home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
High Voltage Shareware
/
high1.zip
/
high1
/
DIR14
/
21A11.ZIP
/
21A11.TXT
< prev
Wrap
Text File
|
1993-08-26
|
6KB
|
134 lines
21A11.TXT - Description file for 21A11.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
September 1, 1993
******************************************************************
[The NAV definition update installation instructions are also
available on this disk in French, German, Italian, Swedish, and
Spanish. Please reference the appropriate file.]
Loading New Definitions
To update NAV 2.1 with the new virus definition you have
just received, do the following:
Note: Each definition set completely replaces the current
set so only the latest is required.
From DOS:
1) At the DOS prompt, type "NAV" then <Enter>.
2) Select the "Cancel" button (ALT-C) to bypass scanning at this time.
3) Select the Definitions menu (ALT-D), then select the "Load from
file" item (L). You will now see the "Load from file" dialog box.
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) In the FILE field, type "A:*.DEF " ("B:*.DEF" if applicable) then
<Enter>.
6) The definition file on the disk should now appear in the
"Files" box.
7) Select the "Files" box (ALT-L). Note: the filename is normally
loaded into the "File" line automatically as it is usually the
only file available. If this is not the case, use the TAB key
to highlight the file then press the spacebar.
8) Select "OK" (ALT-O) to load the new definition set.
9) After loading, press "ESC", exit NAV, and reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
From Windows:
1) Activate NAV by double-clicking on its icon.
2) Click on "CANCEL" in the "Scan Drives" window to bypass scanning
at this time.
3) From the "Definitions" menu choose "Load from file".
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) Type "A:*.DEF" ("B:*.DEF" if applicable) in the "File" field, then
press the Enter key.
6) The latest definition file should now appear in the "Files" box.
7) Double-Click on the filename inside the "Files" box.
8) The file should begin to load. If not, click the "OK" button to
load the new definition set.
9) After loading, exit NAV, exit Windows, then reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
******************************************************************
Note for users who are not updated through Corporate Channels:
After updating your definitions, if every file is identified as
being infected with "MtE", don't panic. You probably do not have
a virus. Please download the patch file, PTCH1A.ZIP (available
through CompuServe and the Symantec BBS), unzip the file, follow
the instructions included in the readme file, and then load these
definitions again.
If you are unable to download this patch file, or are still
experiencing problems after using it, please contact Symantec
Technical Support.
******************************************************************
MacGyver
MacGyver is a memory-resident stealth virus that infects EXE files
as they are run or opened. The virus also attaches itself to files
that look like EXE files (.386, .DLL, .DRV, etc). These files will
seem corrupted.
The virus contains the encrypted messages "MACGYVER V 1.0" and
"Keelung, TAIWAN 1992", but does not display those messages. If the
month is after February and the date ends in 5 (i.e. March 5 to
December 25) the virus is supposed to play a tune.
Infected files will grow by approximately 2800 (2803) bytes. However,
if the virus is active in memory this size change will not be visible
in a directory listing.
MacGyver can be repaired by NAV.
-----
Scream-652
This is a another variant of the Scream II virus. This group of viruses
infects COMMAND.COM when initially run, and infect other COM and EXE files
from memory as they are run or opened for any reason.
Infected files grow by approximately 650 (652) bytes with the virus located
at the end of the host program. The virus is encrypted.
This virus is not repaired by NAV.
-----
Freddy
Freddy is a memory-resident virus that infects COM and EXE files
as they are run. The virus contains an encrypted directory in which
all entries appear as "FREDDY KRG" with a size of 0 bytes. The time
and date stamps do not appear as these fields also contain zero.
When the virus triggers, the sector is decrypted and written to the
first root directory sector of drive C: making the system unbootable.
The virus then hangs the computer in an endless loop.
Infected files grow by about 1900 bytes with the virus located at the end
of the host program. However, COMMAND.COM is infected differently and
grows by less than 100 bytes.
Freddy can be repaired by NAV.
-----
Stoned (3C)
This is a minor variant of the standard Stoned virus. It does not contain
the "Legalize Marijuana" message and appears to have been modified so as
to avoid detection with older antivirus patterns.
Stoned (3C) can be repaired by NAV.
-----
(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)