quoter.A File infector 11/29/99
W97M.Reveal.A File infector 12/27/99
W97M.Scharf.A File infector 12/27/99
W97M.Seqnum File infector 12/21/99
W97M.SN.A File infector 12/27/99
W97M.STM.A File infector 12/27/99
W97M.Surround File infector 12/21/99
W97M.Techno.A File infector 12/27/99
W97M.Thus.E File infector 12/30/99
W97M.Tvang.A File infector 12/27/99
W97M.Tvang.B File infector 12/27/99
W97M.VMPCK1.CR File infector 12/27/99
W97M.VMPCK1.DE File infector 12/30/99
W97M.Yoda.A File infector 12/15/99
W97M.Zerg.B File infector 12/30/99
W98.Yobe.24576 (DOS) File infector 11/29/99
W98.Yobe.24576 (DOS)2 File infector 11/29/99
WB.Method File infector 11/29/99
WinError.Trojan File infector 12/15/99
WizKiD.RaDD File infector 12/15/99
WizKiD.RaDD (Gen1) File infector 12/15/99
WM.Alliance.J File infector 12/27/99
WM.EMV.A File infector 12/27/99
WM.Marc.C File infector 12/27/99
WM.ME File infector 12/27/99
WM.Minimal.BM File infector 12/27/99
WM.MVM.A File infector 12/27/99
WM.Simple.C File infector 12/27/99
WM.Why.B File infector 12/27/99
Worm.ExploreZip(pack) File infector 11/29/99
Worm.ExploreZip.B File infector 12/10/99
Worm.ExploreZip.C File infector 12/30/99
WScript.KakWorm File infector 12/30/99
X97M.Automat.Y File infector 11/29/99
X97M.Faith.A File infector 12/27/99
X97M.Hopper.N File infector 12/15/99
X97M.Manalo.F File infector 12/27/99
X97M.Manalo.G File infector 12/27/99
X97M.Sud.A.intd File infector 12/27/99
XM.Manalo.E File infector 12/27/99
XM.Weit.A File infector 12/27/99
Yankee.44.A File infector 11/29/99
Yankee.44.A(2) File infector 11/29/99
Yankee.44.A(x) File infector 11/29/99
Yankee.44.A(x2) File infector 11/29/99
Yankee.44.B File infector 11/29/99
Yankee.44.B(2) File infector 11/29/99
Yankee.44.B(x) File infector 11/29/99
Yankee.44.B(x2) File infector 11/29/99
Zelu file infector 01/03/00
Name Changes:
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
W32.HLLW.Soft6 to W32.HLLW.Soft6.A 12/15/99
W32.Stupid to W32.Stupid.A 01/03/00
W97M.Anime.A.Troj to W97M.Anime.A.Trojan 12/30/99
W97M.Emelia.A to W97M.Emelia.A(intd) 12/30/99
W97M.Emelia.B to W97M.Emelia.B(intd) 12/30/99
W97M.Liar to W97M.Liar(gen) 12/30/99
W97M.Melissa.AA to W97M.Melissa.O 12/06/99
W97M.Scharf.A to W97M.Scharf.A.trojan 12/30/99
W97M.Starsend to W97M.Myna.B 12/06/99
W97M.Tvang.A to W97M.Tvang.A.trojan 12/30/99
W97M.Tvang.B to W97M.Tvang.B.trojan 12/30/99
WM.ME to WM.ME(gen) 12/30/99
XM.Laroux.TM to XM.Laroux.LI 12/21/99
Deletions:
Virus Name Infection Type Date removed
---------- -------------- ------------
Backdoor.Netspy (2) File infector 12/06/99
Backdoor.Netspy (3) File infector 12/06/99
Backdoor.Netspy (4) File infector 12/06/99
Backdoor.Netspy.10.e File infector 12/06/99
Delpart.Trojan File infector 12/06/99
HLLT.4313 File infector 12/06/99
Marzia.D File and Boot infector 12/30/99
Trojan.Test2000 (x) File infector 11/17/99
Trojan.Test2000 (x2) File infector 11/17/99
Trojan.Test2000 (x3) File infector 11/17/99
W32.Autoworm.3072 File infector 10/13/99
W95.Roma File infector 09/22/99
Yankee.44.A (COM) File infector 11/29/99
Yankee.44.A (EXE) File infector 11/29/99
Special Note: A variant of the PWSteal.Trojan was corrected in this
release to fix a false positive on certain types of Shockwave files.
**********************************************************************
** Enabling/Disabling PowerPoint Scanning **
**********************************************************************
PowerPoint Scanning is now enabled by default and can be optionally
disabled. However, you may want to verify that files with
PowerPoint extensions will be scanned by making sure that your
NAV options have both ".PPT" and ".POT" in the list of extensions
to scan.
To disable PowerPoint scanning in NAV for Windows 95/NT
version 4.x or NAV for OS/2, a text file named NAVEX15.INF should
be placed in the directory where NAV 4.x or NAV 5.x is installed
(i.e., C:\Program Files\Norton AntiVirus).
To disable PowerPoint scanning in NAV for Netware version 4.x, a text
file named NAVEX15.INF should be placed in the directory where NAV
4.x is installed (i.e., sys:system\navnlm).
To disable PowerPoint scanning in NAV for Windows 95/NT version 2.0,
NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x a text file
named NAVEX.INF should be placed in the directory where NAV is
installed (i.e., C:\NAV).
The contents of the text file, NAVEX15.INF or NAVEX.INF, determine
which components of NAV have PowerPoint scanning disabled.
To disable PowerPoint scanning for a particular component, use the
following table to determine the lines to add to the text file.
PowerPoint scanning can be disabled for more than one component if
needed by adding the required lines for the desired components.
+---------------------+--------------------------+--------------------+
|Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner |
+---------------------+--------------------------+--------------------+
|[NAVW32] |[NAVAP] |[NAVDX] |
|PowerPointScanning=0 |PowerPointScanning=0 |PowerPointScanning=0|
+---------------------+--------------------------+--------------------+
+----------------------+--------------------+--------------------+
|Windows 3.1 scanner/AP|Netware scanner |OS/2 scanner/AP |
+----------------------+--------------------+--------------------+
|[NAVWIN] |[NAVNLM] |[NAVOS2] |
|PowerPointScanning=0 |PowerPointScanning=0|PowerPointScanning=0|
+----------------------+--------------------+--------------------+
To enable PowerPoint scanning for a component, delete the lines
added for that component from the NAVEX15.INF or NAVEX.INF file.
**********************************************************************
** Additional Information **
**********************************************************************
SARC has equipped Norton AntiVirus with a new feature called
"Infestation Mode." If a large number of new or unknown viruses
is found on the system during a scan, Norton AntiVirus will
automatically enable its highest level of detection. This gives
users the most comprehensive protection in cases where a viral
infestation may have been detected. If you would like to disable
this feature, you can do so by following these instructions:
1. Create a text File called NAVEX15.INF in your Norton AntiVirus
directory,e.g., C:\Program Files\Norton AntiVirus. If this file
already exist go to step two.
2. Place the following lines in this File on the left-hand margin:
[NAVW32]
infestmode=0
[NAVDX]
infestmode=0
3. Save the File.
Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.
