home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2000 October
/
PCWorld_2000-10_cd1.bin
/
Software
/
Antiviry
/
NAV16
/
0911i16.exe
/
whatsnew.txt
< prev
Wrap
Text File
|
2000-09-11
|
31KB
|
518 lines
**********************************************************************
** **
** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
** **
** Symantec AntiVirus Research Center (SARC) September 11, 2000 **
** **
**********************************************************************
This document contains the following topics:
* Virus Alerts
* New Technologies
* Changes Incorporated Into This Update
* Enabling Scanning Features
* Additional Information
**********************************************************************
** Virus Alerts **
**********************************************************************
VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
is detected by this definition set.
The ten most commonly reported viruses, worldwide:
1 VBS.LoveLetter.A
2 WScript.KakWorm
3 VBS.Network
4 W95.CIH
5 Happy99.Worm
6 Worm.ExploreZip
7 W97M.ColdApe
8 W97M.Ethan
9 W97M.Melissa
10 WM.Cap
**********************************************************************
** New Technologies **
**********************************************************************
DATE Technologies Added
---- ------------------
8/19/98 * Excel heuristics which detect and repair new and unknown
macro viruses in Excel 95 & 97 documents.
9/16/98 * Added repair for encrypted Excel 97 documents.
10/21/98 * Heuristics to detect AOL Password Stealer Trojans.
* WORD Heuristics improvement to increase detection rate.
12/17/98 * Macro Exclusion Engine to speed up the scanning for Word
and Excel documents.
* PowerPoint engine to scan PowerPoint related viruses.
To enable this technology please read "Enabling/Disabling
PowerPoint Scanning" section later in this document.
02/18/99 * Detection and repair of macro viruses in Word and Excel
2000 documents.
05/15/99 * Added repair for PowerPoint viruses.
* Improved heuristics to detect more WORD 97 related
viruses.
06/10/99 * Menu repair technology for WORD macro viruses that change
command bar customizations in NORMAL.DOT.
07/12/99 * Added support for scanning of Ichitaro 8/9 documents.
(Ichitaro is a Japanese word processing program).
08/19/99 * Added detection and repair for embedded documents inside
PowerPoint 97.
11/22/99 * Added detection and repair for Trojans embedded in OLE
files, such as Windows scrap files and MS Office
documents.
* Added detection for viruses which infect Microsoft
Project documents (P98M.Corner.A, for example).
02/10/00 * Added support for scanning of UNIX executables.
* Added detection for infected Visio documents.
**********************************************************************
** Changes Incorporated Into This Virus Definitions Update **
**********************************************************************
New virus definitions (by Virus Name):
Virus Name Infection Type Week added
---------- -------------- ----------
Alien.Worm File infector 09/05/00
Ani (b) Boot infector 08/28/00
AntiCMOS.613 File infector 09/05/00
BAT.Ditty File infector 09/11/00
Backdoor.Bla.Trojan File infector 08/17/00
Backdoor.DRA File infector 08/17/00
Backdoor.DialUp File infector 08/14/00
Backdoor.GOL File infector 08/17/00
Backdoor.HackTack File infector 08/14/00
Backdoor.IRC.Pure File infector 08/14/00
Backdoor.Iexplore5 File infector 08/17/00
Backdoor.SubSeven.214 File infector 09/05/00
Backdoor.SysReg File infector 09/05/00
Backdoor.Taskmon File infector 09/05/00
Backdoor.Vampire File infector 08/14/00
BlackIce.Trojan File infector 09/05/00
Cute.707 File infector 08/17/00
Dial900.Aga File infector 08/17/00
HLP.LuckyH File infector 09/11/00
HackTool.PWSteal File infector 08/28/00
Halloween.1839 File infector 08/28/00
IRC.Plus.Worm File infector 08/28/00
IRC.Pnguin File infector 09/11/00
IRC.STD File infector 09/11/00
IRCWorm.Sleeper.p File infector 08/17/00
IRCWorm.Wally File infector 08/28/00
Initwo.Trojan File infector 08/17/00
Irok.7840 File infector 08/28/00
Irok.7840 (2) File infector 08/28/00
JS.LostSoul.Worm File infector 09/11/00
JeruVespa.1143 File infector 08/14/00
JeruVespa.1143 File infector 08/17/00
Kill98.Absturz File infector 08/17/00
Mag.Trojan File infector 08/14/00
Mag.Trojan File infector 08/17/00
O97M.Codemas.A File infector 08/14/00
O97M.Codemas.A File infector 08/17/00
O97M.Toraja.D File infector 08/14/00
O97M.Toraja.D File infector 08/17/00
PWS.PKG.Trojan File infector 08/17/00
PWSTEAL.AcidShivers File infector 08/17/00
PWSteal.KeyGen File infector 08/28/00
Palm.Liberty.A File infector 08/28/00
Plage.Worm File infector 08/28/00
SSIWG.Worm File infector 08/28/00
Threat.DateOverflow File infector 09/05/00
Trojan.Chico File infector 08/28/00
Trojan.Genvir File infector 09/05/00
Trojan.Sexu File infector 08/28/00
VBS.A24 File infector 09/05/00
VBS.Jackal File infector 08/28/00
VBS.LostSoul.Worm File infector 09/11/00
VBS.LoveLetter.BD File infector 08/14/00
VBS.LoveLetter.BE File infector 09/05/00
VBS.Pnguin File infector 09/11/00
VBS.Rename.Trojan File infector 08/14/00
VBS.Vpot File infector 09/05/00
VBS.Vpot (2) File infector 09/05/00
VBS.Vpot (3) File infector 09/05/00
VBS.Zambo.Trojan File infector 09/05/00
W2000M.Gargle File infector 08/28/00
W2K.Stream.A File infector 09/05/00
W32.Antim File infector 09/11/00
W32.Evul.8192 File infector 09/11/00
W32.Explorezip.F.Worm File infector 09/11/00
W32.FunLove.4099.dr File infector 08/28/00
W32.FunLove.4099.dr 2 File infector 08/28/00
W32.HLLP.GhostDog.B File infector 08/14/00
W32.HLLP.GhostDog.C File infector 09/11/00
W32.HLLP.GhostDog.D File infector 09/11/00
W32.HLLP.STD.A File infector 08/14/00
W32.HLLP.STD.B File infector 08/14/00
W32.HLLP.STD.B.Mirc File infector 08/14/00
W32.HLLP.Scrambler.C File infector 09/11/00
W32.HLLP.Scrambler.D File infector 09/11/00
W32.HLLP.Semisoft.J File infector 08/14/00
W32.HLLW.Qaz.B File infector 08/14/00
W32.HLLW.Qaz.C File infector 08/14/00
W32.HLLW.Qaz.D File infector 08/14/00
W32.Infinite.1661 File infector 08/14/00
W32.Luck.A File infector 09/11/00
W32.Luck.B File infector 09/11/00
W32.LuckyH.Dr File infector 09/11/00
W32.Mypicks.C.Worm File infector 09/11/00
W32.Pnguin.Worm File infector 09/11/00
W32.Resure.38400 File infector 08/14/00
W32.Totilix.Worm File infector 09/11/00
W95.Auryn.1155 File infector 09/11/00
W95.Daw.1262 File infector 08/28/00
W95.Dawn.Gen File infector 09/11/00
W95.Ditto File infector 09/11/00
W95.Etymo.1308 File infector 09/11/00
W95.Fraz.993 File infector 09/11/00
W95.Fraz.993.G1 File infector 09/11/00
W95.Gara.961 File infector 09/11/00
W95.Oisdbo File infector 08/17/00
W95.Oisdbo (dll) File infector 08/17/00
W95.Oisdbo.dr File infector 08/28/00
W95.Oisdbo.dr (2) File infector 08/28/00
W95.Oisdbo.dr (3) File infector 08/28/00
W95.Oisdbo.worm File infector 08/17/00
W95.Vampiro File infector 09/11/00
W95.Vampiro.2883 File infector 09/11/00
W97M.AntiCor File infector 08/28/00
W97M.Bablas.AK File infector 09/11/00
W97M.Bablas.AL File infector 09/11/00
W97M.Bablas.AM File infector 09/11/00
W97M.Basic File infector 08/17/00
W97M.DeathKiss File infector 09/05/00
W97M.Jackal File infector 08/28/00
W97M.King File infector 09/05/00
W97M.Magma.A File infector 09/05/00
W97M.Marker.EI File infector 09/11/00
W97M.Marker.T File infector 08/28/00
W97M.Myna.R File infector 09/05/00
W97M.Myna.X File infector 09/05/00
W97M.Nidoc.B File infector 08/17/00
W97M.Onex.B File infector 08/14/00
W97M.Onex.B File infector 08/17/00
W97M.Sap File infector 08/28/00
W97M.Scar.Int File infector 08/28/00
W97M.Serpent File infector 08/28/00
W97M.Shepmah.C File infector 09/05/00
W97M.Shepmah.D File infector 09/05/00
W97M.String File infector 08/28/00
W97M.Thus.AJ File infector 08/17/00
W97M.Thus.AK File infector 09/05/00
W97M.Thus.X.Family File infector 08/28/00
W97M.Triplet.A File infector 09/05/00
W97M.VMPCK1.BP File infector 08/17/00
W97M.VMPCK1.BQ File infector 08/28/00
W97M.VMPCK1.BR File infector 08/28/00
W97M.WallyDrop File infector 08/28/00
WScript.GodMessage.int File infector 08/17/00
X97M.Adversary.A File infector 09/05/00
X97M.BadBoy File infector 08/28/00
X97M.BadBoy.B File infector 08/28/00
X97M.Barisada.C File infector 08/17/00
X97M.Barisada.D File infector 08/28/00
X97M.Barisada.E File infector 09/05/00
X97M.Barisada.F File infector 09/05/00
X97M.Barisada.Var File infector 08/28/00
X97M.Confused File infector 08/28/00
X97M.Jini.A1 File infector 08/28/00
X97M.Laroux.TZ File infector 08/17/00
X97M.Looksn.C File infector 09/11/00
X97M.Pacand.A File infector 09/05/00
X97M.Swap.int File infector 08/28/00
XF.Sic.J File infector 09/05/00
XM.Register.A File infector 09/05/00
New virus definitions (by Week added):
Virus Name Infection Type Week added
---------- -------------- ----------
BAT.Ditty File infector 09/11/00
X97M.Looksn.C File infector 09/11/00
W97M.Bablas.AK File infector 09/11/00
W97M.Bablas.AL File infector 09/11/00
W97M.Bablas.AM File infector 09/11/00
W97M.Marker.EI File infector 09/11/00
VBS.LostSoul.Worm File infector 09/11/00
JS.LostSoul.Worm File infector 09/11/00
W95.Etymo.1308 File infector 09/11/00
W95.Vampiro.2883 File infector 09/11/00
W95.Dawn.Gen File infector 09/11/00
W32.Evul.8192 File infector 09/11/00
W32.Explorezip.F.Worm File infector 09/11/00
W32.Mypicks.C.Worm File infector 09/11/00
W32.Totilix.Worm File infector 09/11/00
W32.HLLP.GhostDog.C File infector 09/11/00
W32.HLLP.GhostDog.D File infector 09/11/00
W32.LuckyH.Dr File infector 09/11/00
W32.Luck.A File infector 09/11/00
W32.Luck.B File infector 09/11/00
W95.Ditto File infector 09/11/00
IRC.STD File infector 09/11/00
W32.Pnguin.Worm File infector 09/11/00
IRC.Pnguin File infector 09/11/00
VBS.Pnguin File infector 09/11/00
W95.Vampiro File infector 09/11/00
W32.Antim File infector 09/11/00
W95.Auryn.1155 File infector 09/11/00
W95.Fraz.993 File infector 09/11/00
W95.Fraz.993.G1 File infector 09/11/00
HLP.LuckyH File infector 09/11/00
W95.Gara.961 File infector 09/11/00
W32.HLLP.Scrambler.D File infector 09/11/00
W32.HLLP.Scrambler.C File infector 09/11/00
W97M.Shepmah.C File infector 09/05/00
X97M.Adversary.A File infector 09/05/00
XM.Register.A File infector 09/05/00
VBS.LoveLetter.BE File infector 09/05/00
Backdoor.SubSeven.214 File infector 09/05/00
W97M.Myna.R File infector 09/05/00
W97M.Myna.X File infector 09/05/00
W97M.DeathKiss File infector 09/05/00
Backdoor.Taskmon File infector 09/05/00
VBS.Zambo.Trojan File infector 09/05/00
Threat.DateOverflow File infector 09/05/00
Backdoor.SysReg File infector 09/05/00
VBS.A24 File infector 09/05/00
W97M.King File infector 09/05/00
Trojan.Genvir File infector 09/05/00
AntiCMOS.613 File infector 09/05/00
W97M.Thus.AK File infector 09/05/00
X97M.Barisada.E File infector 09/05/00
W97M.Triplet.A File infector 09/05/00
VBS.Vpot File infector 09/05/00
VBS.Vpot (2) File infector 09/05/00
VBS.Vpot (3) File infector 09/05/00
BlackIce.Trojan File infector 09/05/00
X97M.Barisada.F File infector 09/05/00
W97M.Magma.A File infector 09/05/00
W97M.Shepmah.D File infector 09/05/00
X97M.Pacand.A File infector 09/05/00
Alien.Worm File infector 09/05/00
XF.Sic.J File infector 09/05/00
W2K.Stream.A File infector 09/05/00
Irok.7840 File infector 08/28/00
Irok.7840 (2) File infector 08/28/00
W32.FunLove.4099.dr File infector 08/28/00
W32.FunLove.4099.dr 2 File infector 08/28/00
W95.Oisdbo.dr File infector 08/28/00
W95.Oisdbo.dr (2) File infector 08/28/00
W95.Oisdbo.dr (3) File infector 08/28/00
W97M.Scar.Int File infector 08/28/00
X97M.BadBoy.B File infector 08/28/00
X97M.Barisada.Var File infector 08/28/00
Ani (b) Boot infector 08/28/00
Palm.Liberty.A File infector 08/28/00
Trojan.Sexu File infector 08/28/00
W97M.VMPCK1.BQ File infector 08/28/00
W97M.Serpent File infector 08/28/00
W97M.AntiCor File infector 08/28/00
W97M.String File infector 08/28/00
W97M.WallyDrop File infector 08/28/00
IRCWorm.Wally File infector 08/28/00
W2000M.Gargle File infector 08/28/00
W97M.Sap File infector 08/28/00
W97M.Thus.X.Family File infector 08/28/00
W97M.VMPCK1.BR File infector 08/28/00
X97M.Confused File infector 08/28/00
X97M.Swap.int File infector 08/28/00
SSIWG.Worm File infector 08/28/00
Trojan.Chico File infector 08/28/00
Plage.Worm File infector 08/28/00
PWSteal.KeyGen File infector 08/28/00
IRC.Plus.Worm File infector 08/28/00
Halloween.1839 File infector 08/28/00
W97M.Marker.T File infector 08/28/00
W95.Daw.1262 File infector 08/28/00
W97M.Jackal File infector 08/28/00
VBS.Jackal File infector 08/28/00
X97M.BadBoy File infector 08/28/00
X97M.Barisada.D File infector 08/28/00
HackTool.PWSteal File infector 08/28/00
X97M.Jini.A1 File infector 08/28/00
Kill98.Absturz File infector 08/17/00
Backdoor.DRA File infector 08/17/00
X97M.Laroux.TZ File infector 08/17/00
Backdoor.GOL File infector 08/17/00
Backdoor.Iexplore5 File infector 08/17/00
Backdoor.Bla.Trojan File infector 08/17/00
Cute.707 File infector 08/17/00
Dial900.Aga File infector 08/17/00
X97M.Barisada.C File infector 08/17/00
IRCWorm.Sleeper.p File infector 08/17/00
Initwo.Trojan File infector 08/17/00
JeruVespa.1143 File infector 08/17/00
WScript.GodMessage.int File infector 08/17/00
W97M.Basic File infector 08/17/00
Mag.Trojan File infector 08/17/00
O97M.Codemas.A File infector 08/17/00
W97M.VMPCK1.BP File infector 08/17/00
O97M.Toraja.D File infector 08/17/00
PWS.PKG.Trojan File infector 08/17/00
W97M.Thus.AJ File infector 08/17/00
PWSTEAL.AcidShivers File infector 08/17/00
W95.Oisdbo File infector 08/17/00
W95.Oisdbo (dll) File infector 08/17/00
W95.Oisdbo.worm File infector 08/17/00
W97M.Onex.B File infector 08/17/00
W97M.Nidoc.B File infector 08/17/00
W97M.Onex.B File infector 08/14/00
W32.HLLP.GhostDog.B File infector 08/14/00
Mag.Trojan File infector 08/14/00
Backdoor.DialUp File infector 08/14/00
Backdoor.HackTack File infector 08/14/00
W32.Resure.38400 File infector 08/14/00
O97M.Codemas.A File infector 08/14/00
VBS.LoveLetter.BD File infector 08/14/00
Backdoor.IRC.Pure File infector 08/14/00
W32.HLLP.STD.A File infector 08/14/00
Backdoor.Vampire File infector 08/14/00
W32.HLLP.STD.B File infector 08/14/00
W32.HLLP.STD.B.Mirc File infector 08/14/00
JeruVespa.1143 File infector 08/14/00
W32.HLLP.Semisoft.J File infector 08/14/00
VBS.Rename.Trojan File infector 08/14/00
O97M.Toraja.D File infector 08/14/00
W32.HLLW.Qaz.C File infector 08/14/00
W32.HLLW.Qaz.B File infector 08/14/00
W32.Infinite.1661 File infector 08/14/00
W32.HLLW.Qaz.D File infector 08/14/00
Name Changes (by Old Virus Name):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
Qaz.Trojan to W32.HLLW.Qaz.A 08/14/00
W95.MTX.dr (3) to W95.Oisdbo.dr 09/11/00
W95.Oisdbo to W95.MTX 09/05/00
W95.Oisdbo (dll) to W95.MTX (dll) 09/05/00
W95.Oisdbo.worm to W95.MTX.worm 09/05/00
W95.Oisdbo.dr to W95.MTX.dr 09/05/00
W95.Oisdbo.dr (2) to W95.MTX.dr (2) 09/05/00
W95.Oisdbo.dr (3) to W95.MTX.dr (3) 09/05/00
Name Changes (by Date changed):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
W95.MTX.dr (3) to W95.Oisdbo.dr 09/11/00
W95.Oisdbo (dll) to W95.MTX (dll) 09/05/00
W95.Oisdbo.worm to W95.MTX.worm 09/05/00
W95.Oisdbo to W95.MTX 09/05/00
W95.Oisdbo.dr to W95.MTX.dr 09/05/00
W95.Oisdbo.dr (2) to W95.MTX.dr (2) 09/05/00
W95.Oisdbo.dr (3) to W95.MTX.dr (3) 09/05/00
Qaz.Trojan to W32.HLLW.Qaz.A 08/14/00
Deletions (by Virus Name):
Virus Name Infection Type Date removed
---------- -------------- ------------
Dial900.Aga File infector 09/11/00
Infector.10217 File infector 08/14/00
Kill98.Absturz File infector 09/11/00
Netbus 2.01 Trojan 8 File infector 08/17/00
Netbus 2.01 Trojan 9 File infector 08/17/00
Netbus 2.01 Trojan 11 File infector 08/17/00
Netbus 2.01 Trojan 12 File infector 08/17/00
PWSTEAL.AcidShivers File infector 09/11/00
Deletions (by Date removed):
Virus Name Infection Type Date removed
---------- -------------- ------------
Dial900.Aga File infector 09/11/00
Kill98.Absturz File infector 09/11/00
PWSTEAL.AcidShivers File infector 09/11/00
Netbus 2.01 Trojan 9 File infector 08/17/00
Netbus 2.01 Trojan 12 File infector 08/17/00
Netbus 2.01 Trojan 11 File infector 08/17/00
Netbus 2.01 Trojan 8 File infector 08/17/00
Infector.10217 File infector 08/14/00
**********************************************************************
** Enabling Scanning Features **
**********************************************************************
Several scanning features can be enabled through the use of an INF
configuration file. For NAV for Windows 95/NT version 4.x and later,
or NAV for OS/2, this configuration file should be called NAVEX15.INF
and should be placed in the directory where NAV is installed (i.e.,
C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x,
the file should be called NAVEX15.INF and should be placed in the
directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
should be placed in the directory where NAV is installed (i.e., C:\NAV).
If this configuration file does not exist, create one in the appropriate
directory if you want to change the default settings.
To enable a scanning feature for a particular component, one or more
entries need to be added to the configuration file under the correct
section. For each platform there is a corresponding section that is used
in the INF file. Below is a table of section names and platforms.
Section Name Platform
------------ --------
NAVW32 Windows 95/98/NT
NAVAP Windows 95/98/NT Auto-Protect
NAVDX DOS
NAVNLM Netware
NAVWIN Windows 3.1
NAVOS2 OS/2
NAVAIX AIX
NAVSOL Solaris
Entries are case insensitive. Below is a description of possible
entries.
1. Files can be excluded from scans by the NAVEX engine. To exclude a
specific file from the NAVEX engine scan, add an entry with the full
path and file name. This is case insensitive. No wildcards are allowed.
To exclude multiple files, add a separate entry for each file. To exclude
a file, add an entry like the one below where <PATH> is the full path
and file name.
ExcludeFile = <PATH>
2. Files within a directory can be excluded from scans by the NAVEX engine.
To exclude all files within a directory, add an entry with the full
directory path. This is case insensitive. No wildcards are allowed. This
does not exclude files located in subdirectories of the specified
directory. To exclude multiple directories, add a separate entry for each
directory. To exclude a directory, add an entry like the one below where
<DIRECTORY> is the full path.
ExcludeDirectory = <DIRECTORY>
The following example of an INF configuration file excludes two files,
NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT
scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT
Auto-Protect.
[NAVW32]
ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
ExcludeFile = C:\TEMP\BIGFILE.DOC
[NAVAP]
ExcludeDirectory = D:\PRIVATE
**********************************************************************
** Additional Information **
**********************************************************************
Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.
