home *** CD-ROM | disk | FTP | other *** search

---

/ DOS/V Power Report 2002 February / VPR0202A.ISO / ANTI_VIR / NAV2001_ME / navtr9x.exe / Nav9xMe / VirusDef / Latest / whatsnew.TXT

< prev

next >

Wrap

Text File  |  2001-02-12  |  21KB  |  390 lines

---

1. **********************************************************************
2. **                                                                  **
3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
4. **                                                                  **
5. **  Symantec AntiVirus Research Center (SARC)     February 12, 2001 **
6. **                                                                  **
7. **********************************************************************
8. This document contains the following topics:
9.  
10.  * Virus Alerts
11.  * New Technologies
12.  * Changes Incorporated Into This Update
13.  * Enabling Scanning Features
14.  * Additional Information
15.  
16. **********************************************************************
17. ** Virus Alerts                                                     **
18. **********************************************************************
19. VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
20. is detected by this definition set.  
21.  
22. The ten most commonly reported viruses, worldwide:
23.  
24.     1  W32.Navidad
25.     2  W95.MTX
26.     3  W32.HLLW.QAZ.A
27.     4  VBS.Stages.A
28.     5  VBS.LoveLetter
29.     6  VBS.Network
30.     7  Wscript.KakWorm
31.     8  W32.Funlove.4099
32.     9  PrettyPark.Worm
33.    10  Happy99.Worm
34.  
35. **********************************************************************
36. ** New Technologies                                                 **
37. **********************************************************************
38.  
39. DATE         Technologies Added
40. ----         ------------------
41. 8/19/98    * Excel heuristics which detect and repair new and unknown
42.              macro viruses in Excel 95 & 97 documents.
43.  
44. 9/16/98    * Added repair for encrypted Excel 97 documents.
45.  
46. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
47.            * WORD Heuristics improvement to increase detection rate.
48.  
49. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
50.              and Excel documents.
51.            * PowerPoint engine to scan PowerPoint related viruses.
52.              To enable this technology please read "Enabling/Disabling
53.              PowerPoint Scanning" section later in this document.
54.  
55. 02/18/99   * Detection and repair of macro viruses in Word and Excel
56.              2000 documents.
57.  
58. 05/15/99   * Added repair for PowerPoint viruses.
59.            * Improved heuristics to detect more WORD 97 related
60.              viruses.
61.  
62. 06/10/99   * Menu repair technology for WORD macro viruses that change
63.              command bar customizations in NORMAL.DOT.
64.  
65. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
66.              (Ichitaro is a Japanese word processing program).
67.  
68. 08/19/99   * Added detection and repair for embedded documents inside
69.              PowerPoint 97.
70.  
71. 11/22/99   * Added detection and repair for Trojans embedded in OLE
72.              files, such as Windows scrap files and MS Office
73.              documents.
74.            * Added detection for viruses which infect Microsoft
75.              Project documents (P98M.Corner.A, for example).
76.  
77. 02/10/00   * Added support for scanning of UNIX executables.
78.            * Added detection for infected Visio documents.
79.  
80. 12/18/00   * Added heuristics for for 32-bit Windows viruses.
81.            * Added a script scanner which increases our capabilities for 
82.              detecting script based threats.
83.  
84. **********************************************************************
85. ** Changes Incorporated Into This Virus Definitions Update          **
86. **********************************************************************
87.  
88. DATE
89. ----
90. 01/04/01   * A false positive for W32.Navidad.16896 was corrected.
91.            * A false positive for Backdoor.Trojan was corrected.
92.  
93. 01/18/01   * Modification to repair of Microsoft Word and Excel files 
94.              for Office 2001.
95.  
96. 02/01/01   * A false positive for Backdoor.Trojan was corrected.
97.  
98. New virus definitions (by Virus Name):
99.  
100.         Virus Name                Infection Type          Week added
101.         ----------                --------------          ----------
102.         Backdoor.DogRev           File infector            02/05/01
103.         Backdoor.NetTerrorist     File infector            01/29/01
104.         Backdoor.Snex             File infector            02/05/01
105.         Backdoor.SubSeven.213     File infector            01/29/01
106.         Bat.Shak.1238             File infector            02/05/01
107.         Dec3rd.1333               File infector            02/05/01
108.         HTML.Prepender            File infector            02/05/01
109.         IRC.XCod                  File infector            01/29/01
110.         IVP.601                   File infector            02/05/01
111.         IVP.700                   File infector            02/05/01
112.         JS.DogRev.dr              File infector            02/05/01
113.         JS.KakWorm.F              File infector            01/29/01
114.         JS.KakWorm.Variant        File infector            01/29/01
115.         JS.Seeker.C               File infector            02/05/01
116.         LDA.306                   File infector            01/29/01
117.         O97M.Compilation          File infector            02/05/01
118.         O97M.Toraja.F             File infector            01/29/01
119.         O97M.Tristate.T           File infector            02/05/01
120.         PHP.Neworld               File infector            01/29/01
121.         PHP.Sysbat                File infector            01/29/01
122.         Pers(b)                   Boot infector            01/29/01
123.         Retoob(b)                 Boot infector            01/29/01
124.         Trojan.AOL.Cool           File infector            02/05/01
125.         VBS.Fix.Intd              File infector            02/05/01
126.         VBS.Mill.A.ini            File infector            02/05/01
127.         VBS.Mill.B.ini            File infector            02/05/01
128.         VBS.Retnirp               File infector            01/29/01
129.         VBS.SST@mm                File infector            02/12/01
130.         VBS.SST@mm(2)             File infector            02/12/01
131.         VBS.Thusita.A@mm          File infector            02/05/01
132.         Viroped.492               File infector            01/29/01
133.         W32.Aid                   File infector            01/29/01
134.         W32.Ataxia                File infector            01/29/01
135.         W32.Crack.Mirc            File infector            02/05/01
136.         W32.Eclypse.A             File infector            01/29/01
137.         W32.Eclypse.B             File infector            01/29/01
138.         W32.Ernl                  File infector            02/05/01
139.         W32.HLLO.MIP              File infector            02/05/01
140.         W32.HLLP.Pres             File infector            02/05/01
141.         W32.HLLW.Shorm            File infector            01/29/01
142.         W32.Mona.Worm             File infector            02/05/01
143.         W32.Navidad.F             File infector            02/05/01
144.         W32.Neton.Mirc            File infector            02/05/01
145.         W32.Progetm.Mirc          File infector            02/05/01
146.         W32.Rigel                 File infector            01/29/01
147.         W32.Spit.D                File infector            01/29/01
148.         W32.Vicevi.worm           File infector            01/29/01
149.         W32.XCod@m                File infector            01/29/01
150.         W95.Etymo                 File infector            01/29/01
151.         W95.Examplo               File infector            01/29/01
152.         W95.Iced.1376             File infector            01/29/01
153.         W95.Matrix.817            File infector            01/29/01
154.         W95.Matrix.909            File infector            01/29/01
155.         W95.Rasta.Worm            File infector            02/05/01
156.         W95.VXL.1312              File infector            02/05/01
157.         W95.VXL.1436              File infector            02/05/01
158.         W95.Xine.Gen              File infector            01/29/01
159.         W97M.Antiv.B              File infector            02/05/01
160.         W97M.Bablas.BI            File infector            01/29/01
161.         W97M.Bablas.BM            File infector            01/29/01
162.         W97M.Bablas.BN            File infector            02/05/01
163.         W97M.Cobra.M              File infector            01/29/01
164.         W97M.Fix.Intd             File infector            02/05/01
165.         W97M.Gesture.B            File infector            01/29/01
166.         W97M.KCH.Trojan           File infector            02/05/01
167.         W97M.MXF                  File infector            02/05/01
168.         W97M.Macroble.E           File infector            01/29/01
169.         W97M.Marker.EK            File infector            01/29/01
170.         W97M.Melissa.damaged      File infector            02/05/01
171.         W97M.Melissa.family       File infector            02/05/01
172.         W97M.Puyah                File infector            01/29/01
173.         W97M.Thus.CH              File infector            02/05/01
174.         W97M.Titch.G              File infector            01/29/01
175.         W97M.Toy.A                File infector            01/29/01
176.         W97M.VMPCK1.BT            File infector            02/05/01
177.         W97M.VMPCK1.BU            File infector            02/05/01
178.         W98.Universe.B.Worm       File infector            01/29/01
179.         W98.Universe.Worm         File infector            01/29/01
180.         WM.Concept.DD             File infector            02/05/01
181.         X97M.Laroux.JG            File infector            01/29/01
182.         X97M.Reten.B              File infector            02/05/01
183.         X97M.Vcode.A              File infector            01/29/01
184.         Xtar.1605                 File infector            02/05/01
185.         Xtar.1605 (x)             File infector            02/05/01
186.         Year 1992                 File infector            01/29/01
187.  
188.  
189. New virus definitions (by Week added):
190.  
191.         Virus Name                Infection Type          Week added
192.         ----------                --------------          ----------
193.         VBS.SST@mm                File infector            02/12/01
194.         VBS.SST@mm(2)             File infector            02/12/01
195.         Backdoor.DogRev           File infector            02/05/01
196.         Backdoor.Snex             File infector            02/05/01
197.         Bat.Shak.1238             File infector            02/05/01
198.         Dec3rd.1333               File infector            02/05/01
199.         HTML.Prepender            File infector            02/05/01
200.         IVP.601                   File infector            02/05/01
201.         IVP.700                   File infector            02/05/01
202.         JS.DogRev.dr              File infector            02/05/01
203.         JS.Seeker.C               File infector            02/05/01
204.         O97M.Compilation          File infector            02/05/01
205.         O97M.Tristate.T           File infector            02/05/01
206.         Trojan.AOL.Cool           File infector            02/05/01
207.         VBS.Fix.Intd              File infector            02/05/01
208.         VBS.Mill.A.ini            File infector            02/05/01
209.         VBS.Mill.B.ini            File infector            02/05/01
210.         VBS.Thusita.A@mm          File infector            02/05/01
211.         W32.Crack.Mirc            File infector            02/05/01
212.         W32.Ernl                  File infector            02/05/01
213.         W32.HLLO.MIP              File infector            02/05/01
214.         W32.HLLP.Pres             File infector            02/05/01
215.         W32.Mona.Worm             File infector            02/05/01
216.         W32.Navidad.F             File infector            02/05/01
217.         W32.Neton.Mirc            File infector            02/05/01
218.         W32.Progetm.Mirc          File infector            02/05/01
219.         W95.Rasta.Worm            File infector            02/05/01
220.         W95.VXL.1312              File infector            02/05/01
221.         W95.VXL.1436              File infector            02/05/01
222.         W97M.Antiv.B              File infector            02/05/01
223.         W97M.Bablas.BN            File infector            02/05/01
224.         W97M.Fix.Intd             File infector            02/05/01
225.         W97M.KCH.Trojan           File infector            02/05/01
226.         W97M.MXF                  File infector            02/05/01
227.         W97M.Melissa.damaged      File infector            02/05/01
228.         W97M.Melissa.family       File infector            02/05/01
229.         W97M.Thus.CH              File infector            02/05/01
230.         W97M.VMPCK1.BT            File infector            02/05/01
231.         W97M.VMPCK1.BU            File infector            02/05/01
232.         WM.Concept.DD             File infector            02/05/01
233.         X97M.Reten.B              File infector            02/05/01
234.         Xtar.1605                 File infector            02/05/01
235.         Xtar.1605 (x)             File infector            02/05/01
236.         Backdoor.NetTerrorist     File infector            01/29/01
237.         Backdoor.SubSeven.213     File infector            01/29/01
238.         IRC.XCod                  File infector            01/29/01
239.         JS.KakWorm.F              File infector            01/29/01
240.         JS.KakWorm.Variant        File infector            01/29/01
241.         LDA.306                   File infector            01/29/01
242.         O97M.Toraja.F             File infector            01/29/01
243.         PHP.Neworld               File infector            01/29/01
244.         PHP.Sysbat                File infector            01/29/01
245.         Pers(b)                   Boot infector            01/29/01
246.         Retoob(b)                 Boot infector            01/29/01
247.         VBS.Retnirp               File infector            01/29/01
248.         Viroped.492               File infector            01/29/01
249.         W32.Aid                   File infector            01/29/01
250.         W32.Ataxia                File infector            01/29/01
251.         W32.Eclypse.A             File infector            01/29/01
252.         W32.Eclypse.B             File infector            01/29/01
253.         W32.HLLW.Shorm            File infector            01/29/01
254.         W32.Rigel                 File infector            01/29/01
255.         W32.Spit.D                File infector            01/29/01
256.         W32.Vicevi.worm           File infector            01/29/01
257.         W32.XCod@m                File infector            01/29/01
258.         W95.Etymo                 File infector            01/29/01
259.         W95.Examplo               File infector            01/29/01
260.         W95.Iced.1376             File infector            01/29/01
261.         W95.Matrix.817            File infector            01/29/01
262.         W95.Matrix.909            File infector            01/29/01
263.         W95.Xine.Gen              File infector            01/29/01
264.         W97M.Bablas.BI            File infector            01/29/01
265.         W97M.Bablas.BM            File infector            01/29/01
266.         W97M.Cobra.M              File infector            01/29/01
267.         W97M.Gesture.B            File infector            01/29/01
268.         W97M.Macroble.E           File infector            01/29/01
269.         W97M.Marker.EK            File infector            01/29/01
270.         W97M.Puyah                File infector            01/29/01
271.         W97M.Titch.G              File infector            01/29/01
272.         W97M.Toy.A                File infector            01/29/01
273.         W98.Universe.B.Worm       File infector            01/29/01
274.         W98.Universe.Worm         File infector            01/29/01
275.         X97M.Laroux.JG            File infector            01/29/01
276.         X97M.Vcode.A              File infector            01/29/01
277.         Year 1992                 File infector            01/29/01
278.  
279.  
280. Name Changes (by Old Virus Name):
281.  
282.         Old Virus Name            New Virus Name          Date changed
283.         --------------            --------------          ------------
284.         Mrod.5154              to ILoveDOS.5154            01/29/01
285.         Mrod.5154 (2)          to ILoveDOS.5154 (2)        01/29/01
286.         Mrod.5154 (3)          to ILoveDOS.5154 (3)        01/29/01
287.         Mrod.5154 (4)          to ILoveDOS.5154 (4)        01/29/01
288.         W32.Vicevi.worm        to W95.Sintesys@mm          02/05/01
289.         W97M.Latenit.A         to W97M.Lateni.A            01/29/01
290.  
291. Name Changes (by Date changed):
292.  
293.         Old Virus Name            New Virus Name          Date changed
294.         --------------            --------------          ------------
295.         W32.Vicevi.worm        to W95.Sintesys@mm          02/05/01
296.         Mrod.5154              to ILoveDOS.5154            01/29/01
297.         Mrod.5154 (2)          to ILoveDOS.5154 (2)        01/29/01
298.         Mrod.5154 (3)          to ILoveDOS.5154 (3)        01/29/01
299.         Mrod.5154 (4)          to ILoveDOS.5154 (4)        01/29/01
300.         W97M.Latenit.A         to W97M.Lateni.A            01/29/01
301.         
302.  
303. Deletions (by Virus Name):
304.  
305.         Virus Name                Infection Type          Date removed
306.         ----------                --------------          ------------
307.         VBS.Fool                  File infector            02/05/01
308.         VBS.Fool.B                File infector            02/05/01
309.         
310.  
311. Deletions (by Date removed):
312.  
313.         Virus Name                Infection Type          Date removed
314.         ----------                --------------          ------------
315.         VBS.Fool                  File infector            02/05/01
316.         VBS.Fool.B                File infector            02/05/01
317.  
318.  
319. **********************************************************************
320. **  Enabling Scanning Features                                      **
321. **********************************************************************
322.  
323. Several scanning features can be enabled through the use of an INF 
324. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
325. or NAV for OS/2, this configuration file should be called NAVEX15.INF
326. and should be placed in the directory where NAV is installed (i.e.,
327. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
328. the file should be called NAVEX15.INF and should be placed in the 
329. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
330. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
331. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
332. should be placed in the directory where NAV is installed (i.e., C:\NAV).
333. If this configuration file does not exist, create one in the appropriate
334. directory if you want to change the default settings.
335.  
336. To enable a scanning feature for a particular component, one or more 
337. entries need to be added to the configuration file under the correct
338. section.  For each platform there is a corresponding section that is used 
339. in the INF file.  Below is a table of section names and platforms.
340.  
341. Section Name    Platform
342. ------------    --------
343. NAVW32          Windows 95/98/NT
344. NAVAP           Windows 95/98/NT Auto-Protect
345. NAVDX           DOS
346. NAVNLM          Netware
347. NAVWIN          Windows 3.1
348. NAVOS2          OS/2
349. NAVAIX          AIX
350. NAVSOL          Solaris
351.  
352. Entries are case insensitive.  Below is a description of possible 
353. entries.
354.  
355. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
356. specific file from the NAVEX engine scan, add an entry with the full
357. path and file name.  This is case insensitive.  No wildcards are allowed.
358. To exclude multiple files, add a separate entry for each file.  To exclude
359. a file, add an entry like the one below where <PATH> is the full path
360. and file name.
361.         ExcludeFile = <PATH>
362.  
363. 2. Files within a directory can be excluded from scans by the NAVEX engine.
364. To exclude all files within a directory, add an entry with the full 
365. directory path.  This is case insensitive.  No wildcards are allowed.  This
366. does not exclude files located in subdirectories of the specified 
367. directory.  To exclude multiple directories, add a separate entry for each
368. directory. To exclude a directory, add an entry like the one below where
369. <DIRECTORY> is the full path.
370.         ExcludeDirectory = <DIRECTORY>
371.  
372. The following example of an INF configuration file excludes two files, 
373. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
374. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
375. Auto-Protect.
376.  
377. [NAVW32]
378. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
379. ExcludeFile = C:\TEMP\BIGFILE.DOC
380.  
381. [NAVAP]
382. ExcludeDirectory = D:\PRIVATE
383.  
384. **********************************************************************
385. **    Additional Information                                        **
386. **********************************************************************
387.  
388. Additional information regarding this virus definitions update can be
389. found in UPDATE.TXT and TECHNOTE.TXT.
390.