home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware 1 2 the Maxx
/
sw_1.zip
/
sw_1
/
VIRUS
/
20A08.ZIP
/
20A08.TXT
< prev
Wrap
Text File
|
1992-09-27
|
4KB
|
96 lines
20a08.TXT - Description file for 20a08.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
September 01, 1992
******************************************************************
Instructions for Loading Definitions
1) Run Virus Clinic by typing NAV at the DOS prompt.
2) Press <Enter> to accept the Welcome screen.
3) Press <Esc> to bypass the "Scan Drives" Screen.
4) Press <Alt-D> to pull down the "Definitions" menu.
5) Press <L> to select "Load from File..."
6) If the name of the drive and directory to which you loaded
the definition file does not appear on the "Directory:" line,
type the proper drive and directory name and press <Enter>.
The name of the definition file should appear in the "Files"
window.
7) Enter the name of the definition file and press <Enter>.
8) Press <Enter> to exit from the "Load Definition File Results"
screen.
9) Press <Esc> to bring up the "Exit Norton AntiVirus" box.
10) Press <Enter> to exit the program.
11) Reboot your computer to activate the new definitions.
******************************************************************
Overview:
4870 Overwriting
This is a non-memory resident, overwriting virus targeting both COM & EXE
files including COMMAND.COM. The virus overwrites the first 4870 bytes of
the file; thus the name. Infected programs may fail to execute and may cause
the system to hang. Since this virus overwrites a portion of the file, it is not
possible to repair files infected by 4870 Overwriting.
Athens
Athens is a memory resident virus targeting both COM & EXE files. COMMAND.COM
may also get infected. This virus uses what is known as "stealth" techniques to
hide itself while it is in memory. Athens operates on files when they are opened
or when they are executed. Infected file may change in size by 1,500 (1463)
bytes. However, there will be no changes in the files' date and time. Programs
infected with Athens may not run properly and may cause the system to hang.
Eight Tunes
The new definition for Eight Tunes virus is an enhancement to existing definition.
NAV is now able to detect and repair more strains of this virus.
Eight Tunes is a memory resident virus targeting both COM and EXE programs. It
may also infect COMMAND.COM. Files are infected upon execution while the
virus is in memory. Files infected by this virus may have a change in file size
by 2000 (1971) bytes. What distinguished this virus from others is that, while
it is in memory, it play different tunes which can be very annoying.
Dir-2/Creeping Death:
The new definition for this virus is an enhancement to the existing one.
NAV is now capable of detecting and repairing more strains of this virus.
This virus does not alter the files on the system in anyway. What it does is
copy itself to an unused cluster on the disk (hard or floppy), then, redirect all
the pointers in the FAT to point to itself. Also, it encrypt the original files'
pointers. When a program is executed, the virus is executed first. After the
virus is memory resident, it loads the target file. While the virus is in
memory, an attempt to read/write to a floppy may cause it to become infected.
566
The 566 virus is a memory resident virus targeting EXE file. Infected file
may have an increase in file length by 566 bytes, thus the name. The viral
code can be found at the end of the infected file. Files infected by 566 can
be repaired using NAV.
BloodLust
BloodLust is a non-resident, overwriting virus targeting COM files.
Since it is an overwriting virus, repair is not possible for files infected
by this virus.
Exodus:
Exodus is a memory resident, boot sector infector. NAV is able to repair
systems infected by Exodus.
(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)