home *** CD-ROM | disk | FTP | other *** search

---

/ PC World 2000 August / PCWorld_2000-08_cd.bin / Software / Antiviry / nav16 / 0706i16.exe / whatsnew.txt

< prev

Wrap

Text File  |  2000-07-06  |  16KB  |  300 lines

---

1. **********************************************************************
2. **                                                                  **
3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
4. **                                                                  **
5. **  Symantec AntiVirus Research Center (SARC)           July 6,2000 **
6. **                                                                  **
7. **********************************************************************
8. This document contains the following topics:
9.  
10.  * Virus Alerts
11.  * New Technologies
12.  * Changes Incorporated Into This Update
13.  * Enabling Scanning Features
14.  * Additional Information
15.  
16. **********************************************************************
17. ** Virus Alerts                                                     **
18. **********************************************************************
19. VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
20. is detected by this definition set.  
21.  
22. The ten most commonly reported viruses, worldwide:
23.  
24.     1  VBS.LoveLetter.A
25.     2  WScript.KakWorm
26.     3  VBS.Network
27.     4  W95.CIH
28.     5  Happy99.Worm
29.     6  Worm.ExploreZip
30.     7  W97M.ColdApe
31.     8  W97M.Ethan
32.     9  W97M.Melissa
33.    10  WM.Cap
34.  
35. **********************************************************************
36. ** New Technologies                                                 **
37. **********************************************************************
38.  
39. DATE         Technologies Added
40. ----         ------------------
41. 8/19/98    * Excel heuristics which detect and repair new and unknown
42.              macro viruses in Excel 95 & 97 documents.
43.  
44. 9/16/98    * Added repair for encrypted Excel 97 documents.
45.  
46. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
47.            * WORD Heuristics improvement to increase detection rate.
48.  
49. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
50.              and Excel documents.
51.            * PowerPoint engine to scan PowerPoint related viruses.
52.              To enable this technology please read "Enabling/Disabling
53.              PowerPoint Scanning" section later in this document.
54.  
55. 02/18/99   * Detection and repair of macro viruses in Word and Excel
56.              2000 documents.
57.  
58. 05/15/99   * Added repair for PowerPoint viruses.
59.            * Improved heuristics to detect more WORD 97 related
60.              viruses.
61.  
62. 06/10/99   * Menu repair technology for WORD macro viruses that change
63.              command bar customizations in NORMAL.DOT.
64.  
65. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
66.              (Ichitaro is a Japanese word processing program).
67.  
68. 08/19/99   * Added detection and repair for embedded documents inside
69.              PowerPoint 97.
70.  
71. 11/22/99   * Added detection and repair for Trojans embedded in OLE
72.              files, such as Windows scrap files and MS Office
73.              documents.
74.            * Added detection for viruses which infect Microsoft
75.              Project documents (P98M.Corner.A, for example).
76.  
77. 02/10/00   * Added support for scanning of UNIX executables.
78.            * Added detection for infected Visio documents.
79.  
80. **********************************************************************
81. ** Changes Incorporated Into This Virus Definitions Update          **
82. **********************************************************************
83. New virus definitions:
84.  
85.         Virus Name                Infection Type          Week added
86.         ----------                --------------          ----------
87.         BAT.Rhapsody              File infector            06/22/00
88.         BackOrifice2k.Cfg         File infector            06/12/00
89.         Backdoor.Admire           File infector            06/22/00
90.         Backdoor.DU               File infector            06/12/00
91.         Backdoor.Explorer32       File infector            06/22/00
92.         Backdoor.Fof              File infector            06/12/00
93.         Backdoor.GateCrasher      File infector            06/12/00
94.         Backdoor.ICQ.Syphillis    File infector            06/12/00
95.         Backdoor.Millenium        File infector            06/22/00
96.         Backdoor.NSSX             File infector            07/05/00
97.         Backdoor.NetBus.svr       File infector            06/12/00
98.         Backdoor.Netbus.cli       File infector            07/05/00
99.         Backdoor.Netbus.drop      File infector            06/12/00
100.         Backdoor.OneTime          File infector            06/22/00
101.         Backdoor.Onliner          File infector            06/12/00
102.         Backdoor.Rat.Client       File infector            07/05/00
103.         Backdoor.Satan            File infector            06/12/00
104.         Backdoor.Silence          File infector            06/12/00
105.         Backdoor.WinMap           File infector            06/22/00
106.         Backdoor.WinMapClient     File infector            06/22/00
107.         Crash.Trojan              File infector            06/22/00
108.         HLP.Dream                 File infector            06/12/00
109.         HTML.StartMe              File infector            06/12/00
110.         ICQ.Trojan                File infector            06/22/00
111.         INI.Aphex                 File infector            06/12/00
112.         IRC.SRVCP.Trojan          File infector            07/05/00
113.         IRC.Trojan.Fabio          File infector            06/22/00
114.         Ini.Scrambler             File infector            06/12/00
115.         JS.Aphex                  File infector            06/12/00
116.         NT.Restart.Trojan         File infector            07/05/00
117.         O97M.SweetestThing        File infector            07/05/00
118.         PWSteal.Winup             File infector            06/12/00
119.         Serbian.Trojan            File infector            06/12/00
120.         Shnaz.Trojan.A            File infector            06/22/00
121.         Simpsons.Trojan           File infector            06/22/00
122.         TD.1536.B                 File infector            06/12/00
123.         TD.1536.B (2)             File infector            06/12/00
124.         Trojan.Nariz              File infector            06/22/00
125.         Trojan.Smile              File infector            06/22/00
126.         VBS.Aphex                 File infector            06/12/00
127.         VBS.Independence          File infector            07/05/00
128.         VBS.Jer(htm)              File infector            07/05/00
129.         VBS.Jer(htm) (2)          File infector            07/05/00
130.         VBS.Jer(htm) (3)          File infector            07/05/00
131.         VBS.Osterhase             File infector            07/05/00
132.         VBS.Plan.A                File infector            06/12/00
133.         VBS.Stages                File infector            06/16/00
134.         VBS.Timofonica            File infector            06/12/00
135.         VCL.Viral_Mess.(enc)      File infector            07/05/00
136.         W32.Dilber.Worm           File infector            07/05/00
137.         W32.Dream                 File infector            06/12/00
138.         W32.Gara.Dr               File infector            07/05/00
139.         W32.HLLO.Job.22528        File infector            06/12/00
140.         W32.HLLP.Semisoft.H       File infector            07/05/00
141.         W32.HLLP.Semisoft.I       File infector            07/05/00
142.         W32.HLLW.Tress            File infector            06/22/00
143.         W32.Henky.8888            File infector            07/05/00
144.         W32.Knight.2350           File infector            06/22/00
145.         W32.Mypics.B.Worm         File infector            07/05/00
146.         W32.NHKR.A.Worm           File infector            07/05/00
147.         W32.NHKR.B.Worm           File infector            07/05/00
148.         W32.Pokey.Worm            File infector            06/22/00
149.         W32.RainSong.3925         File infector            07/05/00
150.         W32.Silver.B.Mirc         File infector            06/12/00
151.         W32.TheSpy.A.Mirc         File infector            06/12/00
152.         W32.TheSpy.B.Mirc         File infector            06/12/00
153.         W95.Alpha.842             File infector            07/05/00
154.         W95.FYS.1728.Int          File infector            06/12/00
155.         W95.Hooy.8192             File infector            06/12/00
156.         W95.Hooy.8192.Dr          File infector            06/12/00
157.         W95.I13.12288.B.Int       File infector            07/05/00
158.         W95.Merinos.1849          File infector            07/05/00
159.         W95.NB.Worm               File infector            06/12/00
160.         W95.Smash (SYS)           File infector            06/22/00
161.         W95.Zomb.Gen              File infector            07/05/00
162.         W95.Zperm.A               File infector            06/22/00
163.         W95.Zperm.A.Dr            File infector            07/05/00
164.         W95.Zperm.B               File infector            06/22/00
165.         W95.Zperm.B.Dr            File infector            07/05/00
166.         W97M.Bablas.AD            File infector            06/22/00
167.         W97M.Bablas.AE            File infector            07/05/00
168.         W97M.Bablas.AF            File infector            07/05/00
169.         W97M.Bablas.int           File infector            07/05/00
170.         W97M.Beth.A               File infector            06/12/00
171.         W97M.Bobo                 File infector            07/05/00
172.         W97M.Bobo.int             File infector            06/22/00
173.         W97M.DIVI.I               File infector            06/22/00
174.         W97M.Eight941.K           File infector            06/22/00
175.         W97M.Goober.C             File infector            07/05/00
176.         W97M.Homer                File infector            06/12/00
177.         W97M.Marker.BO            File infector            06/12/00
178.         W97M.Marker.BX            File infector            06/22/00
179.         W97M.Michael              File infector            07/05/00
180.         W97M.NSI.B                File infector            06/12/00
181.         W97M.Nova.E               File infector            07/05/00
182.         W97M.Odious.C             File infector            07/05/00
183.         W97M.Passbox.I            File infector            06/22/00
184.         W97M.Relax                File infector            07/05/00
185.         W97M.Service.B            File infector            06/22/00
186.         W97M.Shepmah.B            File infector            06/22/00
187.         W97M.Sherlock             File infector            06/22/00
188.         W97M.Smaller.A            File infector            06/12/00
189.         W97M.Stealth.A            File infector            07/05/00
190.         W97M.Surround.Varian      File infector            06/19/00
191.         W97M.Thus.X               File infector            06/22/00
192.         W97M.Thus.Y               File infector            06/22/00
193.         W97M.Thus.Z               File infector            07/05/00
194.         W97M.Trap                 File infector            07/05/00
195.         W97M.VMPCK1.DI            File infector            06/12/00
196.         W97M.VMPCK1.DK            File infector            06/22/00
197.         W97M.VMPCK1.DL            File infector            07/05/00
198.         Win.HLLP.Sector           File infector            06/12/00
199.         Win.HLLP.Sector.Gen       File infector            06/12/00
200.         Win.Pada.B.Int            File infector            06/12/00
201.         Worms.Trojan.Intended     File infector            06/12/00
202.         X97M.DIVI.J               File infector            06/22/00
203.         X97M.DIVI.K               File infector            06/22/00
204.         X97M.Divi.L               File infector            07/05/00
205.         X97M.Hongo.B              File infector            06/22/00
206.         X97M.Manalo.I             File infector            06/22/00
207.         X97M.Obvious.A            File infector            07/05/00
208.         X97M.Toraja.C             File infector            06/12/00
209.         XM.Laroux.TV              File infector            07/05/00
210.         XM.SlimCow.A              File infector            07/05/00
211.  
212.  
213. Name Changes:
214.  
215.         Old Virus Name            New Virus Name          Date changed
216.         --------------            --------------          ------------
217.         W95.Fosforo.Int        to W95.Fosforo             06/22/00
218.         W97M.Aquil             to W97M.Heels.B            06/22/00
219.  
220.  
221. Deletions:
222.  
223.         Virus Name                Infection Type          Date removed
224.         ----------                --------------          ------------
225.  
226.  
227. **********************************************************************
228. **  Enabling Scanning Features                                      **
229. **********************************************************************
230.  
231. Several scanning features can be enabled through the use of an INF 
232. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
233. or NAV for OS/2, this configuration file should be called NAVEX15.INF
234. and should be placed in the directory where NAV is installed (i.e.,
235. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
236. the file should be called NAVEX15.INF and should be placed in the 
237. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
238. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
239. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
240. should be placed in the directory where NAV is installed (i.e., C:\NAV).
241. If this configuration file does not exist, create one in the appropriate
242. directory if you want to change the default settings.
243.  
244. To enable a scanning feature for a particular component, one or more 
245. entries need to be added to the configuration file under the correct
246. section.  For each platform there is a corresponding section that is used 
247. in the INF file.  Below is a table of section names and platforms.
248.  
249. Section Name    Platform
250. ------------    --------
251. NAVW32          Windows 95/98/NT
252. NAVAP           Windows 95/98/NT Auto-Protect
253. NAVDX           DOS
254. NAVNLM          Netware
255. NAVWIN          Windows 3.1
256. NAVOS2          OS/2
257. NAVAIX          AIX
258. NAVSOL          Solaris
259.  
260. Entries are case insensitive.  Below is a description of possible 
261. entries.
262.  
263. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
264. specific file from the NAVEX engine scan, add an entry with the full
265. path and file name.  This is case insensitive.  No wildcards are allowed.
266. To exclude multiple files, add a separate entry for each file.  To exclude
267. a file, add an entry like the one below where <PATH> is the full path
268. and file name.
269.         ExcludeFile = <PATH>
270.  
271. 2. Files within a directory can be excluded from scans by the NAVEX engine.
272. To exclude all files within a directory, add an entry with the full 
273. directory path.  This is case insensitive.  No wildcards are allowed.  This
274. does not exclude files located in subdirectories of the specified 
275. directory.  To exclude multiple directories, add a separate entry for each
276. directory. To exclude a directory, add an entry like the one below where
277. <DIRECTORY> is the full path.
278.         ExcludeDirectory = <DIRECTORY>
279.  
280. The following example of an INF configuration file excludes two files, 
281. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
282. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
283. Auto-Protect.
284.  
285. [NAVW32]
286. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
287. ExcludeFile = C:\TEMP\BIGFILE.DOC
288.  
289. [NAVAP]
290. ExcludeDirectory = D:\PRIVATE
291.  
292. **********************************************************************
293. **    Additional Information                                        **
294. **********************************************************************
295.  
296. Fixed detection for NT.Restart.Trojan
297.  
298. Additional information regarding this virus definitions update can be
299. found in UPDATE.TXT and TECHNOTE.TXT.
300.