home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Current Shareware 1994 January
/
SHAR194.ISO
/
virus
/
21a12.zip
/
21A12.TXT
< prev
Wrap
Text File
|
1993-10-01
|
5KB
|
123 lines
21A12.TXT - Description file for 21A12.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
October 1, 1993
******************************************************************
[The NAV definition update installation instructions are also
available on this disk in French, German, Italian, Swedish, and
Spanish. Please reference the appropriate file.]
Loading New Definitions
To update NAV 2.1 with the new virus definition you have
just received, do the following:
Note: Each definition set completely replaces the current
set so only the latest is required.
From DOS:
1) At the DOS prompt, type "NAV" then <Enter>.
2) Select the "Cancel" button (ALT-C) to bypass scanning at this time.
3) Select the Definitions menu (ALT-D), then select the "Load from
file" item (L). You will now see the "Load from file" dialog box.
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) In the FILE field, type "A:*.DEF " ("B:*.DEF" if applicable) then
<Enter>.
6) The definition file on the disk should now appear in the
"Files" box.
7) Select the "Files" box (ALT-L). Note: the filename is normally
loaded into the "File" line automatically as it is usually the
only file available. If this is not the case, use the TAB key
to highlight the file then press the spacebar.
8) Select "OK" (ALT-O) to load the new definition set.
9) After loading, press "ESC", exit NAV, and reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
From Windows:
1) Activate NAV by double-clicking on its icon.
2) Click on "CANCEL" in the "Scan Drives" window to bypass scanning
at this time.
3) From the "Definitions" menu choose "Load from file".
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) Type "A:*.DEF" ("B:*.DEF" if applicable) in the "File" field, then
press the Enter key.
6) The latest definition file should now appear in the "Files" box.
7) Double-Click on the filename inside the "Files" box.
8) The file should begin to load. If not, click the "OK" button to
load the new definition set.
9) After loading, exit NAV, exit Windows, then reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
******************************************************************
Note for users who are not updated through Corporate Channels:
After updating your definitions, if every file is identified as
being infected with "MtE", don't panic. You probably do not have
a virus. Please download the patch file, PTCH1A.ZIP (available
through CompuServe and the Symantec BBS), unzip the file, follow
the instructions included in the readme file, and then load these
definitions again.
If you are unable to download this patch file, or are still
experiencing problems after using it, please contact Symantec
Technical Support.
******************************************************************
ARCV.Slim
ARCV.Slim is an encrypted, memory-resident, stealth virus that
infects COM files as they are run or opened.
The virus contains the encrypted strings "I Love You Joanna, Apache.."
and "Looking Good Slimline Joanna" followed by author and copyright
information. The text strings are not displayed.
A file can be infected by ARCV.Slim more than once. Each infection
will increase the file size by 900 (911) bytes.
-----
Idiot
This virus is an encrypting, memory-resident EXE file infector.
Idiot targets WIN.COM by overwriting the first 300 bytes. The
following string can be found decrypted in WIN.COM, and
encrypted in other infected files:
"You've been caught, you DWI!
Infected files will grow by approximately 1100 (1051) bytes with the
virus located at the end of the file.
-----
Swiss Phoenix
This virus is a memory-resident COM and EXE infector. It will
infect COMMAND.COM.
Once in memory, Swiss Phoenix will infect files when they are executed
or opened. The virus is 1000 (1041) bytes and is appended to the
end of the file.
When an infected file is executed on Friday the 13th, tracks zero through
fourteen of the hard drive will be overwritten with random data. After
the overwrite occurs the string "Phönix" will be displayed and
the system will hang.
The string "Phönix" is encrypted within the body of the virus and will
not be apparent.
Infected files can be repaired by NAV.
-----
(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)