home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
DOS/V Power Report 2001 January
/
VPR0101A.BIN
/
ANTI_VIR
/
NOR_DEF
/
1106x86.exe
/
whatsnew.txt
< prev
next >
Wrap
Text File
|
2000-11-06
|
32KB
|
539 lines
**********************************************************************
** **
** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
** **
** Symantec AntiVirus Research Center (SARC) November 6, 2000 **
** **
**********************************************************************
This document contains the following topics:
* Virus Alerts
* New Technologies
* Changes Incorporated Into This Update
* Enabling Scanning Features
* Additional Information
**********************************************************************
** Virus Alerts **
**********************************************************************
VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
is detected by this definition set.
The ten most commonly reported viruses, worldwide:
1 W32.HLLW.QAZ.A
2 W95.MTX
3 VBS.Stages.A
4 Wscript.KakWorm
5 W32.Funlove.4099
6 Happy99.Worm
7 VBS.LoveLetter
8 VBS.Network
9 PrettyPark.Worm
10 W95.CIH
**********************************************************************
** New Technologies **
**********************************************************************
DATE Technologies Added
---- ------------------
8/19/98 * Excel heuristics which detect and repair new and unknown
macro viruses in Excel 95 & 97 documents.
9/16/98 * Added repair for encrypted Excel 97 documents.
10/21/98 * Heuristics to detect AOL Password Stealer Trojans.
* WORD Heuristics improvement to increase detection rate.
12/17/98 * Macro Exclusion Engine to speed up the scanning for Word
and Excel documents.
* PowerPoint engine to scan PowerPoint related viruses.
To enable this technology please read "Enabling/Disabling
PowerPoint Scanning" section later in this document.
02/18/99 * Detection and repair of macro viruses in Word and Excel
2000 documents.
05/15/99 * Added repair for PowerPoint viruses.
* Improved heuristics to detect more WORD 97 related
viruses.
06/10/99 * Menu repair technology for WORD macro viruses that change
command bar customizations in NORMAL.DOT.
07/12/99 * Added support for scanning of Ichitaro 8/9 documents.
(Ichitaro is a Japanese word processing program).
08/19/99 * Added detection and repair for embedded documents inside
PowerPoint 97.
11/22/99 * Added detection and repair for Trojans embedded in OLE
files, such as Windows scrap files and MS Office
documents.
* Added detection for viruses which infect Microsoft
Project documents (P98M.Corner.A, for example).
02/10/00 * Added support for scanning of UNIX executables.
* Added detection for infected Visio documents.
**********************************************************************
** Changes Incorporated Into This Virus Definitions Update **
**********************************************************************
New virus definitions (by Virus Name):
Virus Name Infection Type Week added
---------- -------------- ----------
AT.156 File infector 10/23/00
AntiCAD.2454 (x) File infector 10/23/00
AntiCAD.2576 (x) File infector 10/23/00
AntiCAD.2646 (x) File infector 10/23/00
BAT.Fable.Worm File infector 11/06/00
Backdoor.ICQ.Trojan File infector 11/06/00
Backdoor.SKOSX File infector 11/06/00
Backdoor.SubSeven.1.8 File infector 10/23/00
Backdoor.TheThing.D File infector 11/06/00
Bolivian (b) Boot infector 10/31/00
Boot.Deadface Boot infector 11/06/00
Boot.Hoppity Boot infector 11/06/00
Chang.3576 File and Boot infector 10/23/00
Chang.3576 (x) File and Boot infector 10/23/00
Chang.3576b (x) File and Boot infector 10/23/00
Chang.3584 (x) File and Boot infector 10/23/00
Chang.3584b (x) File and Boot infector 10/23/00
DNet.Dropper File infector 10/10/00
Drepo.2470.B File infector 10/23/00
Ear.421 File infector 10/10/00
Ear.421(2) File infector 10/10/00
Ear.443 File infector 10/10/00
Ear.443(2) File infector 10/10/00
Ear.Variant File infector 10/10/00
Fp5.2000 (m) File infector 10/23/00
HTML.Press File infector 10/31/00
Hiwaga.Boot.Dr File infector 10/16/00
INI.Azrael File infector 11/06/00
INI.Dolly File infector 11/06/00
INI.Jane File infector 11/06/00
JS.TheThing.D.dr File infector 11/06/00
Jeru.Sunday.2053 2 File infector 10/23/00
Jeru.Sunday.II (x) File infector 10/23/00
Jeru.cvex.5120 (x) File infector 10/23/00
KillMe.1971 File infector 10/23/00
KillMe.1971 (x) File infector 10/23/00
KillMe.1976 File infector 10/23/00
November_17th.998 (m) File infector 10/23/00
Npox.1686.Intended File infector 10/16/00
O97M.NoStar File infector 10/31/00
O97M.Toraja.E File infector 10/10/00
PIF.Fable.Worm File infector 11/06/00
PIF.Lys File infector 10/23/00
REG.Anti File infector 10/23/00
Red Scorpion File infector 10/16/00
SH.Kate File infector 10/23/00
Sarcasm File infector 10/23/00
Serbu.3322.B File infector 10/23/00
Serbu.3322.B(2) File infector 10/23/00
Trivial.Intended File infector 10/31/00
VBS.Anti-Network File infector 10/31/00
VBS.Chiqui.int File infector 10/31/00
VBS.Crystal File infector 10/31/00
VBS.Fable.Worm File infector 11/06/00
VBS.Fable.Worm (2) File infector 11/06/00
VBS.Godzilla.A@m File infector 11/06/00
VBS.Lamer File infector 11/06/00
VBS.Missy File infector 10/31/00
VBS.Network.D File infector 10/16/00
VBS.Network.E File infector 10/16/00
VBS.Plan.D File infector 10/10/00
VBS.Press File infector 10/31/00
VBS.Short File infector 10/23/00
VBS.Tam.A File infector 10/23/00
W32.Alien.Worm File infector 10/10/00
W32.Alien.Worm (2) File infector 10/10/00
W32.Alien.Worm (3) File infector 10/10/00
W32.Alien.Worm (4) File infector 10/10/00
W32.Azrael.Mirc File infector 11/06/00
W32.Bistro File infector 10/23/00
W32.Denisbee File infector 11/06/00
W32.Evul.8192.B File infector 10/10/00
W32.HLLO.Homer File infector 11/06/00
W32.HLLP.Greenday File infector 11/06/00
W32.HLLW.Bymer File infector 10/16/00
W32.HLLW.Indec File infector 11/06/00
W32.Icecubes.Worm File infector 11/06/00
W32.Initx File infector 10/23/00
W32.Jane.B.Worm File infector 11/06/00
W32.Mypics.D.Worm File infector 11/06/00
W32.Navidad File infector 11/06/00
W32.Press.Gen File infector 10/31/00
W32.Sonic.A.Worm File infector 10/16/00
W32.Sonic.B.Worm File infector 10/16/00
W32.Sonic.C.Worm File infector 10/16/00
W32.Sonic.D.Worm File infector 10/31/00
W32.Sonic.E.Worm File infector 10/31/00
W32.Sonic.F.Worm File infector 11/06/00
W32.Sonic.G.Worm File infector 11/06/00
W32.Sonic.I.Worm File infector 11/06/00
W32.Sonic.Worm.dr File infector 10/16/00
W32.Tetris.Worm File infector 11/06/00
W32.Voyager.B File infector 11/06/00
W32.Watcher File infector 11/06/00
W32.White.B.Worm File infector 11/06/00
W32.Yasv.924 File infector 10/23/00
W95.Atav.1939 File infector 10/23/00
W95.Bistro.dr File infector 10/23/00
W95.CIH.1031 File infector 11/06/00
W95.Chazhma.4428 File infector 11/06/00
W95.Horn.B File infector 11/06/00
W95.Mockoder.1120 File infector 10/23/00
W95.Qozah.B File infector 10/10/00
W95.Radix.405 File infector 10/10/00
W95.Yildiz.323 File infector 10/10/00
W97M.Bablas.AY File infector 10/23/00
W97M.Bablas.MC File infector 10/31/00
W97M.Barisda.G File infector 10/16/00
W97M.Bibdot File infector 11/06/00
W97M.Blue File infector 10/31/00
W97M.Bobo.B File infector 10/10/00
W97M.Bobo.C File infector 10/23/00
W97M.Bobo.Family File infector 10/16/00
W97M.Bunny File infector 10/23/00
W97M.Celebrate.A File infector 10/16/00
W97M.Chameleon File infector 10/23/00
W97M.Cheechoong.A File infector 10/16/00
W97M.Chiq File infector 10/10/00
W97M.Chrome File infector 10/23/00
W97M.FreeSpace File infector 10/23/00
W97M.Goober.D File infector 11/06/00
W97M.GoodDay.B File infector 11/06/00
W97M.Gullible File infector 10/10/00
W97M.Invert.A File infector 10/16/00
W97M.Ipid.Variant File infector 10/23/00
W97M.Laur File infector 10/23/00
W97M.Lawn File infector 10/23/00
W97M.Marker.CC File infector 10/23/00
W97M.Marker.EJ File infector 10/16/00
W97M.Morodi.A File infector 10/31/00
W97M.Nagem File infector 10/31/00
W97M.Odious.D File infector 10/31/00
W97M.Opey.O.dropper File infector 10/10/00
W97M.Parent File infector 10/23/00
W97M.Relax.B File infector 10/16/00
W97M.Remplace.I File infector 10/23/00
W97M.Sick.A File infector 10/23/00
W97M.Thus.AN File infector 10/10/00
W97M.Thus.AO File infector 10/16/00
W97M.Thus.AT File infector 10/31/00
W97M.Thus.Family File infector 10/23/00
W97M.Thus.SV File infector 10/31/00
W97M.Title.Variant File infector 11/06/00
W97M.VMPCK1.DY File infector 10/31/00
W97M.Vmpck1.DV File infector 10/16/00
W97M.Vmpck1.DX File infector 10/16/00
W97M.Walker File infector 10/31/00
W98.Fighter.Int File infector 10/10/00
WScript.KakWorm.C File infector 10/31/00
Win.HLLW.Pi File infector 11/06/00
Win.WinLamer.1936 File infector 11/06/00
Win.WinLamer.756 File infector 11/06/00
X97M.AntiRAM.Variant File infector 10/31/00
X97M.BMV.Variant File infector 10/23/00
X97M.Divi.N File infector 10/10/00
X97M.Killer.Variant File infector 10/31/00
X97M.Massage File infector 10/31/00
X97M.Threekay.A File infector 10/16/00
hxh.1576 File infector 10/16/00
New virus definitions (by Week added):
Virus Name Infection Type Week added
---------- -------------- ----------
BAT.Fable.Worm File infector 11/06/00
Backdoor.ICQ.Trojan File infector 11/06/00
Backdoor.SKOSX File infector 11/06/00
Backdoor.TheThing.D File infector 11/06/00
Boot.Deadface Boot infector 11/06/00
Boot.Hoppity Boot infector 11/06/00
INI.Azrael File infector 11/06/00
INI.Dolly File infector 11/06/00
INI.Jane File infector 11/06/00
JS.TheThing.D.dr File infector 11/06/00
PIF.Fable.Worm File infector 11/06/00
VBS.Fable.Worm File infector 11/06/00
VBS.Fable.Worm (2) File infector 11/06/00
VBS.Godzilla.A@m File infector 11/06/00
VBS.Lamer File infector 11/06/00
W32.Azrael.Mirc File infector 11/06/00
W32.Denisbee File infector 11/06/00
W32.HLLO.Homer File infector 11/06/00
W32.HLLP.Greenday File infector 11/06/00
W32.HLLW.Indec File infector 11/06/00
W32.Icecubes.Worm File infector 11/06/00
W32.Jane.B.Worm File infector 11/06/00
W32.Mypics.D.Worm File infector 11/06/00
W32.Navidad File infector 11/06/00
W32.Sonic.F.Worm File infector 11/06/00
W32.Sonic.G.Worm File infector 11/06/00
W32.Sonic.I.Worm File infector 11/06/00
W32.Tetris.Worm File infector 11/06/00
W32.Voyager.B File infector 11/06/00
W32.Watcher File infector 11/06/00
W32.White.B.Worm File infector 11/06/00
W95.CIH.1031 File infector 11/06/00
W95.Chazhma.4428 File infector 11/06/00
W95.Horn.B File infector 11/06/00
W97M.Bibdot File infector 11/06/00
W97M.Goober.D File infector 11/06/00
W97M.GoodDay.B File infector 11/06/00
W97M.Title.Variant File infector 11/06/00
Win.HLLW.Pi File infector 11/06/00
Win.WinLamer.1936 File infector 11/06/00
Win.WinLamer.756 File infector 11/06/00
Bolivian (b) Boot infector 10/31/00
HTML.Press File infector 10/31/00
O97M.NoStar File infector 10/31/00
Trivial.Intended File infector 10/31/00
VBS.Anti-Network File infector 10/31/00
VBS.Chiqui.int File infector 10/31/00
VBS.Crystal File infector 10/31/00
VBS.Missy File infector 10/31/00
VBS.Press File infector 10/31/00
W32.Press.Gen File infector 10/31/00
W32.Sonic.D.Worm File infector 10/31/00
W32.Sonic.E.Worm File infector 10/31/00
W97M.Bablas.MC File infector 10/31/00
W97M.Blue File infector 10/31/00
W97M.Morodi.A File infector 10/31/00
W97M.Nagem File infector 10/31/00
W97M.Odious.D File infector 10/31/00
W97M.Thus.AT File infector 10/31/00
W97M.Thus.SV File infector 10/31/00
W97M.VMPCK1.DY File infector 10/31/00
W97M.Walker File infector 10/31/00
WScript.KakWorm.C File infector 10/31/00
X97M.AntiRAM.Variant File infector 10/31/00
X97M.Killer.Variant File infector 10/31/00
X97M.Massage File infector 10/31/00
AT.156 File infector 10/23/00
AntiCAD.2454 (x) File infector 10/23/00
AntiCAD.2576 (x) File infector 10/23/00
AntiCAD.2646 (x) File infector 10/23/00
Backdoor.Subseven.1.8 File infector 10/23/00
Chang.3576 File and Boot infector 10/23/00
Chang.3576 (x) File and Boot infector 10/23/00
Chang.3576b (x) File and Boot infector 10/23/00
Chang.3584 (x) File and Boot infector 10/23/00
Chang.3584b (x) File and Boot infector 10/23/00
Drepo.2470.B File infector 10/23/00
Fp5.2000 (m) File infector 10/23/00
Jeru.Sunday.2053 2 File infector 10/23/00
Jeru.Sunday.II (x) File infector 10/23/00
Jeru.cvex.5120 (x) File infector 10/23/00
KillMe.1971 File infector 10/23/00
KillMe.1971 (x) File infector 10/23/00
KillMe.1976 File infector 10/23/00
November_17th.998 (m) File infector 10/23/00
PIF.Lys File infector 10/23/00
REG.Anti File infector 10/23/00
SH.Kate File infector 10/23/00
Sarcasm File infector 10/23/00
Serbu.3322.B File infector 10/23/00
Serbu.3322.B(2) File infector 10/23/00
VBS.Short File infector 10/23/00
VBS.Tam.A File infector 10/23/00
W32.Bistro File infector 10/23/00
W32.Initx File infector 10/23/00
W32.Yasv.924 File infector 10/23/00
W95.Atav.1939 File infector 10/23/00
W95.Bistro.dr File infector 10/23/00
W95.Mockoder.1120 File infector 10/23/00
W97M.Bablas.AY File infector 10/23/00
W97M.Bobo.C File infector 10/23/00
W97M.Bunny File infector 10/23/00
W97M.Chameleon File infector 10/23/00
W97M.Chrome File infector 10/23/00
W97M.FreeSpace File infector 10/23/00
W97M.Ipid.Variant File infector 10/23/00
W97M.Laur File infector 10/23/00
W97M.Lawn File infector 10/23/00
W97M.Marker.CC File infector 10/23/00
W97M.Parent File infector 10/23/00
W97M.Remplace.I File infector 10/23/00
W97M.Sick.A File infector 10/23/00
W97M.Thus.Family File infector 10/23/00
X97M.BMV.Variant File infector 10/23/00
Hiwaga.Boot.Dr File infector 10/16/00
Npox.1686.Intended File infector 10/16/00
Red Scorpion File infector 10/16/00
VBS.Network.D File infector 10/16/00
VBS.Network.E File infector 10/16/00
W32.HLLW.Bymer File infector 10/16/00
W32.Sonic.A.Worm File infector 10/16/00
W32.Sonic.B.Worm File infector 10/16/00
W32.Sonic.C.Worm File infector 10/16/00
W32.Sonic.Worm.dr File infector 10/16/00
W97M.Barisda.G File infector 10/16/00
W97M.Bobo.Family File infector 10/16/00
W97M.Celebrate.A File infector 10/16/00
W97M.Cheechoong.A File infector 10/16/00
W97M.Invert.A File infector 10/16/00
W97M.Marker.EJ File infector 10/16/00
W97M.Relax.B File infector 10/16/00
W97M.Thus.AO File infector 10/16/00
W97M.Vmpck1.DV File infector 10/16/00
W97M.Vmpck1.DX File infector 10/16/00
X97M.Threekay.A File infector 10/16/00
hxh.1576 File infector 10/16/00
DNet.Dropper File infector 10/10/00
Ear.421 File infector 10/10/00
Ear.421(2) File infector 10/10/00
Ear.443 File infector 10/10/00
Ear.443(2) File infector 10/10/00
Ear.Variant File infector 10/10/00
O97M.Toraja.E File infector 10/10/00
VBS.Plan.D File infector 10/10/00
W32.Alien.Worm File infector 10/10/00
W32.Alien.Worm (2) File infector 10/10/00
W32.Alien.Worm (3) File infector 10/10/00
W32.Alien.Worm (4) File infector 10/10/00
W32.Evul.8192.B File infector 10/10/00
W95.Qozah.B File infector 10/10/00
W95.Radix.405 File infector 10/10/00
W95.Yildiz.323 File infector 10/10/00
W97M.Bobo.B File infector 10/10/00
W97M.Chiq File infector 10/10/00
W97M.Gullible File infector 10/10/00
W97M.Opey.O.dropper File infector 10/10/00
W97M.Thus.AN File infector 10/10/00
W98.Fighter.Int File infector 10/10/00
X97M.Divi.N File infector 10/10/00
Name Changes (by Old Virus Name):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
Jeru.Sunday.II (x) to Jeru.Sunday.2053 10/23/00
SSIWG.Worm to VBS.Rewind.A@mm 11/06/00
Trojan.Britney to W32.HLLO.Britney 10/31/00
VBS.President.Worm to VBS.Plan.C 10/10/00
W32.Hybris.22528 to W32.Hybris.gen 10/23/00
W32.Initx to W32.HLLW.Initx 10/31/00
W97M.Marker.R to W97M.Cont.K 10/31/00
W97M.Matrix to W97M.Thus.BP 10/31/00
W97M.Smaller.B to W97M.Replog.C 11/06/00
W97M.Thus.X.Family to W97M.Thus.X.gen 10/31/00
Name Changes (by Date changed):
Old Virus Name New Virus Name Date changed
-------------- -------------- ------------
SSIWG.Worm to VBS.Rewind.A@mm 11/06/00
W97M.Smaller.B to W97M.Replog.C 11/06/00
Trojan.Britney to W32.HLLO.Britney 10/31/00
W32.Initx to W32.HLLW.Initx 10/31/00
W97M.Marker.R to W97M.Cont.K 10/31/00
W97M.Matrix to W97M.Thus.BP 10/31/00
W97M.Thus.X.Family to W97M.Thus.X.gen 10/31/00
Jeru.Sunday.II (x) to Jeru.Sunday.2053 10/23/00
W32.Hybris.22528 to W32.Hybris.gen 10/23/00
VBS.President.Worm to VBS.Plan.C 10/10/00
Deletions (by Virus Name):
Virus Name Infection Type Date removed
---------- -------------- ------------
Alien.Worm File infector 10/10/00
AntiCAD.2576 (x) File infector 10/23/00
Chang.3584 File infector 10/23/00
Chang.3584 (x) File infector 10/23/00
DA.MIR (Gen1) File infector 10/31/00
Ear.421 File infector 10/10/00
Deletions (by Date removed):
Virus Name Infection Type Date removed
---------- -------------- ------------
DA.MIR (Gen1) File infector 10/31/00
AntiCAD.2576 (x) File infector 10/23/00
Chang.3584 File infector 10/23/00
Chang.3584 (x) File infector 10/23/00
Alien.Worm File infector 10/10/00
Ear.421 File infector 10/10/00
**********************************************************************
** Enabling Scanning Features **
**********************************************************************
Several scanning features can be enabled through the use of an INF
configuration file. For NAV for Windows 95/NT version 4.x and later,
or NAV for OS/2, this configuration file should be called NAVEX15.INF
and should be placed in the directory where NAV is installed (i.e.,
C:\Program Files\Norton AntiVirus). For NAV for Netware version 4.x,
the file should be called NAVEX15.INF and should be placed in the
directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
should be placed in the directory where NAV is installed (i.e., C:\NAV).
If this configuration file does not exist, create one in the appropriate
directory if you want to change the default settings.
To enable a scanning feature for a particular component, one or more
entries need to be added to the configuration file under the correct
section. For each platform there is a corresponding section that is used
in the INF file. Below is a table of section names and platforms.
Section Name Platform
------------ --------
NAVW32 Windows 95/98/NT
NAVAP Windows 95/98/NT Auto-Protect
NAVDX DOS
NAVNLM Netware
NAVWIN Windows 3.1
NAVOS2 OS/2
NAVAIX AIX
NAVSOL Solaris
Entries are case insensitive. Below is a description of possible
entries.
1. Files can be excluded from scans by the NAVEX engine. To exclude a
specific file from the NAVEX engine scan, add an entry with the full
path and file name. This is case insensitive. No wildcards are allowed.
To exclude multiple files, add a separate entry for each file. To exclude
a file, add an entry like the one below where <PATH> is the full path
and file name.
ExcludeFile = <PATH>
2. Files within a directory can be excluded from scans by the NAVEX engine.
To exclude all files within a directory, add an entry with the full
directory path. This is case insensitive. No wildcards are allowed. This
does not exclude files located in subdirectories of the specified
directory. To exclude multiple directories, add a separate entry for each
directory. To exclude a directory, add an entry like the one below where
<DIRECTORY> is the full path.
ExcludeDirectory = <DIRECTORY>
The following example of an INF configuration file excludes two files,
NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT
scanner. It excludes the D:\PRIVATE directory from Windows 95/98/NT
Auto-Protect.
[NAVW32]
ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
ExcludeFile = C:\TEMP\BIGFILE.DOC
[NAVAP]
ExcludeDirectory = D:\PRIVATE
**********************************************************************
** Additional Information **
**********************************************************************
Additional information regarding this virus definitions update can be
found in UPDATE.TXT and TECHNOTE.TXT.
