Thank you for using Virex, the fastest, most accurate virus detection and repair solution available for the Macintosh. These release notes contain important information about the current Virex Virus Update. Network Associates strongly recommends that you read the entire document.
Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact Network Associates Customer Care, technical support, and the Total Virus Defense documentation team.
WHAT'S IN THIS FILE
- What Is a Virus Update File?
- Documentation
- Installation
- Additional Information
- New Viruses Detected and Removed
- Understanding Virus Names
- Contacting Network Associates
- Statement of Year 2000 Compliance
- Copyright and Trademark Attributions
WHAT IS A VIRUS UPDATE FILE?
Virus Update files contain up-to-date virus signatures and other information for Virex to use to protect your computer against the thousands of computer viruses in circulation and against the hundreds of new viruses that emerge between updates. Network Associates releases new Virus Update files each month. To protect yourself against these virus threats, download and install the latest Virus Update file every month.
DOCUMENTATION
Network Associates provides each of its products with an extensive set of documentation, consisting usually of one or more product guides saved in Adobe Acrobat Portable Document Format (.PDF), and an online help system, whose form
can vary, depending the platform on which the product runs.
Acrobat .PDF files are flexible online documents that contain hyperlinks, outlines and other aids for easy navigation and information retrieval. You can also install an Acrobat plug-in file that allows you to read .PDF documents from within your web browser while online. Copies of the product documentation come with the product CD-ROM or are available on the Network Associates website at:
ftp://ftp.nai.com/pub/manuals/total_virus_defense
A copy of the free Acrobat Reader also comes with the product CD-ROM or is available from the Adobe website at:
To comment or ask about, or to suggest improvements to Network Associates anti-virus product documentation, send e-mail messages to:
tvd_documentation@nai.com
To get answers to your technical support questions, send messages to:
support@nai.com
To ask about your eligibility for updates and upgrades, check your registration, or ask general questions related to Network Associates software, send messages to:
custcare@nai.com
INSTALLATION
Network Associates distributes Virus Update files as StuffIt archives. These come in two forms: a BinHexed VX991201.HQX file, and as VX991201.UPD, a straight archive file suitable for use with the eUpdate feature in Virex v6.0 anti-virus software.
• USING EUPDATE TO INSTALL VIRUS UPDATE FILES •
If you use the eUpdate feature in the Virex v6.0 software, the software itself will download, extract, and install the Virus Update file. Although this works quite well for individual Macintosh computers, Network Associates recommends a different approach for medium and large networks.
With this method, you download the VX991201.UPD file directly from the Network Associates FTP site using a web browser or FTP client software. You then post the file to a central server on your network and configure all of your client computers to download the VX991201.UPD file from that central server via FTP or AppleTalk, depending on your preference or your network configuration.
This allows you to control when all updates occur, to reduce network traffic on your servers, to reduce your security risks from outside your network, and to take best advantage of Network Associates server bandwidth. For more details, see the Virex User's Guide stored on the Virex CD-ROM or disc image.
• INSTALLING VIRUS UPDATE FILES DIRECTLY •
To install Virus Update files directly on to each of your client Macintosh computers, download the VX991201.HQX file from the Network Associates website or FTP site, then extract the files for installation. To do so, you'll need a copy of StuffIt Expander, StuffIt Lite, or another utility that can read and process files saved in StuffIt format.
You can download the utilities you need from most electronic services. Most browser software also includes a plug-in version of StuffIt Expander that can extract the files automatically, as soon as you download them.
NOTE: If you have Virex v6.0 anti-virus software installed, you can
use its eUpdate feature to download and install new Virus Update
files automatically. To learn how to do so, see the Virex User's Guide.
To install the Virus Update file, download or copy the compressed file to your Macintosh desktop or to a temporary folder on your hard disk. Next, follow these steps:
1. Start your compression application, then use it to open
and extract the Virus Definitions 1999-12-01.sit file.
If you have a copy of StuffIt Expander on your desktop,
you can simply drag the Virus Definitions file on top of
StuffIt Expander to have the file extract automatically.
2. The extracted file will appear on your hard disk with the
name Virus Definitions 1999-12-01. Double-click this file
to start Virex.
Virex will ask you to confirm that you want to update your
Virus Definitions file.
3. Click Update to continue.
Virex will tell you when it has finished updating your file. Click OK to return to the Virex application's main window, where you can immediately start a new scan operation. In the lower left corner of its main window, the Virex application displays the legend Virus Definitions, followed by a date. This date marks the day Network Associates produced or designated this update file for release. For the December 1, 1999 Virus Update, this date is 12/1/99. The specific format of the date shown will depend on how you have your computer set to display dates.
Note: By default, the Virex Installer uses the Virus Definition file that comes with it to scan your system. You should
consider replacing this Virus Definition file with a current Virus Update file in order to take advantage of new
detection capabilities.
ADDITIONAL INFORMATION
• AUTOSTART WORMS •
If Virex detects an AutoStart worm on your computer, Network Associates strongly recommends that you restart your system with extensions disabled, then start a scan operation with the Virex application.
To disable your extensions, press the Shift key on your keyboard as you restart your computer. Continue to hold the Shift key until you see the message Extensions Disabled. This prevents the AutoStart worm from loading into your computer's memory and allows Virex to remove it from your system. If you do not disable your extensions, the worm will load into memory and can continue to spread even after you remove its original files from your system.
As an alternative, follow these steps:
1. Choose Virex Control Panel from the Apple menu to
open the control panel window.
2. Click Preferences.
3. Select the General icon at the left of the Preferences
dialog box, then choose either First or Alphabetically
from the Load Control Panel menu.
4. Select the File Access icon at the left of the
Preferences dialog box.
5. Verify that the Scan Files When Opened checkbox is
selected.
6. Click Save to save your settings and return to the
Virex Control Panel window.
7. Close the Control Panel window, then restart your
computer.
Virex will load into your computer's memory first and will remove the worm as it tries to launch at startup.
To prevent the AutoStart worm from reappearing on your computer or infecting other computers, use Virex to scan all disks that you might have used with an infected computer. If you have the Virex Control Panel's Scan Files When Opened option activated, you can safely mount infected disks for scanning.
If you need to enable additional extensions in order to mount some disk types, you should disable the AutoPlay option in the QuickTime Settings control panel before you restart your computer. Follow these steps:
1. Choose QuickTime Settings from the Apple menu to
open the control panel window.
2. Choose AutoPlay from the menu at the top of the
control panel window.
3. Verify that the Enable Audio CD AutoPlay and the
Enable CD-ROM AutoPlay checkboxes are clear.
4. Close the control panel window.
5. Use Extensions Manager or an extensions manager
utility to enable the extensions you need, then
restart your computer.
NEW VIRUSES DETECTED AND REMOVED
• IMPORTANT NOTE •
This Virus Update file functions only with Virex v5.9.0 or later. You cannot use this Virus Update file with earlier Virex versions. This Virus Update file detects these 98 new viruses:
W97M/Assilem
W97M/Astia.v
W97M/Astia.v.gen
W97M/Astia.w
W97M/Astia.x
W97M/Astia.y
W97M/Astia.z
W97M/Bablas.d
W97M/Belling
W97M/Break
W97M/Breeder
W97M/Brenda
W97M/Brenda.c
W97M/Bribagi
W97M/Cakes
W97M/Chack.as
W97M/Chack.at
W97M/Class
W97M/Class.ed
W97M/Cobra.f
W97M/Comment
W97M/Cont
W97M/Corner.a
W97M/Destino
W97M/Eight
W97M/Ethan
W97M/Ethan.ba
W97M/Fabi
W97M/Fly
W97M/Fly.gen
W97M/Gomez
W97M/Goober
W97M/Groov.u
W97M/Hog
W97M/Hope
W97M/Illegal
W97M/Iseng
W97M/JB
W97M/JB.gen
W97M/JulyKill.gen
W97M/Klausi
W97M/Komcon
W97M/Liar
W97M/Lucia
W97M/Marker
W97M/MCK.d
W97M/MCK.gen
W97M/Melissa
W97M/Melissa.ac
W97M/Melissa.gen
W97M/Melissa.m.gen
W97M/Melissa.x
W97M/Melissa.y.gen
W97M/Melissa.z
W97M/Minimal
W97M/Muck
W97M/Multo
W97M/Myna
W97M/NiceDay.ad
W97M/Opey.i
W97M/Opey.j
W97M/Opey.k
W97M/Opey.l
W97M/Opey.m
W97M/Panther
W97M/Pathetic
W97M/Pathetic.a
W97M/Pathetic.b
W97M/Preside
W97M/Reformis
W97M/Slage
W97M/Soul
W97M/Stars
W97M/Story
W97M/Story.gen
W97M/Thus
W97M/Thus.gen
W97M/Titch
W97M/Toraja
W97M/Toraja.gen
W97M/Tristate.gen
W97M/Turn
W97M/Venus
W97M/VMPCK1.db
W97M/Vovan
W97M/Vovan.a
X97M/Clonar
X97M/Diablo.b
X97M/Hongo.b
X97M/Laroux.cs
X97M/Laroux.ky
X97M/Laroux.kz
X97M/Laroux.lb
X97M/Majo
X97M/Manalo.h
X97M/Toraja
X97M/Toraja.gen
X97M/Tristate.gen
UV1 - UNDERSTANDING VIRUS NAMES
Network Associates anti-virus software typically follows industry-wide naming conventions to identify the viruses that it detects and cleans. Occasionally, some virus names deviate from strict industry standards.
The first virus with a given set of characteristics that mark it as a distinctly new entity receives a "family" name. Virus researchers draw the family name from some identifying quirk in the virus--a text string, perhaps, or a payload effect.
Names for variants of that first virus consist of the family name and a suffix--<VIRUS>.A, for example. The suffix designations continue in alphabetical order until they reach .Z. At that point, they begin again with .AA and continue until they reach .AZ. Still later variants receive the suffix .BA through .BZ, and so forth, until the suffix designations reach .ZZ. If yet another variant appears after that, it would get the suffix .AAA.
As new virus strains appeared, industry naming conventions evolved to include more information. Some names, for instance, include parts that identify the platform on which the virus originated or can run. Macro viruses, the most prevalent of the virus types, can have a complex names that consists of a number of parts. Although the virus name might identify the platform of origin, most macro viruses are cross-platform and can run in a number of different environments. The effects of a virus infection can vary between platforms, but in a networked environment, what might have no effect on one platform can do severe damage in another.
Among anti-virus vendors, virus names can include:
• PREFIX •
The prefix designates the type of file that the virus infects or the platform on which it can run. Network Associates virus names can include these prefixes:
A97M/ Macro virus. Infects Microsoft Access 97 files
HLL/ File-infector or boot-sector virus. Written in
a high-level programming language
HTML/ Script virus. Infects HTML files
IRC/ Internet Relay Chat script virus. This virus
type can use early versions of the mIRC
client software to distribute a virus or
payload
O2KM/ Macro virus. Infects Microsoft Office 2000
files
O97M/ Macro virus. Infects files from the Microsoft
Office 97 application suite on more than one
platform
PP97M/ Macro virus. Infects Microsoft PowerPoint 97
files
VBS/ Script virus. Infects Visual Basic scripts
W32/ File-infector or boot-sector virus. Runs in
32-bit Windows environments (Windows 95,
Windows 98 or Windows NT)
WIN/ File-infector virus. Runs in 16-bit and 32-bit
Windows environments (Windows 3.1x, Windows 95,
Windows 98, or Windows NT)
WIN95/ File-infector or boot-sector virus. Runs in
Windows 95 and Windows 98 environments
W97M/ Macro virus. Infects Microsoft Word 97 files
WM/ Macro virus. Infects Microsoft Word 95 files
X97F/ Macro virus. Infects Microsoft Excel 97 via
Excel formulas
X97M/ Macro virus. Infects Microsoft Excel 97 files
XF/ Macro virus. Infects Microsoft Excel 95 or 97
via Excel formulas
XM/ Macro virus. Infects Microsoft Excel 95 files
• INFIX •
These designations usually appear in the middle of a virus name. Network Associates assigns these designations, which will differ from industry conventions.
.CMP. Companion file. This designates a companion
file that the virus adds to an existing
executable file. Network Associates
software deletes the companion file to
prevent later infections
.MP. Multi-partite virus. A Network Associates
designation
.OW. Overwritten. This identifies a file
irreparably corrupted when a virus
overwrote data within it. This file must
be deleted.
• SUFFIX •
These designations usually appear as the last part of a virus name. A virus name can have more than one suffix. One might designate a variant, for example, while others give additional information. Network Associates assigns many of these designations, which can differ from industry conventions.
.A to .ZZZ Virus variant designation
.APP Appended viruses. This designates a virus
that appends its code to the file it
infects, but fails to provide for correct
replication. Network Associates software
detects these files in order to prevent
false virus identifications
.DAM Damaged file. This designates a file damaged
or corrupted by an infection
.DR Dropper file. This file introduces the virus
into the host program
.GEN Generic detection. Native routines in Network
Associates software detect this virus without
using specific code strings
.GR Generic detection and removal. Native routines
in Network Associates software detect and
remove this virus without using specific code
strings
.INTD "Intended" virus. This designates a virus that
has most of the usual virus characteristics,
but cannot replicate correctly. Anti-virus
software will detect it in order to prevent
false identifications of active viruses
NA1 - CONTACTING NETWORK ASSOCIATES
On December 1, 1997, McAfee Associates merged with Network General Corporation, Pretty Good Privacy, Inc.,
and Helix Software, Inc. to form Network Associates, Inc. The combined Company subsequently acquired Dr Solomon's
Software, Trusted Information Systems, Magic Solutions, and CyberMedia, Inc.
Network Associates continues to market and support the product lines from each of the former entities. You may
direct all questions, comments and technical support requests to the Network Associates Customer Care department
at any of the addresses or phone numbers listed below.
Contact the Network Associates Customer Care department at:
1. Phone (408) 988-3832
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
2. Fax (408) 970-9727
24-hour, Group III Fax
3. E-mail: custcare@nai.com
Send correspondence to any of the following Network Associates locations:
Network Associates Corporate Headquarters
3965 Freedom Circle
McCandless Towers
Santa Clara, CA 95054
Phone numbers for corporate-licensed customers:
Phone: (408) 988-3832
Fax: (408) 970-9727
Phone numbers for retail-licensed customers:
Phone: (972) 855-7044
Fax: (408) 970-9727
Network Associates offices outside the United States:
Network Associates Australia
Level 1, 500 Pacific Highway
St. Leonards, NSW
Sydney, Australia 2065
Phone: 61-2-8425-4200
Fax: 61-2-9439-5166
Network Associates Austria
Pulvermuehlstrasse 17
Linz, Austria
Postal Code A-4040
Phone: 43-732-757-244
Fax: 43-732-757-244-20
Network Associates Belgique
BDC Heyzel Esplanade, boîte 43
1020 Bruxelles
Belgique
Phone: 0032-2-478.10.29
Fax: 0032-2-478.66.21
Network Associates do Brasil
Rua Geraldo Flausino Gomez 78
Cj. - 51 Brooklin Novo - São Paulo
SP - 04575-060 - Brasil
Phone: (55 11) 5505 1009
Fax: (55 11) 5505 1006
Network Associates Canada
139 Main Street, Suite 201
Unionville, Ontario
Canada L3R 2G6
Phone: (905) 479-4189
Fax: (905) 479-4540
Network Associates People's Republic of China
New Century Office Tower, Room 1557
No. 6 Southern Road Capitol Gym
Beijing
People's Republic of China 100044
Phone: 86 10 6849-2650
Fax: 86 10 6849-2069
Network Associates Denmark
Lautruphoej 1-3
2750 Ballerup
Danmark
Phone: 45 70 277 277
Fax: 45 44 209 910
NA Network Associates Oy
Sinikalliontie 9, 3rd Floor
02630 Espoo
Finland
Phone: 358 9 5270 70
Fax: 358 9 5270 7100
Network Associates France S.A.
50 Rue de Londres
75008 Paris
France
Phone: 33 1 44 908 737
Fax: 33 1 45 227 554
Network Associates GmbH
Ohmstraße 1
D-85716 Unterschleißheim
Deutschland
Phone: 49 (0)89/3707-0
Fax: 49 (0)89/3707-1199
Network Associates Hong Kong
19th Floor, Matheson Centre
3 Matheson Way
Causeway Bay
Hong Kong 63225
Phone: 852-2832-9525
Fax: 852-2832-9530
Network Associates Srl
Centro Direzionale Summit
Palazzo D/1
Via Brescia, 28
20063 - Cernusco sul Naviglio (MI)
Italy
Phone: 39 02 92 65 01
Fax: 39 02 92 14 16 44
Network Associates Japan, Inc.
Toranomon 33 Mori Bldg.
3-8-21 Toranomon Minato-ku
Tokyo 105-0001 Japan
Phone: 81 3 5408 0700
Fax: 81 3 5408 0780
Network Associates Latin America
1200 South Pine Island Road, Suite 375
Plantation, Florida 33324
United States
Phone: (954) 452-1721
Fax: (954) 236-8031
Network Associates de Mexico
Andres Bello No. 10, 4 Piso
4th Floor
Col. Polanco
Mexico City, Mexico D.F. 11560
Phone: (525) 282-9180
Fax: (525) 282-9183
Network Associates International B.V.
Gatwickstraat 25
1043 GL Amsterdam
The Netherlands
Phone: 31 20 586 6100
Fax: 31 20 586 6101
Network Associates Portugal
Av. da Liberdade, 114
1269-046 Lisboa
Portugal
Phone: 351 1 340 4543
Fax: 351 1 340 4575
Net Tools Network Associates South Africa
Bardev House, St. Andrews
Meadowbrook Lane
Epson Downs, P.O. Box 7062
Bryanston, Johannesburg
South Africa 2021
Phone: 27 11 706-1629
Fax: 27 11 706-1569
Network Associates South East Asia
78 Shenton Way
#29-02
Singapore 079120
Phone: 65 222-7555
Fax: 65 222-7555
Network Associates Spain
Orense 4, 4a Planta.
Edificio Trieste
28020 Madrid
Spain
Phone: 34 91 598 18 00
Fax: 34 91 556 14 04
Network Associates Sweden
Datavägen 3A
Box 596
S-175 26 Järfälla
Sweden
Phone: 46 (0) 8 580 88 400
Fax: 46 (0) 8 580 88 405
Network Associates AG
Baeulerwisenstrasse 3
8152 Glattbrugg
Switzerland
Phone: 0041 1 808 99 66
Fax: 0041 1 808 99 77
Network Associates Taiwan
Suite 6, 11F
No. 188, Sec. 5
Nan King E. Rd.
Taipei, Taiwan, Republic of China
Phone: 886-2-27-474-8800
Fax: 886-2-27-635-5864
Network Associates International Ltd.
Minton Place, Victoria Street
Windsor, Berkshire
SL4 1EG
United Kingdom
Phone: 44 (0)1753 827 500
Fax: 44 (0)1753 827 520
Or, you can receive online assistance through any of the following resources:
1. Internet E-mail: support@nai.com
2. Internet FTP: ftp.nai.com
3. World Wide Web: http://support.nai.com
4. America Online: keyword MCAFEE
5. CompuServe: GO NAI
To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call:
- Program name and version number
- Computer brand and model
- Any additional hardware or peripherals connected to your computer
- Operating system version number
- Network name, operating system, and version
- Network card installed, where applicable
- Modem manufacturer, model, and bits-per-second rate, where applicable
- Relevant browsers or applications, and their version numbers, where applicable
- How to reproduce your problem: when it occurs, whether you can reproduce it regularly,
and under what conditions
- Information needed to contact you by voice, fax, or e-mail
Network Associates also seeks and appreciates general feedback.
• FOR PRODUCT UPGRADES •
Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network
Associates software. To find a reseller near your location, see the RESELLER.TXT file located on your product CD-ROM or installed on your hard disk. For assistance in locating a local reseller, you can also contact Network Associates Customer Care.
• FOR REPORTING PROBLEMS •
Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered appears in the Known Issues section of this or the Virex product's Read Me file, Network Associates is already aware of the problem, and you need not report it.
If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates or one of its resellers with your suggestions or concerns.
• FOR ON-SITE TRAINING INFORMATION •
Contact Network Associates Customer Service at (800) 338-8754.
• NETWORK ASSOCIATES BETA SITE •
To test pre-release software and obtain update files, including virus definition (.DAT) files, visit the Network Associates beta site at http://beta.nai.com. You will have access to Public Beta and External Test Areas. Your feedback will make a difference.
• AVERT ANTI-VIRUS RESEARCH SITE •
To see the latest information about emerging virus threats, submit samples of potentially infected files, and download updated scanning engine files, EXTRA.DAT files, and similar anti-virus software for testing, visit the AVERT research site at:
http://www.avertlabs.com
STATEMENT OF YEAR 2000 COMPLIANCE
To learn about Network Associates Year 2000 standards and testing models, and to see a list of compliant Network Associates products, visit the Network Associates website at:
http://www.nai.com/y2k
For further information or questions, send an e-mail message to:
Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan,
Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay,
Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, Pop-Up, PowerTelnet, Pretty Good
Privacy, PrimeSupport, RecoverKey, RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker, Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD, Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
• LICENSE AGREEMENT •
NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST, LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.
