home *** CD-ROM | disk | FTP | other *** search
/ PC World 2000 June / PCWorld_2000-06_cd.bin / Software / Antiviry / navuniv / 0424x86.exe / whatsnew.txt < prev    next >
Encoding:
Text File  |  2000-04-24  |  17.7 KB  |  328 lines
  1. **********************************************************************
  2. **                                                                  **
  3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
  4. **                                                                  **
  5. **  Symantec AntiVirus Research Center (SARC)        April 24 ,2000 **
  6. **                                                                  **
  7. **********************************************************************
  8. This document contains the following topics:
  9.  
  10.  * Virus Alerts
  11.  * New Technologies
  12.  * Changes Incorporated Into This Update
  13.  * Enabling Scanning Features
  14.  * Additional Information
  15.  
  16. **********************************************************************
  17. ** Virus Alerts                                                     **
  18. **********************************************************************
  19. The ten most commonly reported viruses, worldwide:
  20.  
  21.     1  W97M.Class
  22.     2  XM.Laroux
  23.     3  O97M.Tristate
  24.     4  W95.CIH
  25.     5  Happy99.Worm
  26.     6  WM.Cap
  27.     7  W97M.ColdApe
  28.     8  W97M.Ethan
  29.     9  W97M.Melissa
  30.    10  Worm.ExploreZip
  31.  
  32. **********************************************************************
  33. ** New Technologies                                                 **
  34. **********************************************************************
  35.  
  36. DATE         Technologies Added
  37. ----         ------------------
  38. 8/19/98    * Excel heuristics which detect and repair new and unknown
  39.              macro viruses in Excel 95 & 97 documents.
  40.  
  41. 9/16/98    * Added repair for encrypted Excel 97 documents.
  42.  
  43. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
  44.            * WORD Heuristics improvement to increase detection rate.
  45.  
  46. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
  47.              and Excel documents.
  48.            * PowerPoint engine to scan PowerPoint related viruses.
  49.              To enable this technology please read "Enabling/Disabling
  50.              PowerPoint Scanning" section later in this document.
  51.  
  52. 02/18/99   * Detection and repair of macro viruses in Word and Excel
  53.              2000 documents.
  54.  
  55. 05/12/99   * Added repair for PowerPoint viruses.
  56.            * Improved heuristics to detect more WORD 97 related
  57.              viruses.
  58.  
  59. 06/10/99   * Menu repair technology for WORD macro viruses that change
  60.              command bar customizations in NORMAL.DOT.
  61.  
  62. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
  63.              (Ichitaro is a Japanese word processing program).
  64.  
  65. 08/19/99   * Added detection and repair for embedded documents inside
  66.              PowerPoint 97.
  67.  
  68. 11/22/99   * Added detection and repair for Trojans embedded in OLE
  69.              files, such as Windows scrap files and MS Office
  70.              documents.
  71.            * Added detection for viruses which infect Microsoft
  72.              Project documents (P98M.Corner.A, for example).
  73.  
  74. 02/10/00   * Added support for scanning of UNIX executables.
  75.            * Added detection for infected Visio documents.
  76.  
  77. **********************************************************************
  78. ** Changes Incorporated Into This Virus Definitions Update          **
  79. **********************************************************************
  80. New virus definitions:
  81.  
  82.         Virus Name                Infection Type          Week added
  83.         ----------                --------------          ----------
  84.         Backdoor.BladeRunner      File infector           03/27/00
  85.         Backdoor.DonaldDick       File infector           04/10/00
  86.         Backdoor.Grab             File infector           03/27/00
  87.         Backdoor.HackTack.120     File infector           04/03/00
  88.         Backdoor.Krass            File infector           03/27/00
  89.         Backdoor.Ping.B           File infector           04/13/00
  90.         Backdoor.Prosiak          File infector           04/24/00
  91.         Backdoor.Psychward.b      File infector           04/03/00
  92.         Backdoor.Senna            File infector           03/27/00
  93.         Backdoor.SubSeven22       File infector           03/31/00
  94.         Backdoor.Tasmer           File infector           04/24/00
  95.         BAT.Chode.Worm            File infector           03/31/00
  96.         DonaldD.Trojan.B          File infector           04/10/00
  97.         Giggles.Trojan            File infector           03/27/00
  98.         Irok.Trojan.Worm          File infector           04/03/00
  99.         Irok.Trojan.Worm(G1)      File infector           04/13/00
  100.         Irok.Trojan.Worm(G2)      File infector           04/13/00
  101.         Irok.Trojan.Worm.B        File infector           04/10/00
  102.         Leonard.1179              File infector           04/24/00
  103.         Linux.Dies.969            File infector           04/13/00
  104.         MSU_A.271                 File infector           04/24/00
  105.         O97M.Exceller.A           File infector           03/27/00
  106.         PHX.823 (x)               File infector           04/10/00
  107.         PWSteal.Coced.Trojan      File infector           04/24/00
  108.         PWSTEAL.Trojan.C          File infector           04/13/00
  109.         Rfpmgrtoet.Trojan         File infector           04/24/00
  110.         Scap.855                  File infector           04/13/00
  111.         Shifter.1295              File infector           03/27/00
  112.         Shifter.1295 (x)          File infector           03/27/00
  113.         TinyOpts.Trojan           File infector           04/24/00
  114.         Trojan.Aleph.B            File infector           04/24/00
  115.         Trojan.Bat.HDKill         File infector           03/27/00
  116.         Trojan.Bat.Winuck         File infector           04/13/00
  117.         Trojan.Platan.G           File infector           04/24/00
  118.         Trojan.Rhino              File infector           04/24/00
  119.         VBS.Fool.B                File infector           04/24/00
  120.         VBS.Freelove.A            File infector           04/10/00
  121.         VBS.IROK                  File infector           04/03/00
  122.         VBS.Network.B             File infector           04/10/00
  123.         VBS.Network.C             File infector           04/10/00
  124.         W32.AOC.3676              File infector           03/27/00
  125.         W32.ASpam.Trojan          File infector           04/03/00
  126.         W32.ASpam.Trojan.B        File infector           04/03/00
  127.         W32.Bolzano.T             File infector           04/10/00
  128.         W32.Cholera.B.Worm        File infector           03/27/00
  129.         W32.Cholera.C.Worm        File infector           03/27/00
  130.         W32.Dengue                File infector           04/24/00
  131.         W32.Gift.32768.B          File infector           04/10/00
  132.         W32.Gift.34304            File infector           04/10/00
  133.         W32.Gift.40960            File infector           04/10/00
  134.         W32.HLLP.Bora.11264       File infector           03/27/00
  135.         W32.HLLP.Bora.Mirc        File infector           03/27/00
  136.         W32.Inrar.B               File infector           03/27/00
  137.         W32.KMKY.24576            File infector           04/13/00
  138.         W32.Kriz.4270.G1          File infector           04/13/00
  139.         W32.Mirc.25088.Worm       File infector           04/24/00
  140.         W32.Orochi.5420           File infector           03/27/00
  141.         W32.Poison.B.Worm         File infector           04/10/00
  142.         W32.Poison.Worm           File infector           04/10/00
  143.         W32.PrettyPark.J.Worm     File infector           04/10/00
  144.         W32.PrettyPark.K.Worm     File infector           04/10/00
  145.         W32.PrettyPark.L.Worm     File infector           04/24/00
  146.         W32.PrettyPark.M.Worm     File infector           04/24/00
  147.         W32.PrettyPark.N.Worm     File infector           04/24/00
  148.         W32.Refer.2939            File infector           03/27/00
  149.         W32.Spit.B                File infector           03/27/00
  150.         W32.Stupid.C              File infector           04/24/00
  151.         W32.Weird (gen1)          File infector           04/03/00
  152.         W32.Weird (gen1_2)        File infector           04/03/00
  153.         W32.Weird (gen1_3)        File infector           04/03/00
  154.         W32.Weird (gen1_4)        File infector           04/03/00
  155.         W95.Boza.2220.Int         File infector           03/27/00
  156.         W95.CIH.1363              File infector           04/10/00
  157.         W95.Fabi.G1               File infector           04/13/00
  158.         W95.Icer.541              File infector           04/24/00
  159.         W95.Lud.Jez.682           File infector           04/13/00
  160.         W95.Matrix.3597           File infector           03/27/00
  161.         W95.Matrix.3597.TR        File infector           03/27/00
  162.         W95.Matrix.3597.TR (2)    File infector           03/27/00
  163.         W95.Payk                  File infector           04/24/00
  164.         W95.Powerful.1592.Int     File infector           04/10/00
  165.         W95.Powerful.7186.Int     File and Boot infector  04/10/00
  166.         W95.Priest.1454           File infector           03/27/00
  167.         W95.Priest.1486           File infector           03/27/00
  168.         W95.Priest.1495           File infector           03/27/00
  169.         W95.Psig                  File infector           04/13/00
  170.         W95.SAB.C                 File infector           04/10/00
  171.         W95.Santana.1104          File infector           04/24/00
  172.         W95.Segax.1136            File infector           04/24/00
  173.         W95.Sexy.384              File infector           04/24/00
  174.         W95.SGWW.2264             File infector           04/13/00
  175.         W95.SK (com)              File infector           03/27/00
  176.         W95.Smash                 File infector           04/24/00
  177.         W95.Tecata.1761           File infector           03/27/00
  178.         W95.VIP.4309.B            File infector           03/27/00
  179.         W95.Weird.C               File infector           03/27/00
  180.         W95.Weird.C.Backdoor      File infector           03/27/00
  181.         W95.Ylang.1536.A          File infector           03/27/00
  182.         W97M.Aleja.Family         File infector           04/10/00
  183.         W97M.Alina.A              File infector           04/13/00
  184.         W97M.Astia.L              File infector           04/10/00
  185.         W97M.Bablas.G             File infector           03/27/00
  186.         W97M.Bablas.K             File infector           04/03/00
  187.         W97M.Bablas.N             File infector           03/27/00
  188.         W97M.Bablas.T             File infector           04/03/00
  189.         W97M.Bablas.U             File infector           04/03/00
  190.         W97M.Bablas.V             File infector           04/03/00
  191.         W97M.Bogor.A              File infector           04/10/00
  192.         W97M.Buendia              File infector           04/03/00
  193.         W97M.Cat.A                File infector           04/10/00
  194.         W97M.Ciao.A               File infector           03/27/00
  195.         W97M.Class.EJ             File infector           03/27/00
  196.         W97M.CViper               File infector           04/03/00
  197.         W97M.Eight941.F           File infector           04/10/00
  198.         W97M.Ferie.A              File infector           04/10/00
  199.         W97M.Foster               File infector           04/24/00
  200.         W97M.IIS.U                File infector           04/13/00
  201.         W97M.IJK.B                File infector           04/03/00
  202.         W97M.IJK.C                File infector           04/24/00
  203.         W97M.Johnny               File infector           04/13/00
  204.         W97M.KAPSYAW              File infector           03/27/00
  205.         W97M.Lenni.A              File infector           03/27/00
  206.         W97M.Marker.BW            File infector           03/27/00
  207.         W97M.MARKER.BZ            File infector           04/24/00
  208.         W97M.MARKER.CA            File infector           04/24/00
  209.         W97M.MXFile.C             File infector           04/03/00
  210.         W97M.Onex.A               File infector           04/24/00
  211.         W97M.Opey.P               File infector           03/27/00
  212.         W97M.Proverb.A            File infector           04/03/00
  213.         W97M.Service              File infector           04/03/00
  214.         W97M.Thus.Q               File infector           03/27/00
  215.         W97M.Thus.R               File infector           04/03/00
  216.         W97M.Thus.S               File infector           04/24/00
  217.         W97M.Titch.C              File infector           04/10/00
  218.         W97M.Titch.E              File infector           03/27/00
  219.         W97M.Verlor.E             File infector           03/27/00
  220.         W97M.Verlor.Family        File infector           04/10/00
  221.         W97M.Wrench.E             File infector           03/27/00
  222.         W97M.Wrench.Family        File infector           04/03/00
  223.         Win.Non.31995             File infector           04/13/00
  224.         Win.Non.31995 dropper     File infector           04/13/00
  225.         Win.Ph33r.1418            File infector           04/24/00
  226.         Win32.Weird.Dropped       File infector           04/03/00
  227.         X97M.Automat.AF           File infector           04/13/00
  228.         X97M.Looksn               File infector           04/03/00
  229.         X97M.Tegrat.A             File infector           03/27/00
  230.         XM.Automat.AG             File infector           04/24/00
  231.  
  232. Name Changes:
  233.  
  234.         Old Virus Name            New Virus Name          Date changed
  235.         --------------            --------------          ------------
  236.         BAT.Chode.Worm         to BAT911.Worm             04/10/00
  237.         W32.PrettyPark.G.Worm  to W32.PrettyPark.Curr     04/10/00
  238.         W95.Fosoforo.Int       to W95.Fosforo.Int         04/10/00
  239.         W97M.Class.EJ          to W97M.Class.EL           04/10/00
  240.         W97M.Claudio           to W97M.Claud.A            04/10/00
  241.         W97M.Cobra.L           to W97M.Cobra.O            04/10/00
  242.         W97M.CViper            to W97M.Viper.A            04/10/00
  243.         W97M.Marker.CG         to W97M.Marker.CQ          04/10/00
  244.         W97M.Overlord          to W97M.Verlor.A           04/10/00
  245.         X97M.Base.A            to X97M.Divi.A/B           04/10/00
  246.         X97M.Base.B            to X97M.Divi.F             04/10/00
  247.         X97M.DIVI.D            to X97M.Divi.C             04/10/00
  248.         X97M.Tegrat.A          to X97M.Tracker            04/03/00
  249.         X97M.Tracker           to X97M.Divi.D             04/10/00
  250.  
  251. Deletions:
  252.  
  253.         Virus Name                Infection Type          Date removed
  254.         ----------                --------------          ------------
  255.         X97M.Automat.AE           File infector           04/10/00
  256.  
  257. **********************************************************************
  258. **  Enabling Scanning Features                                      **
  259. **********************************************************************
  260.  
  261. Several scanning features can be enabled through the use of an INF 
  262. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
  263. or NAV for OS/2, this configuration file should be called NAVEX15.INF
  264. and should be placed in the directory where NAV is installed (i.e.,
  265. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
  266. the file should be called NAVEX15.INF and should be placed in the 
  267. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
  268. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
  269. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
  270. should be placed in the directory where NAV is installed (i.e., C:\NAV).
  271. If this configuration file does not exist, create one in the appropriate
  272. directory if you want to change the default settings.
  273.  
  274. To enable a scanning feature for a particular component, one or more 
  275. entries need to be added to the configuration file under the correct
  276. section.  For each platform there is a corresponding section that is used 
  277. in the INF file.  Below is a table of section names and platforms.
  278.  
  279. Section Name    Platform
  280. ------------    --------
  281. NAVW32          Windows 95/98/NT
  282. NAVAP           Windows 95/98/NT Auto-Protect
  283. NAVDX           DOS
  284. NAVNLM          Netware
  285. NAVWIN          Windows 3.1
  286. NAVOS2          OS/2
  287. NAVAIX          AIX
  288. NAVSOL          Solaris
  289.  
  290. Entries are case insensitive.  Below is a description of possible 
  291. entries.
  292.  
  293. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
  294. specific file from the NAVEX engine scan, add an entry with the full
  295. path and file name.  This is case insensitive.  No wildcards are allowed.
  296. To exclude multiple files, add a separate entry for each file.  To exclude
  297. a file, add an entry like the one below where <PATH> is the full path
  298. and file name.
  299.         ExcludeFile = <PATH>
  300.  
  301. 2. Files within a directory can be excluded from scans by the NAVEX engine.
  302. To exclude all files within a directory, add an entry with the full 
  303. directory path.  This is case insensitive.  No wildcards are allowed.  This
  304. does not exclude files located in subdirectories of the specified 
  305. directory.  To exclude multiple directories, add a separate entry for each
  306. directory. To exclude a directory, add an entry like the one below where
  307. <DIRECTORY> is the full path.
  308.         ExcludeDirectory = <DIRECTORY>
  309.  
  310. The following example of an INF configuration file excludes two files, 
  311. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
  312. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
  313. Auto-Protect.
  314.  
  315. [NAVW32]
  316. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
  317. ExcludeFile = C:\TEMP\BIGFILE.DOC
  318.  
  319. [NAVAP]
  320. ExcludeDirectory = D:\PRIVATE
  321.  
  322. **********************************************************************
  323. **    Additional Information                                        **
  324. **********************************************************************
  325.  
  326. Additional information regarding this virus definitions update can be
  327. found in UPDATE.TXT and TECHNOTE.TXT.
  328.