home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2002 February
/
PCWorld_2002-02_cd.bin
/
Software
/
Antiviry
/
nav32
/
0109i32.exe
/
whatsnew.txt
< prev
next >
Wrap
Text File
|
2002-01-09
|
28KB
|
549 lines
**********************************************************************
** **
** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
** **
** Symantec Security Response January 09, 2002 **
** **
**********************************************************************
This document contains the following topics:
* Virus Alerts
* New Technologies
* Changes Incorporated Into This Update
* Enabling Scanning Features
* Additional Information
**********************************************************************
** Virus Alerts **
**********************************************************************
The ten most commonly reported viruses, worldwide:
1 W95.Hybris.worm
2 W95.MTX
3 Wscript.KakWorm
4 W32.HLLW.Bymer
5 W32.Magistr.24876@mm
6 W32.Badtrans.13312@mm
7 W32.Navidad.16896
8 Happy99.Worm
9 VBS.LoveLetter
10 W32.HLLW.Qaz
**********************************************************************
** New Technologies **
**********************************************************************
DATE Technologies Added
---- ------------------
02/18/99 * Detection and repair of macro viruses in Word and Excel
2000 documents.
05/15/99 * Added repair for PowerPoint viruses.
* Improved heuristics to detect more WORD 97 related
viruses.
06/10/99 * Menu repair technology for WORD macro viruses that change
command bar customizations in NORMAL.DOT.
07/12/99 * Added support for scanning of Ichitaro 8/9 documents.
(Ichitaro is a Japanese word processing program).
08/19/99 * Added detection and repair for embedded documents inside
PowerPoint 97.
11/22/99 * Added detection and repair for Trojans embedded in OLE
files, such as Windows scrap files and MS Office
documents.
* Added detection for viruses which infect Microsoft
Project documents (P98M.Corner.A, for example).
02/10/00 * Added support for scanning of UNIX executables.
* Added detection for infected Visio documents.
12/18/00 * Added heuristics for for 32-bit Windows viruses.
* Added a script scanner which increases our capabilities for
detecting script based threats.
08/02/01 * Engine Update 08/02/01
* All products that use the NAVEX 1.5 architecture
(in other words, most major Symantec products released over
the last 3 - 4 years) will receive the new functionality.
* This enhanced technology provides improved script scanning
as well as more proactive detection of unknown script-based
threats.
**********************************************************************
** Changes Incorporated Into This Virus Definitions Update **
**********************************************************************
DATE
----
New virus definitions (sorted by Virus Name):
Virus Name Infection Type Date added
---------- -------------- ---------
ACTS.LHM.926 File infector 01/09/02
Backdoor.IRC.Flood.dr File infector 01/08/02
Backdoor.Levelone File infector 12/14/01
Backdoor.Litmus.B File infector 12/11/01
Backdoor.Optix File infector 12/11/01
Backdoor.Palukka File infector 01/07/02
Backdoor.Trojan.dr(7) File infector 01/02/02
Birgit.307 File infector 12/19/01
Birgit.330 File infector 12/19/01
Bombole.gen File infector 12/13/01
Clacker.kit File infector 12/19/01
Eddy.1444 File infector 01/04/02
Eddy.1500 File infector 01/04/02
Eddy.1534 File infector 01/04/02
Flowv.gen File infector 12/12/01
JS.CoolSite@mm File infector 12/19/01
JS.Gigger.A@mm File infector 01/09/02
JS.Seeker.F File infector 01/08/02
JS.Zacker.A File infector 12/19/01
PP97M.Chamy File infector 12/14/01
Pojer.1935 File infector 12/13/01
Pojer.1935 (x) File infector 12/13/01
QRabid.Trojan File infector 12/12/01
Ricsi.806 File infector 12/11/01
SecHole.Trojan File infector 01/08/02
Security Risk File infector 12/10/01
Silly.131 File infector 12/13/01
Sorry.256 File infector 12/13/01
Steel.273 File infector 12/19/01
Tiny.143.B File infector 12/13/01
Trojan.Danschl.A File infector 12/12/01
Trojan.JS.SetPage File infector 12/24/01
VBS.Breberka.B@mm File infector 12/26/01
VBS.Charl File infector 12/11/01
VBS.Dname@m.int File infector 12/14/01
VBS.Elliv File infector 12/12/01
VBS.Fundll@mm File infector 12/10/01
VBS.Mraz@mm File infector 12/21/01
VBS.Sorry.F File infector 12/19/01
VBS.Textor.Trojan File infector 12/27/01
VBS.Voodoo.B File infector 12/26/01
VBS.Zacker.A File infector 12/19/01
W32.Asorl File infector 12/26/01
W32.DlDer.Trojan File infector 12/29/01
W32.Faker.B File infector 01/04/02
W32.FreeTrip@mm File infector 12/11/01
W32.Gizer@mm File infector 12/28/01
W32.Gokar.A@mm File infector 12/13/01
W32.HLLO.Inex File infector 01/03/02
W32.HLLP.Delvi File infector 12/31/01
W32.HLLP.Surfing File infector 12/21/01
W32.HLLP.XINF File infector 01/03/02
W32.HLLW.GOP File infector 12/14/01
W32.HLLW.GOP@mm File infector 12/13/01
W32.HLLW.Maryl File infector 01/03/02
W32.Lohack.Worm File infector 12/31/01
W32.Maldal.C@mm(html) File infector 12/20/01
W32.Maldal.D@mm File infector 12/29/01
W32.Maldal.F@mm File infector 12/31/01
W32.Maldal.gen@mm File infector 01/03/02
W32.Nector File infector 01/03/02
W32.Reeezak.A@mm File infector 12/19/01
W32.ShakeWorld@mm File infector 01/04/02
W32.Shoho@MM File infector 12/21/01
W32.Steatopygous@mm File infector 01/08/02
W32.Sucha@mm File infector 01/07/02
W32.Sysnom@mm File infector 01/04/02
W32.Zacker@mm File infector 12/10/01
W32.Zoher@mm File infector 12/24/01
W32.Zoher@mm.enc File infector 12/27/01
W95.Axiety.2471 File infector 12/29/01
W97M.Bottra.Gen File infector 12/14/01
W97M.Cream.A File infector 01/04/02
W97M.Ded.T.gen File infector 12/13/01
W97M.Deedee.A@mm File infector 12/20/01
W97M.Gabe.gen File infector 12/27/01
W97M.Headhunt.A File infector 12/14/01
W97M.Lily.E File infector 12/14/01
W97M.Marker.KA File infector 12/14/01
W97M.Mirat.B.gen File infector 12/13/01
W97M.Myco.gen File infector 12/21/01
W97M.Ninel.A File infector 12/14/01
W97M.Pexas File infector 12/14/01
W97M.Stibium File infector 12/17/01
W97M.Termina.A File infector 12/14/01
W97M.Yapp File infector 12/29/01
Worm.Automat.AGJ File infector 12/17/01
Wyx.boot File infector 12/10/01
X97M.BIC File infector 12/10/01
X97M.Laroux.gen File infector 12/29/01
X97M.Sifa File infector 12/13/01
New virus definitions (sorted by Date added):
Virus Name Infection Type Date added
---------- -------------- ----------
JS.Gigger.A@mm File infector 01/09/02
ACTS.LHM.926 File infector 01/09/02
W32.Steatopygous@mm File infector 01/08/02
Backdoor.IRC.Flood.dr File infector 01/08/02
SecHole.Trojan File infector 01/08/02
JS.Seeker.F File infector 01/08/02
W32.Sucha@mm File infector 01/07/02
Backdoor.Palukka File infector 01/07/02
W32.ShakeWorld@mm File infector 01/04/02
W97M.Cream.A File infector 01/04/02
Eddy.1444 File infector 01/04/02
Eddy.1500 File infector 01/04/02
Eddy.1534 File infector 01/04/02
W32.Sysnom@mm File infector 01/04/02
W32.Faker.B File infector 01/04/02
W32.HLLO.Inex File infector 01/03/02
W32.HLLP.XINF File infector 01/03/02
W32.HLLW.Maryl File infector 01/03/02
W32.Maldal.gen@mm File infector 01/03/02
W32.Nector File infector 01/03/02
Backdoor.Trojan.dr(7) File infector 01/02/02
W32.Maldal.F@mm File infector 12/31/01
W32.HLLP.Delvi File infector 12/31/01
W32.Lohack.Worm File infector 12/31/01
W32.DlDer.Trojan File infector 12/29/01
W32.Maldal.D@mm File infector 12/29/01
X97M.Laroux.gen File infector 12/29/01
W97M.Yapp File infector 12/29/01
W95.Axiety.2471 File infector 12/29/01
W32.Gizer@mm File infector 12/28/01
VBS.Textor.Trojan File infector 12/27/01
W32.Zoher@mm.enc File infector 12/27/01
W97M.Gabe.gen File infector 12/27/01
VBS.Breberka.B@mm File infector 12/26/01
VBS.Voodoo.B File infector 12/26/01
W32.Asorl File infector 12/26/01
Trojan.JS.SetPage File infector 12/24/01
W32.Zoher@mm File infector 12/24/01
VBS.Mraz@mm File infector 12/21/01
W32.HLLP.Surfing File infector 12/21/01
W32.Shoho@MM File infector 12/21/01
W97M.Myco.gen File infector 12/21/01
W32.Maldal.C@mm(html) File infector 12/20/01
W97M.Deedee.A@mm File infector 12/20/01
Clacker.kit File infector 12/19/01
Birgit.307 File infector 12/19/01
Birgit.330 File infector 12/19/01
Steel.273 File infector 12/19/01
W32.Reeezak.A@mm File infector 12/19/01
VBS.Sorry.F File infector 12/19/01
JS.CoolSite@mm File infector 12/19/01
JS.Zacker.A File infector 12/19/01
VBS.Zacker.A File infector 12/19/01
W97M.Stibium File infector 12/17/01
Worm.Automat.AGJ File infector 12/17/01
Backdoor.Levelone File infector 12/14/01
PP97M.Chamy File infector 12/14/01
VBS.Dname@m.int File infector 12/14/01
W32.HLLW.GOP File infector 12/14/01
W97M.Bottra.Gen File infector 12/14/01
W97M.Headhunt.A File infector 12/14/01
W97M.Lily.E File infector 12/14/01
W97M.Marker.KA File infector 12/14/01
W97M.Ninel.A File infector 12/14/01
W97M.Pexas File infector 12/14/01
W97M.Termina.A File infector 12/14/01
Bombole.gen File infector 12/13/01
Pojer.1935 File infector 12/13/01
Pojer.1935 (x) File infector 12/13/01
Silly.131 File infector 12/13/01
Sorry.256 File infector 12/13/01
Tiny.143.B File infector 12/13/01
W32.Gokar.A@mm File infector 12/13/01
W32.HLLW.GOP@mm File infector 12/13/01
W97M.Ded.T.gen File infector 12/13/01
W97M.Mirat.B.gen File infector 12/13/01
X97M.Sifa File infector 12/13/01
Flowv.gen File infector 12/12/01
QRabid.Trojan File infector 12/12/01
Trojan.Danschl.A File infector 12/12/01
VBS.Elliv File infector 12/12/01
W32.FreeTrip@mm File infector 12/11/01
VBS.Charl File infector 12/11/01
Ricsi.806 File infector 12/11/01
Backdoor.Optix File infector 12/11/01
Backdoor.Litmus.B File infector 12/11/01
Security Risk File infector 12/10/01
VBS.Fundll@mm File infector 12/10/01
W32.Zacker@mm File infector 12/10/01
Wyx.boot File infector 12/10/01
X97M.BIC File infector 12/10/01
Name Changes (sorted by Old Virus Name):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
Backdoor.Litmus.B to Backdoor.Litmus.Gen 01/04/02
Bloodhound.JS.Threat to Bloodhound.VBS.2 11/14/01
Bloodhound.VBS.Threat to Bloodhound.VBS.1 11/14/01
Girlgif.Trojan to Girl.Worm 11/20/01
JS.Radirc.A to JS.Rootlet.A@m 11/01/01
Marzia.2048 to Marzia.2048.M 12/18/01
Marzia.2048.E (2) to Marzia.2048.Q 12/18/01
Marzia.2048.ww.c to Marzia.2048.I 12/18/01
Marzia.2048.ww.c (2) to Marzia.2048.J 12/18/01
Marzia.2048.ww.c (b) to Marzia.2048.B (b) 12/18/01
Marzia.A to Marzia.2048.A 12/18/01
Marzia.A (b) to Marzia.2048.A (b) 12/18/01
Marzia.B to Marzia.2048.B 12/18/01
Marzia.C to Marzia.2048.C 12/18/01
Marzia.C (b) to Marzia.2048.C (b) 12/18/01
Marzia.D to Marzia.2048.D 12/18/01
Marzia.D (b) to Marzia.2048.D (b) 12/18/01
Marzia.F to Marzia.2048.F 12/18/01
Marzia.N to Marzia.2048.N 12/18/01
O97M.Krtz.A to O97M.Codemas.B 11/30/01
VBS.Magique.Int to VBS.Loveletter.Int 11/12/01
VBS.Natiday.A@mm to VBS.Loveletter.CU@mm 11/11/01
VBS.Protest to VBS.Crim.A 11/12/01
VBS.Saur.A to IRC.Bulbas 11/06/01
VBS.aGm.a to VBS.Agm.A 11/29/01
W32.Dela.Worm to W32.Delarm.Worm 11/06/01
W32.HLLP.Surfing to W32.Dropper.Surfing 12/24/01
W32.Klez.B@mm to W32.Klez.D@mm 11/09/01
W32.Reeezak.A@mm to W32.Maldal.C@mm 12/20/01
W32.ShakeWorld@mm to W32.Shatrix@mm 01/07/02
W32.Shoho@MM to W32.Shoho@mm 12/24/01
W32.Steatopygous@mm to W32.Toget@mm 01/09/02
W32.Sucha@mm to VBS.Rosegun@mm 01/08/02
W32.Viled@mm to W32.Viled.gen 11/13/01
W32.Zacker@mm to W32.Maldal@mm 12/21/01
W95.SchoolGirl.909 to W95.SchoolGirl.910 12/05/01
W97M.Ethan.EL (2) to W97M.Ethan.EL 11/01/01
W97M.Trado.A to W97M.Luar.A 11/01/01
X97M.Codemas.D to X97M.Slacker.D 11/02/01
X97M.RChan.A to X97M.Ellar.B 12/27/01
X97M.Sifa to X97M.Brep 12/13/01
Name Changes (sorted by Date changed):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
W32.Steatopygous@mm to W32.Toget@mm 01/09/02
W32.Sucha@mm to VBS.Rosegun@mm 01/08/02
W32.ShakeWorld@mm to W32.Shatrix@mm 01/07/02
Backdoor.Litmus.B to Backdoor.Litmus.Gen 01/04/02
X97M.RChan.A to X97M.Ellar.B 12/27/01
W32.Shoho@MM to W32.Shoho@mm 12/24/01
W32.HLLP.Surfing to W32.Dropper.Surfing 12/24/01
W32.Zacker@mm to W32.Maldal@mm 12/21/01
W32.Reeezak.A@mm to W32.Maldal.C@mm 12/20/01
Marzia.2048 to Marzia.2048.M 12/18/01
Marzia.2048.E (2) to Marzia.2048.Q 12/18/01
Marzia.2048.ww.c to Marzia.2048.I 12/18/01
Marzia.2048.ww.c (2) to Marzia.2048.J 12/18/01
Marzia.2048.ww.c (b) to Marzia.2048.B (b) 12/18/01
Marzia.A to Marzia.2048.A 12/18/01
Marzia.A (b) to Marzia.2048.A (b) 12/18/01
Marzia.B to Marzia.2048.B 12/18/01
Marzia.C to Marzia.2048.C 12/18/01
Marzia.C (b) to Marzia.2048.C (b) 12/18/01
Marzia.D to Marzia.2048.D 12/18/01
Marzia.D (b) to Marzia.2048.D (b) 12/18/01
Marzia.F to Marzia.2048.F 12/18/01
Marzia.N to Marzia.2048.N 12/18/01
X97M.Sifa to X97M.Brep 12/13/01
W95.SchoolGirl.909 to W95.SchoolGirl.910 12/05/01
O97M.Krtz.A to O97M.Codemas.B 11/30/01
VBS.aGm.a to VBS.Agm.A 11/29/01
Girlgif.Trojan to Girl.Worm 11/20/01
Bloodhound.JS.Threat to Bloodhound.VBS.2 11/14/01
Bloodhound.VBS.Threat to Bloodhound.VBS.1 11/14/01
W32.Viled@mm to W32.Viled.gen 11/13/01
VBS.Magique.Int to VBS.Loveletter.Int 11/12/01
VBS.Protest to VBS.Crim.A 11/12/01
VBS.Natiday.A@mm to VBS.Loveletter.CU@mm 11/11/01
W32.Klez.B@mm to W32.Klez.D@mm 11/09/01
VBS.Saur.A to IRC.Bulbas 11/06/01
W32.Dela.Worm to W32.Delarm.Worm 11/06/01
X97M.Codemas.D to X97M.Slacker.D 11/02/01
JS.Radirc.A to JS.Rootlet.A@m 11/01/01
W97M.Ethan.EL (2) to W97M.Ethan.EL 11/01/01
W97M.Trado.A to W97M.Luar.A 11/01/01
Deletions (sorted by Virus Name):
Virus Name Infection Type Date removed
---------- -------------- ------------
AirCop Dropper Boot infector 11/13/01
Denzuk Dropper Boot infector 11/13/01
Ghostmail.Spammer File infector 12/03/01
Gold Bug (1) File and Boot infector 12/12/01
HLLO.Picked.4505 File infector 11/20/01
ICQ.Junta.Trojan File infector 11/20/01
JS.Zacker.A File infector 12/20/01
Logon.scr File infector 12/10/01
Pojer File infector 12/13/01
Ruw (2) File infector 12/10/01
VBS.Zacker.A File infector 12/20/01
W32.DlDer.Trojan File infector 01/04/02
W97M.Galero.A File infector 11/20/01
W97M.Marker.NW File infector 11/20/01
Worm.Automat.AGJ File infector 12/24/01
Wyx.boot File infector 12/21/01
Deletions (sorted by Date removed):
Virus Name Infection Type Date removed
---------- -------------- ------------
W32.DlDer.Trojan File infector 01/04/02
Worm.Automat.AGJ File infector 12/24/01
Wyx.boot File infector 12/21/01
JS.Zacker.A File infector 12/20/01
VBS.Zacker.A File infector 12/20/01
Pojer File infector 12/13/01
Gold Bug (1) File and Boot infector 12/12/01
Logon.scr File infector 12/10/01
Ruw (2) File infector 12/10/01
Ghostmail.Spammer File infector 12/03/01
HLLO.Picked.4505 File infector 11/20/01
ICQ.Junta.Trojan File infector 11/20/01
W97M.Galero.A File infector 11/20/01
W97M.Marker.NW File infector 11/20/01
AirCop Dropper Boot infector 11/13/01
Denzuk Dropper Boot infector 11/13/01
**********************************************************************
** Enabling Scanning Features **
**********************************************************************
Several scanning features can be enabled through the use of an INF
configuration file. For NAV for Windows 95/NT version 4.x and later,
or NAV for OS/2, this configuration file should be called NAVEX15.INF
and should be placed in the directory where NAV is installed (i.e.,
C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x,
the file should be called NAVEX15.INF and should be placed in the
directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
should be placed in the directory where NAV is installed (i.e., C:\NAV).
If this configuration file does not exist, create one in the appropriate
directory if you want to change the default settings.
To enable a scanning feature for a particular component, one or more
entries need to be added to the configuration file under the correct
section. For each platform there is a corresponding section that is used
in the INF file. Below is a table of section names and platforms.
Section Name Platform
------------ --------
NAVW32 Windows 95/98/NT
NAVAP Windows 95/98/NT Auto-Protect
NAVDX DOS
NAVNLM Netware
NAVWIN Windows 3.1
NAVOS2 OS/2
NAVAIX AIX
NAVSOL Solaris
Entries are case insensitive. Below is a description of possible
entries.
1. Files can be excluded from scans by the NAVEX engine. To exclude a
specific file from the NAVEX engine scan, add an entry with the full
path and file name. This is case insensitive. No wildcards are allowed.
To exclude multiple files, add a separate entry for each file. To exclude
a file, add an entry like the one below where <PATH> is the full path
and file name.
ExcludeFile = <PATH>
2. Files within a directory can be excluded from scans by the NAVEX engine.
To exclude all files within a directory, add an entry with the full
directory path. This is case insensitive. No wildcards are allowed. This
does not exclude files located in subdirectories of the specified
directory. To exclude multiple directories, add a separate entry for each
directory. To exclude a directory, add an entry like the one below where
<DIRECTORY> is the full path.
ExcludeDirectory = <DIRECTORY>
The following example of an INF configuration file excludes two files,
NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT
scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT
Auto-Protect.
[NAVW32]
ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
ExcludeFile = C:\TEMP\BIGFILE.DOC
[NAVAP]
ExcludeDirectory = D:\PRIVATE
**********************************************************************
** Additional Information **
**********************************************************************
Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.
