home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2002 April
/
PCWorld_2002-04_cd.bin
/
Software
/
Antiviry
/
nav32
/
0305i32.exe
/
whatsnew.txt
< prev
next >
Wrap
Text File
|
2002-03-05
|
31KB
|
583 lines
**********************************************************************
** **
** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
** **
** Symantec Security Response March 05, 2002 **
** **
**********************************************************************
This document contains the following topics:
* Virus Alerts
* New Technologies
* Changes Incorporated Into This Update
* Enabling Scanning Features
* Additional Information
**********************************************************************
** Virus Alerts **
**********************************************************************
The ten most commonly reported viruses, worldwide:
1 W95.Hybris.worm
2 W95.MTX
3 Wscript.KakWorm
4 W32.HLLW.Bymer
5 W32.Magistr.24876@mm
6 W32.Badtrans.13312@mm
7 W32.Navidad.16896
8 Happy99.Worm
9 VBS.LoveLetter
10 W32.HLLW.Qaz
**********************************************************************
** New Technologies **
**********************************************************************
DATE Technologies Added
---- ------------------
02/18/99 * Detection and repair of macro viruses in Word and Excel
2000 documents.
05/15/99 * Added repair for PowerPoint viruses.
* Improved heuristics to detect more WORD 97 related
viruses.
06/10/99 * Menu repair technology for WORD macro viruses that change
command bar customizations in NORMAL.DOT.
07/12/99 * Added support for scanning of Ichitaro 8/9 documents.
(Ichitaro is a Japanese word processing program).
08/19/99 * Added detection and repair for embedded documents inside
PowerPoint 97.
11/22/99 * Added detection and repair for Trojans embedded in OLE
files, such as Windows scrap files and MS Office
documents.
* Added detection for viruses which infect Microsoft
Project documents (P98M.Corner.A, for example).
02/10/00 * Added support for scanning of UNIX executables.
* Added detection for infected Visio documents.
12/18/00 * Added heuristics for for 32-bit Windows viruses.
* Added a script scanner which increases our capabilities for
detecting script based threats.
08/02/01 * Engine Update 08/02/01
* All products that use the NAVEX 1.5 architecture
(in other words, most major Symantec products released over
the last 3 - 4 years) will receive the new functionality.
* This enhanced technology provides improved script scanning
as well as more proactive detection of unknown script-based
threats.
**********************************************************************
** Changes Incorporated Into This Virus Definitions Update **
**********************************************************************
DATE
----
New virus definitions (sorted by Virus Name):
Virus Name Infection Type Date added
---------- -------------- ---------
A97M.Poison File infector 03/01/02
BAT.DeadByte.b File infector 02/28/02
BAT.DeadByte.f File infector 02/28/02
Boot/BootDr193 Boot infector 02/28/02
Boot/Ebo.mp Boot infector 02/28/02
Boot/Fagen Boot infector 03/04/02
Boot/Flame Boot infector 02/28/02
Boot/Hide-and-Seek Boot infector 03/04/02
BootEXE.446 File infector 03/04/02
DeadByte.199 File infector 02/28/02
Ebo.mp File infector 02/28/02
Elben.103.b File infector 02/28/02
Elben.300 File infector 02/28/02
Elben.301 File infector 02/28/02
Elben.353 File infector 02/28/02
Elben.354 File infector 02/28/02
Este.1459 File infector 03/04/02
G2.family File infector 02/28/02
G2.family (2) File infector 02/28/02
HLL.6915 File infector 03/04/02
HLL.6915 (2) File infector 03/04/02
HLL.ow.2040 File infector 03/04/02
HLL.ow.2040 (2) File infector 03/04/02
HLL.ow.DPOG File infector 03/04/02
HLLO.4213 File infector 03/04/02
HLLO.4213 (2) File infector 03/04/02
HLLO.5488 File infector 03/04/02
HLLO.5488 (2) File infector 03/04/02
HLLP.4328 File infector 03/04/02
HLLP.4328 (2) File infector 03/04/02
HLLP.4328 (3) File infector 03/04/02
HLLP.4328 (4) File infector 03/04/02
HLLP.5644 File infector 03/04/02
HLLP.5644 (2) File infector 03/04/02
HLLP.5644 (3) File infector 03/04/02
HLLP.5984 File infector 03/04/02
HLLP.5984 (2) File infector 03/04/02
HLLP.6128 File infector 03/04/02
HLLP.6128 (2) File infector 03/04/02
HLLP.6256b File infector 03/04/02
HLLP.6256b (2) File infector 03/04/02
HLLP.6256b (3) File infector 03/04/02
HLLP.8563 File infector 03/05/02
HLLP.8563 (2) File infector 03/05/02
HLLP.8600 File infector 03/04/02
HLLP.8600 (2) File infector 03/04/02
HLLT.5904 File infector 03/05/02
HLLT.5904 (2) File infector 03/05/02
HLLT.5914 File infector 03/05/02
HLLT.5914 (2) File infector 03/05/02
HLLT.6420 File infector 03/05/02
HLLT.6420 (2) File infector 03/05/02
HLLT.6880 File infector 03/04/02
HLLT.6880 (2) File infector 03/04/02
HLLT.6880 (3) File infector 03/04/02
HLLT.6978 File infector 03/05/02
HLLT.6978 (2) File infector 03/05/02
Invert.622.dd File infector 03/05/02
Jeru.3883 File infector 03/05/02
Lemming.2056 File infector 03/04/02
Lemming.2056 (1) File infector 03/04/02
Morpheus.193 File infector 03/05/02
Mpoc.504 File infector 03/05/02
Npox.1805 File infector 03/05/02
VBS.Flip@mm File infector 03/04/02
W32.Aidlot File infector 03/05/02
W32.Gibe@mm File infector 03/04/02
W32.HLLW.Cybercer File infector 03/05/02
W32.HLLW.Ica File infector 03/05/02
W32.HLLW.Lemen File infector 03/05/02
W32.HLLW.Nopro File infector 03/05/02
W32.Hotlix.Worm File infector 03/05/02
W32.Lenti.Worm File infector 03/05/02
W32.Nimda.J@mm File infector 03/01/02
W32.Nimda.K@mm File infector 03/05/02
W32.Paulmix File infector 03/05/02
W32.Secet.Worm File infector 03/05/02
W32.Vicex.Worm File infector 03/05/02
W32.Wide File infector 03/05/02
W97M.Advice.Trojan File infector 03/04/02
W97M.Cypher File infector 03/04/02
W97M.Mago.B File infector 03/04/02
W97M.Nutshell.Trojan File infector 03/05/02
W97M.Osinj File infector 03/04/02
W97M.Sant.B.Int File infector 03/04/02
WM.Watermark.A:Tw File infector 03/04/02
WM.Wg.12288.dr File infector 03/04/02
WM.Wiederoe.Trojan File infector 03/04/02
X97M.Amdk File infector 03/04/02
X97M.Hopper.Y File infector 03/04/02
X97M.Know File infector 03/04/02
X97M.Ksg File infector 03/04/02
X97M.MVT File infector 03/04/02
X97M.Paran File infector 03/04/02
X97M.Tryguard File infector 03/04/02
XM.DMV.C File infector 03/04/02
XM.Delini File infector 03/04/02
XM.Teign File infector 03/04/02
Xany.230 File infector 03/04/02
Xany.241 File infector 03/04/02
New virus definitions (sorted by Date added):
Virus Name Infection Type Date added
---------- -------------- ----------
HLLP.8563 File infector 03/05/02
HLLP.8563 (2) File infector 03/05/02
HLLT.5904 File infector 03/05/02
HLLT.5904 (2) File infector 03/05/02
HLLT.5914 File infector 03/05/02
HLLT.5914 (2) File infector 03/05/02
HLLT.6420 File infector 03/05/02
HLLT.6420 (2) File infector 03/05/02
HLLT.6978 File infector 03/05/02
HLLT.6978 (2) File infector 03/05/02
Invert.622.dd File infector 03/05/02
Jeru.3883 File infector 03/05/02
Morpheus.193 File infector 03/05/02
Mpoc.504 File infector 03/05/02
Npox.1805 File infector 03/05/02
W32.Aidlot File infector 03/05/02
W32.HLLW.Cybercer File infector 03/05/02
W32.HLLW.Ica File infector 03/05/02
W32.HLLW.Lemen File infector 03/05/02
W32.HLLW.Nopro File infector 03/05/02
W32.Hotlix.Worm File infector 03/05/02
W32.Lenti.Worm File infector 03/05/02
W32.Nimda.K@mm File infector 03/05/02
W32.Paulmix File infector 03/05/02
W32.Secet.Worm File infector 03/05/02
W32.Vicex.Worm File infector 03/05/02
W32.Wide File infector 03/05/02
W97M.Nutshell.Trojan File infector 03/05/02
Boot/Fagen Boot infector 03/04/02
Boot/Hide-and-Seek Boot infector 03/04/02
BootEXE.446 File infector 03/04/02
Este.1459 File infector 03/04/02
HLL.6915 File infector 03/04/02
HLL.6915 (2) File infector 03/04/02
HLL.ow.2040 File infector 03/04/02
HLL.ow.2040 (2) File infector 03/04/02
HLL.ow.DPOG File infector 03/04/02
HLLO.4213 File infector 03/04/02
HLLO.4213 (2) File infector 03/04/02
HLLO.5488 File infector 03/04/02
HLLO.5488 (2) File infector 03/04/02
HLLP.4328 File infector 03/04/02
HLLP.4328 (2) File infector 03/04/02
HLLP.4328 (3) File infector 03/04/02
HLLP.4328 (4) File infector 03/04/02
HLLP.5644 File infector 03/04/02
HLLP.5644 (2) File infector 03/04/02
HLLP.5644 (3) File infector 03/04/02
HLLP.5984 File infector 03/04/02
HLLP.5984 (2) File infector 03/04/02
HLLP.6128 File infector 03/04/02
HLLP.6128 (2) File infector 03/04/02
HLLP.6256b File infector 03/04/02
HLLP.6256b (2) File infector 03/04/02
HLLP.6256b (3) File infector 03/04/02
HLLP.8600 File infector 03/04/02
HLLP.8600 (2) File infector 03/04/02
HLLT.6880 File infector 03/04/02
HLLT.6880 (2) File infector 03/04/02
HLLT.6880 (3) File infector 03/04/02
Lemming.2056 File infector 03/04/02
Lemming.2056 (1) File infector 03/04/02
VBS.Flip@mm File infector 03/04/02
W32.Gibe@mm File infector 03/04/02
W97M.Advice.Trojan File infector 03/04/02
W97M.Cypher File infector 03/04/02
W97M.Mago.B File infector 03/04/02
W97M.Osinj File infector 03/04/02
W97M.Sant.B.Int File infector 03/04/02
WM.Watermark.A:Tw File infector 03/04/02
WM.Wg.12288.dr File infector 03/04/02
WM.Wiederoe.Trojan File infector 03/04/02
X97M.Amdk File infector 03/04/02
X97M.Hopper.Y File infector 03/04/02
X97M.Know File infector 03/04/02
X97M.Ksg File infector 03/04/02
X97M.MVT File infector 03/04/02
X97M.Paran File infector 03/04/02
X97M.Tryguard File infector 03/04/02
XM.DMV.C File infector 03/04/02
XM.Delini File infector 03/04/02
XM.Teign File infector 03/04/02
Xany.230 File infector 03/04/02
Xany.241 File infector 03/04/02
A97M.Poison File infector 03/01/02
W32.Nimda.J@mm File infector 03/01/02
BAT.DeadByte.b File infector 02/28/02
BAT.DeadByte.f File infector 02/28/02
Boot/BootDr193 Boot infector 02/28/02
Boot/Ebo.mp Boot infector 02/28/02
Boot/Flame Boot infector 02/28/02
DeadByte.199 File infector 02/28/02
Ebo.mp File infector 02/28/02
Elben.103.b File infector 02/28/02
Elben.300 File infector 02/28/02
Elben.301 File infector 02/28/02
Elben.353 File infector 02/28/02
Elben.354 File infector 02/28/02
G2.family File infector 02/28/02
G2.family (2) File infector 02/28/02
Name Changes (sorted by Old Virus Name):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
Backdoor.Infector to Backdoor.Surgeon 02/21/02
Bin.Auto.ASP to Crepuscular.325 02/15/02
Bin.Auto.ASU to Dreg.921 02/15/02
Bin.Auto.ASW to FAT.2510.B 02/15/02
Bin.Auto.ASX to Fitria.779 02/15/02
Bin.Auto.ASZ to F4ff.2089 02/15/02
Bin.Auto.ATA to Chosun.2576 02/15/02
Bin.Auto.ATD to Leealu.360 02/15/02
Bin.Auto.ATE to Febtwo.761 02/15/02
Bin.Auto.ATF to Grob.1970 02/15/02
Bin.Auto.ATG to Gula.575 02/15/02
Bin.Auto.ATH to Fitria.825 02/15/02
Bin.Auto.ATI to Int62.398 02/15/02
Bin.Auto.ATJ to Khizhnjak.542 02/15/02
Bin.Auto.ATK to Kondrat.666 02/15/02
Bin.Auto.ATL to Letran.723 02/15/02
Bin.Auto.ATM to Kufu.257 02/15/02
Bin.Auto.ATN to Khizhnjak.797 02/15/02
Bin.Auto.AUT to SillyC.156 02/20/02
Bin.Auto.AUU to Elben.100 02/20/02
Bin.Auto.AUV to Elben.107 02/21/02
Bin.Auto.AUW to Nambul.2297 02/21/02
Bin.Auto.AUX to PFS.5846 02/21/02
Bin.Auto.AUY to SillyC.312.A 02/21/02
Bin.Auto.AUZ to Ebo.2398 02/21/02
Bin.Auto.AVA to Excombat.3093 02/21/02
Bin.Auto.AVB to Settlers.1106.A 02/21/02
Bin.Auto.AVC to SillyC.240.D 02/21/02
Bin.Auto.AVE to Pixel.Hydra.343.E 02/21/02
Bin.Auto.AVF to Moskau.838 02/21/02
Bin.Auto.AVG to SillyC.193.B 02/21/02
Bin.Auto.AVH to Trigger.776 02/21/02
Bin.Auto.AVI to Trivial.161.B 02/21/02
Bin.Auto.AVJ to Scull.1035 02/21/02
Bin.Auto.AVK to Elben.103 02/21/02
Bin.Auto.AVL to Gobleen.413.B 02/21/02
Bin.Auto.AVM to Vnu.530 02/21/02
Bin.Auto.AVN to Birgit.360 02/21/02
Bin.Auto.AVO to RPG.158 02/21/02
Bin.Auto.AVP to VV3.1693 02/21/02
Bin.Auto.AVQ to Paraguay.851 02/21/02
Bin.Auto.AVR to SillyC.142.B 02/21/02
CeydaDemet to IRC.Worm.Ceyda(2) 02/20/02
SecHole.Trojan to Hacktool.Sechole 03/01/02
Trojan.VBS.BinHex to VBS.BinHex.Trojan 03/01/02
W32.Palco.A to W32.Alcarys.C 02/28/02
W32.TaiChi to W2K.Lamchi 02/27/02
W97M.Palco.A to W97M.Alcarys.C 02/28/02
W97M.Quaint.A to W97M.Quaint 03/04/02
WM.Ice,intd to WM.Ice.intd 02/23/02
Name Changes (sorted by Date changed):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
W97M.Quaint.A to W97M.Quaint 03/04/02
SecHole.Trojan to Hacktool.Sechole 03/01/02
Trojan.VBS.BinHex to VBS.BinHex.Trojan 03/01/02
W32.Palco.A to W32.Alcarys.C 02/28/02
W97M.Palco.A to W97M.Alcarys.C 02/28/02
W32.TaiChi to W2K.Lamchi 02/27/02
WM.Ice,intd to WM.Ice.intd 02/23/02
Backdoor.Infector to Backdoor.Surgeon 02/21/02
Bin.Auto.AUV to Elben.107 02/21/02
Bin.Auto.AUW to Nambul.2297 02/21/02
Bin.Auto.AUX to PFS.5846 02/21/02
Bin.Auto.AUY to SillyC.312.A 02/21/02
Bin.Auto.AUZ to Ebo.2398 02/21/02
Bin.Auto.AVA to Excombat.3093 02/21/02
Bin.Auto.AVB to Settlers.1106.A 02/21/02
Bin.Auto.AVC to SillyC.240.D 02/21/02
Bin.Auto.AVE to Pixel.Hydra.343.E 02/21/02
Bin.Auto.AVF to Moskau.838 02/21/02
Bin.Auto.AVG to SillyC.193.B 02/21/02
Bin.Auto.AVH to Trigger.776 02/21/02
Bin.Auto.AVI to Trivial.161.B 02/21/02
Bin.Auto.AVJ to Scull.1035 02/21/02
Bin.Auto.AVK to Elben.103 02/21/02
Bin.Auto.AVL to Gobleen.413.B 02/21/02
Bin.Auto.AVM to Vnu.530 02/21/02
Bin.Auto.AVN to Birgit.360 02/21/02
Bin.Auto.AVO to RPG.158 02/21/02
Bin.Auto.AVP to VV3.1693 02/21/02
Bin.Auto.AVQ to Paraguay.851 02/21/02
Bin.Auto.AVR to SillyC.142.B 02/21/02
Bin.Auto.AUT to SillyC.156 02/20/02
Bin.Auto.AUU to Elben.100 02/20/02
CeydaDemet to IRC.Worm.Ceyda(2) 02/20/02
Bin.Auto.ASP to Crepuscular.325 02/15/02
Bin.Auto.ASU to Dreg.921 02/15/02
Bin.Auto.ASW to FAT.2510.B 02/15/02
Bin.Auto.ASX to Fitria.779 02/15/02
Bin.Auto.ASZ to F4ff.2089 02/15/02
Bin.Auto.ATA to Chosun.2576 02/15/02
Bin.Auto.ATD to Leealu.360 02/15/02
Bin.Auto.ATE to Febtwo.761 02/15/02
Bin.Auto.ATF to Grob.1970 02/15/02
Bin.Auto.ATG to Gula.575 02/15/02
Bin.Auto.ATH to Fitria.825 02/15/02
Bin.Auto.ATI to Int62.398 02/15/02
Bin.Auto.ATJ to Khizhnjak.542 02/15/02
Bin.Auto.ATK to Kondrat.666 02/15/02
Bin.Auto.ATL to Letran.723 02/15/02
Bin.Auto.ATM to Kufu.257 02/15/02
Bin.Auto.ATN to Khizhnjak.797 02/15/02
Deletions (sorted by Virus Name):
Virus Name Infection Type Date removed
---------- -------------- ------------
Bin.Auto.AVD File infector 02/08/02
Boot Dropper Boot infector 01/22/02
BootDr.188 (2) File infector 03/04/02
BootDr.188 (3) File infector 03/04/02
Ghostmail.Spammer File infector 12/03/01
Gold Bug (1) File and Boot infector 12/12/01
HLLO.Picked.4505 File infector 11/20/01
ICQ.Junta.Trojan File infector 11/20/01
JS.Zacker.A File infector 12/20/01
Logon.scr File infector 12/10/01
Pojer File infector 12/13/01
Ruw (2) File infector 12/10/01
StarShip (4) File and Boot infector 01/11/02
VBS.Zacker.A File infector 12/20/01
Vacsina.Mut.1744 (1) File infector 01/22/02
W32.DlDer.Trojan File infector 01/04/02
W32.Swag@mm File infector 01/30/02
Worm.Automat.AGJ File infector 12/24/01
Wyx.boot File infector 12/21/01
X97M.Laroux.SI File infector 02/08/02
Deletions (sorted by Date removed):
Virus Name Infection Type Date removed
---------- -------------- ------------
BootDr.188 (2) File infector 03/04/02
BootDr.188 (3) File infector 03/04/02
Bin.Auto.AVD File infector 02/08/02
X97M.Laroux.SI File infector 02/08/02
W32.Swag@mm File infector 01/30/02
Boot Dropper Boot infector 01/22/02
Vacsina.Mut.1744 (1) File infector 01/22/02
StarShip (4) File and Boot infector 01/11/02
W32.DlDer.Trojan File infector 01/04/02
Worm.Automat.AGJ File infector 12/24/01
Wyx.boot File infector 12/21/01
JS.Zacker.A File infector 12/20/01
VBS.Zacker.A File infector 12/20/01
Pojer File infector 12/13/01
Gold Bug (1) File and Boot infector 12/12/01
Logon.scr File infector 12/10/01
Ruw (2) File infector 12/10/01
Ghostmail.Spammer File infector 12/03/01
HLLO.Picked.4505 File infector 11/20/01
ICQ.Junta.Trojan File infector 11/20/01
**********************************************************************
** Enabling Scanning Features **
**********************************************************************
Several scanning features can be enabled through the use of an INF
configuration file. For NAV for Windows 95/NT version 4.x and later,
or NAV for OS/2, this configuration file should be called NAVEX15.INF
and should be placed in the directory where NAV is installed (i.e.,
C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x,
the file should be called NAVEX15.INF and should be placed in the
directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
should be placed in the directory where NAV is installed (i.e., C:\NAV).
If this configuration file does not exist, create one in the appropriate
directory if you want to change the default settings.
To enable a scanning feature for a particular component, one or more
entries need to be added to the configuration file under the correct
section. For each platform there is a corresponding section that is used
in the INF file. Below is a table of section names and platforms.
Section Name Platform
------------ --------
NAVW32 Windows 95/98/NT
NAVAP Windows 95/98/NT Auto-Protect
NAVDX DOS
NAVNLM Netware
NAVWIN Windows 3.1
NAVOS2 OS/2
NAVAIX AIX
NAVSOL Solaris
Entries are case insensitive. Below is a description of possible
entries.
1. Files can be excluded from scans by the NAVEX engine. To exclude a
specific file from the NAVEX engine scan, add an entry with the full
path and file name. This is case insensitive. No wildcards are allowed.
To exclude multiple files, add a separate entry for each file. To exclude
a file, add an entry like the one below where <PATH> is the full path
and file name.
ExcludeFile = <PATH>
2. Files within a directory can be excluded from scans by the NAVEX engine.
To exclude all files within a directory, add an entry with the full
directory path. This is case insensitive. No wildcards are allowed. This
does not exclude files located in subdirectories of the specified
directory. To exclude multiple directories, add a separate entry for each
directory. To exclude a directory, add an entry like the one below where
<DIRECTORY> is the full path.
ExcludeDirectory = <DIRECTORY>
The following example of an INF configuration file excludes two files,
NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT
scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT
Auto-Protect.
[NAVW32]
ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
ExcludeFile = C:\TEMP\BIGFILE.DOC
[NAVAP]
ExcludeDirectory = D:\PRIVATE
**********************************************************************
** Additional Information **
**********************************************************************
Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.