home *** CD-ROM | disk | FTP | other *** search
/ PC World 2000 April / PCWorld_2000-04_cd.bin / Software / Antiviry / nav32 / 0224i32.exe / whatsnew.txt < prev    next >
Text File  |  2000-02-24  |  21KB  |  380 lines

  1. **********************************************************************
  2. **                                                                  **
  3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
  4. **                                                                  **
  5. **  Symantec AntiVirus Research Center (SARC)      February 24, 2000**
  6. **                                                                  **
  7. **********************************************************************
  8. This document contains the following topics:
  9.  
  10.  * Virus Alerts
  11.  * New Technologies
  12.  * Changes Incorporated Into This Update
  13.  * Enabling Scanning Features
  14.  * Additional Information
  15.  
  16. **********************************************************************
  17. ** Virus Alerts                                                     **
  18. **********************************************************************
  19. The ten most commonly reported viruses, worldwide:
  20.  
  21.     1  W97M.Class
  22.     2  XM.Laroux
  23.     3  O97M.Tristate
  24.     4  W95.CIH
  25.     5  Happy99.Worm
  26.     6  WM.Cap
  27.     7  W97M.ColdApe
  28.     8  W97M.Ethan
  29.     9  W97M.Melissa
  30.    10  Worm.ExploreZip
  31.  
  32. **********************************************************************
  33. ** New Technologies                                **
  34. **********************************************************************
  35.  
  36. DATE         Technologies Added
  37. ----         ------------------
  38. 8/19/98    * Excel heuristics which detect and repair new and unknown
  39.              macro viruses in Excel 95 & 97 documents.
  40.  
  41. 9/16/98    * Added repair for encrypted Excel 97 documents.
  42.  
  43. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
  44.            * WORD Heuristics improvement to increase detection rate.
  45.  
  46. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
  47.              and Excel documents.
  48.            * PowerPoint engine to scan PowerPoint related viruses.
  49.              To enable this technology please read "Enabling/Disabling
  50.              PowerPoint Scanning" section later in this document.
  51.  
  52. 02/18/99   * Detection and repair of macro viruses in Word and Excel
  53.              2000 documents.
  54.  
  55. 05/12/99   * Added repair for PowerPoint viruses.
  56.            * Improved heuristics to detect more WORD 97 related
  57.              viruses.
  58.  
  59. 06/10/99   * Menu repair technology for WORD macro viruses that change
  60.              command bar customizations in NORMAL.DOT.
  61.  
  62. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
  63.              (Ichitaro is a Japanese word processing program).
  64.  
  65. 08/19/99   * Added detection and repair for embedded documents inside
  66.              PowerPoint 97.
  67.  
  68. 11/22/99   * Added detection and repair for Trojans embedded in OLE
  69.              files, such as Windows scrap files and MS Office
  70.              documents.
  71.            * Added detection for viruses which infect Microsoft
  72.              Project documents (P98M.Corner.A, for example).
  73.  
  74. 02/10/00   * Added support for scanning of UNIX executables.
  75.            * Added detection for infected Visio documents.
  76.  
  77. **********************************************************************
  78. ** Changes Incorporated Into This Virus Definitions Update        **
  79. **********************************************************************
  80. New virus definitions:
  81.  
  82.         Virus Name                Infection Type          Week added
  83.         ----------                --------------          ----------
  84.     AOL 79316.Trojan          File infector           01/24/00
  85.         ACG                       File infector          02/10/00
  86.         Backdoor.DeepThroat.b     File infector          02/22/00
  87.         Backdoor.Doly             File infector          02/07/00
  88.         Backdoor.GF.135           File infector          02/22/00
  89.         Backdoor.InCommander      File infector          02/10/00
  90.         Backdoor.Insane           File infector          02/22/00
  91.         Backdoor.Kamikaze         File infector          02/07/00
  92.         Backdoor.NetSpy.20        File infector          02/22/00
  93.         Backdoor.Sockets23        File infector           01/24/00
  94.         Backdoor.TheThing-1.2     File infector           01/31/00
  95.         Backdoor.TheThing.a       File infector          02/22/00
  96.         Buttman.Trojan            File infector          02/22/00
  97.         Deltree Trojan #5         File infector           01/31/00
  98.         Divine.Trojan             File infector           01/31/00
  99.         Eek (b)                   Boot infector           01/31/00
  100.         Help.Dummy                File infector          02/10/00
  101.         HLP.Demo                  File infector           01/31/00
  102.         ICQ.81493.PWSteal         File infector          02/07/00
  103.         ICQ.82424.PWSteal         File infector          02/07/00
  104.         IRCWorm.Jim.A             File infector          02/22/00
  105.         Linux.DoS.tfn2k.td        File infector          02/22/00
  106.         Linux.DoS.tfn2k.tfn       File infector          02/22/00
  107.         Linux.DoS.trinoo.ms       File infector          02/22/00
  108.         Linux.DoS.trinoo.ns       File infector          02/22/00
  109.         Linux.Dummy               File infector          02/07/00
  110.         Linux.Mandragore.666      File infector          02/07/00
  111.         Linux.Siilov.5916         File infector          02/07/00
  112.         Linux.Vit.4096            File infector          02/07/00
  113.         O97M.Shiver.K             File infector          02/10/00
  114.         Opera                     File infector           01/24/00
  115.         Oscar                     File infector          02/07/00
  116.         Pada.Trojan               File infector          02/22/00
  117.         PieGates.Demo.Trojan      File infector           01/31/00
  118.         PIF.Elsa                  File infector          02/10/00
  119.         PIF.Emma                  File infector          02/10/00
  120.         Snob.IRCworm              File infector           01/31/00
  121.         SoftWar.Trojan            File infector          02/07/00
  122.         Solaris.DoS.stacheld.c    File infector          02/22/00
  123.         Solaris.DoS.stacheld.m    File infector          02/22/00
  124.         Solaris.DoS.stacheld.t    File infector          02/22/00
  125.         SubSeven 2.1 server       File infector          02/07/00
  126.         Trojan dropper            File infector          02/07/00
  127.         Trojan.77254              File infector           01/24/00
  128.         Trojan.78609              File infector           01/31/00
  129.         Trojan.Amena              File infector          02/07/00
  130.         Trojan.Bat.Acid           File infector          02/10/00
  131.         Trojan.Boom               File infector           01/31/00
  132.         Trojan.Coced              File infector           01/24/00
  133.         Trojan.Dripper            File infector          02/07/00
  134.         Trojan.FreeGift           File infector          02/07/00
  135.         Trojan.Gas                File infector           01/24/00
  136.         Trojan.MSREXE.b           File infector           01/24/00
  137.         Trojan.XalNaga            File infector          02/10/00
  138.         V5M.Radiant.A             File infector          02/07/00
  139.         V5M.Unstable.A            File infector          02/07/00
  140.         V5M.Vision.A              File infector          02/07/00
  141.         VBS.Fool                  File infector          02/22/00
  142.         VBS.Illen.B               File infector           01/24/00
  143.         VBS.JudgeDay              File infector          02/22/00
  144.         VBS.Leebill               File infector          02/22/00
  145.         VBS.Network               File infector          02/22/00
  146.         W2K.Infis.4608            File infector          02/22/00
  147.         W32.Adson.1703            File infector          02/07/00
  148.         W32.Bolzano.S             File infector          02/07/00
  149.         W32.Buffy.12568.Worm      File infector          02/07/00
  150.         W32.Buffy.33280.Worm      File infector          02/07/00
  151.         W32.DoS.funtime           File infector          02/22/00
  152.         W32.Eclipse.8192          File infector          02/07/00
  153.         W32.ExploreZip.D.Worm     File infector           01/24/00
  154.         W32.Gloria.2820           File infector          02/07/00
  155.         W32.Gloria.2928           File infector          02/07/00
  156.         W32.I13.8192.B            File infector           01/24/00
  157.         W32.Iced.1344             File infector          02/07/00
  158.         W32.Magic.7045.B          File infector          02/07/00
  159.         W32.NewApt.E.Worm         File infector           01/31/00
  160.         W32.NewApt.F.Worm         File infector           01/31/00
  161.         W32.PettyPark.C.Worm      File infector          02/07/00
  162.         W32.Plage.Worm            File infector           01/14/00
  163.         W32.PrettyPark.D.Worm     File infector          02/22/00
  164.         W32.White.Worm            File infector          02/22/00
  165.         W32.White.Worm (1)        File infector          02/22/00
  166.         W32.Winext.Worm           File infector           01/24/00
  167.         W95.Argos.328             File infector          02/07/00
  168.         W95.Caw.1457              File infector           01/31/00
  169.         W95.Dictator.2304         File infector          02/07/00
  170.         W95.DoS.Trinoo            File infector          02/22/00
  171.         W95.Enumiacs              File infector           01/24/00
  172.         W95.Filth.1030            File infector           01/24/00
  173.         W95.Haiku.16384.Worm      File infector          02/10/00
  174.         W95.Horn.1862             File infector           01/24/00
  175.         W95.Nathan.3476           File infector          02/07/00
  176.         W95.Qozah                 File infector          02/07/00
  177.         W95.Roma.1256.Int         File infector          02/07/00
  178.         W95.SillyWR.B             File infector          02/07/00
  179.         W95.SK (com)              File infector           01/31/00
  180.         W95.SK (HLP)              File infector           01/31/00
  181.         W95.Spaces.1445           File infector          02/07/00
  182.         W95.Vood.1590             File infector          02/07/00
  183.         W97M.Appder.Z             File infector          02/07/00
  184.         W97M.Astia.AF             File infector          02/22/00
  185.         W97M.Astia.Variant        File infector          02/22/00
  186.         W97M.Class.Ej             File infector          02/07/00
  187.         W97M.Cobra.K              File infector          02/07/00
  188.         W97M.Cobra.L              File infector          02/10/00
  189.         W97M.Gamlet               File infector          02/07/00
  190.         W97M.GROOV.C              File infector          02/07/00
  191.         W97M.Hubad.A              File infector          02/07/00
  192.         W97M.Jedi.G2              File infector          02/22/00
  193.         W97M.Jim.A                File infector          02/22/00
  194.         W97M.LUPI                 File infector          02/07/00
  195.         W97M.Marker.CE            File infector          02/10/00
  196.         W97M.Marker.CG            File infector          02/22/00
  197.         W97M.Melissa.AL           File infector           01/31/00
  198.         W97M.Mxfile.B             File infector           01/24/00
  199.         W97M.Myna.C               File infector           01/24/00
  200.         W97M.Myna.E               File infector          02/07/00
  201.         W97M.Myna.Variant         File infector          02/10/00
  202.         W97M.Odious.B             File infector          02/22/00
  203.         W97M.Panther.F            File infector          02/22/00
  204.         W97M.Panther.Variant      File infector          02/22/00
  205.         W97M.Plain.Int            File infector           01/31/00
  206.         W97M.Rgade                File infector           01/24/00
  207.         W97M.Thus.B               File infector           01/24/00
  208.         W97M.Thus.H               File infector           01/31/00
  209.         W97M.THUS.J               File infector          02/07/00
  210.         W97M.Thus.L               File infector          02/22/00
  211.         W97M.THUS.M               File infector          02/22/00
  212.         W97M.VMPCK1.DD            File infector          02/07/00
  213.         W97M.VMPCK1.DG            File infector           01/24/00
  214.         W97M.Wrench.A             File infector          02/10/00
  215.         W97M.Wrench.B             File infector          02/22/00
  216.         W97M.Wrench.D             File infector          02/22/00
  217.         Wafer.1953                File infector          02/22/00
  218.         Wafer.1953 (x)            File infector          02/22/00
  219.         Win.Klon.11776            File infector          02/10/00
  220.         Win.Klon.11776 (2)        File infector          02/10/00
  221.         Win.Klon.11776 (3)        File infector          02/10/00
  222.         WinSCK.Trojan.B           File infector          02/10/00
  223.         WinSCK.Trojan.C           File infector          02/10/00
  224.         WM.Npad.EE                File infector          02/07/00
  225.         WM.TH.B                   File infector           01/24/00
  226.         X97M.Automat.AA           File infector           01/31/00
  227.         X97M.DIVI.D               File infector          02/07/00
  228.         X97M.Shan                 File infector          02/07/00
  229.         XM.Laroux.LZ              File infector           01/31/00
  230.         XM.Ueda.C                 File infector          02/22/00
  231.         YAI.Trojan                File infector           01/24/00
  232.  
  233.  
  234. Name Changes:
  235.  
  236.         Old Virus Name            New Virus Name          Date changed
  237.         --------------            --------------          ------------
  238.            SubSeven 2.0 server    to Backdoor.SubSeven2svr      02/07/00
  239.         SubSeven 2.0           to Backdoor.SubSeven2      02/07/00
  240.         Trojan.MSREXE.b        to Backdoor.SubSeven2gld      02/07/00
  241.         W32.Passion.27648(2)   to Backdoor.VHM            01/24/00
  242.         W32.PettyPark.C.Worm   to W32.PrettyPark.C.Worm   02/22/00
  243.         W95.Caw                to W95.Caw.1416            01/31/00
  244.         W97M.Aleja             to W97M.Aleja.B            01/24/00
  245.         W97M.Aleja5            to W97M.Aleja.A            01/24/00
  246.         W97M.Aleja5.B          to W97M.Aleja.C            01/24/00
  247.         W97M.Aleja5.C          to W97M.Aleja.E            01/24/00
  248.         W97M.Aleja5.D          to W97M.Aleja.I            01/24/00
  249.         W97M.Aleja5.E          to W97M.Aleja.D            01/24/00
  250.         W97M.AntiSocial        to W97M.AntiSocial.A/B     01/24/00
  251.         W97M.AntiSocial.F      to W97M.AntiSocial.F,H     01/24/00
  252.         W97M.Appder.O          to W97M.Appder.S           01/24/00
  253.         W97M.Bablas            to W97M.Bablas.Family      01/24/00
  254.         W97M.BADTEMP.A         to W97M.Smac.B             01/24/00
  255.         W97M.Bellingham        to W97M.Metys.A            01/24/00
  256.         W97M.Biolord           to W97M.Nid.A              01/24/00
  257.         W97M.Cali.A            to W97M.Caligula.A         01/24/00
  258.         W97M.Carrier.D         to W97M.Sin.A.intd         01/24/00
  259.         W97M.Cartman.B         to W97M.VMPCK1.F           01/24/00
  260.         W97M.Cartman.C         to W97M.VMPCK1.T           01/24/00
  261.         W97M.Cartman.D         to W97M.VMPCK1.U           01/24/00
  262.         W97M.Cartman.E         to W97M.VMPCK1.CX          01/24/00
  263.         W97M.CHACK.I           to W97M.Chack.K            01/24/00
  264.         W97M.CHACK.J           to W97M.Chack.AR           01/24/00
  265.         W97M.Class.BD          to W97M.Class.AZ/BD/EA     01/24/00
  266.         W97M.Class.BE          to W97M.Class.AY           01/24/00
  267.         W97M.Class.BP          to W97M.Class.BH           01/24/00
  268.         W97M.Class.BT          to W97M.Class.BV           01/24/00
  269.         W97M.Class.D           to W97M.Jerk.A             01/24/00
  270.         W97M.Class.S           to W97M.Class.I.var        01/24/00
  271.         W97M.ColdApe.B         to W97M.ColdApe.C          01/24/00
  272.         W97M.ColdApe.C         to W97M.ColdApe.B          01/24/00
  273.         W97M.CopyTemp.intd     to W97M.Buendi.A           01/24/00
  274.         W97M.Counter.D         to W97M.Counter.E          01/24/00
  275.         W97M.Creeper           to W97M.Magnetic.A         01/24/00
  276.         W97M.Daydream.A        to W97M.Lys.E              01/24/00
  277.         W97M.Derroche          to W97M.DWMVCK1.F          01/24/00
  278.         W97M.Destro            to W97M.Class.BV(2)        01/24/00
  279.         W97M.Drawbridge        to W97M.Opey.O             01/24/00
  280.         W97M.DWMVCK1.C         to W97M.PassBox.C          01/24/00
  281.         W97M.DWMVCK1.F         to W97M.Ozwer.A            01/24/00
  282.         W97M.DWMVCK1.G         to W97M.VMPCK1.CZ          01/24/00
  283.         W97M.DWMVCK1.H         to W97M.Ozwer.C            01/24/00
  284.         W97M.Footprint         to W97M.Footer.B           01/24/00
  285.         W97M.Furby             to W97M.Class.BA/BB        01/24/00
  286.         W97M.Hark.B            to W97M.Nottice.Y          01/24/00
  287.         W97M.India.C           to W97M.Marker.AB          01/24/00
  288.         W97M.IRCJack.A         to W97M.Story.A            01/24/00
  289.         W97M.ITSC              to W97M.Osm                01/24/00
  290.         W97M.Jedi.G            to W97M.Jedi.J             01/24/00
  291.         W97M.Joy               to W97M.Class.W            01/24/00
  292.         W97M.JuneFill.A        to W97M.Marker.BN          01/24/00
  293.         W97M.Myna.C            to W97M.Myna.D          02/07/00
  294.         W97M.Passbox.C         to W97M.Passbox.D          01/24/00
  295.         W97M.Passbox.D         to W97M.Passbox.D(2)       01/24/00
  296.         W97M.VMPCK1.F          to W97M.Remplace.E         01/24/00
  297.         WinSKC.Trojan          to WinSCK.Trojan          02/10/00
  298.         WM.AntiNS              to W97M.Wazzu.DU          02/07/00
  299.  
  300.  
  301. Deletions:
  302.  
  303.         Virus Name                Infection Type          Date removed
  304.         ----------                --------------          ------------
  305.         HLLO.13112 (2)            File infector          02/07/00
  306.         Oscar                     File infector           01/31/00
  307.         
  308.  
  309. **********************************************************************
  310. **    Enabling Scanning Features                            **
  311. **********************************************************************
  312.  
  313. Several scanning features can be enabled through the use of an INF 
  314. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
  315. or NAV for OS/2, this configuration file should be called NAVEX15.INF
  316. and should be placed in the directory where NAV is installed (i.e.,
  317. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
  318. the file should be called NAVEX15.INF and should be placed in the 
  319. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
  320. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
  321. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
  322. should be placed in the directory where NAV is installed (i.e., C:\NAV).
  323. If this configuration file does not exist, create one in the appropriate
  324. directory if you want to change the default settings.
  325.  
  326. To enable a scanning feature for a particular component, one or more 
  327. entries need to be added to the configuration file under the correct
  328. section.  For each platform there is a corresponding section that is used 
  329. in the INF file.  Below is a table of section names and platforms.
  330.  
  331. Section Name    Platform
  332. ------------    --------
  333. NAVW32          Windows 95/98/NT
  334. NAVAP           Windows 95/98/NT Auto-Protect
  335. NAVDX           DOS
  336. NAVNLM          Netware
  337. NAVWIN          Windows 3.1
  338. NAVOS2          OS/2
  339. NAVAIX          AIX
  340. NAVSOL          Solaris
  341.  
  342. Entries are case insensitive.  Below is a description of possible 
  343. entries.
  344.  
  345. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
  346. specific file from the NAVEX engine scan, add an entry with the full
  347. path and file name.  This is case insensitive.  No wildcards are allowed.
  348. To exclude multiple files, add a separate entry for each file.  To exclude
  349. a file, add an entry like the one below where <PATH> is the full path
  350. and file name.
  351.         ExcludeFile = <PATH>
  352.  
  353. 2. Files within a directory can be excluded from scans by the NAVEX engine.
  354. To exclude all files within a directory, add an entry with the full 
  355. directory path.  This is case insensitive.  No wildcards are allowed.  This
  356. does not exclude files located in subdirectories of the specified 
  357. directory.  To exclude multiple directories, add a separate entry for each
  358. directory. To exclude a directory, add an entry like the one below where
  359. <DIRECTORY> is the full path.
  360.         ExcludeDirectory = <DIRECTORY>
  361.  
  362. The following example of an INF configuration file excludes two files, 
  363. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
  364. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
  365. Auto-Protect.
  366.  
  367. [NAVW32]
  368. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
  369. ExcludeFile = C:\TEMP\BIGFILE.DOC
  370.  
  371. [NAVAP]
  372. ExcludeDirectory = D:\PRIVATE
  373.  
  374. **********************************************************************
  375. **    Additional Information                        **
  376. **********************************************************************
  377.  
  378. Additional information regarding this virus definitions update can be
  379. found in UPDATE.TXT and TECHNOTE.TXT.
  380.