home *** CD-ROM | disk | FTP | other *** search
- Errata for VirusScan Version 2.2.6 (9509)
- Copyright 1994, 1995 by McAfee, Inc.
- All Rights Reserved.
-
-
-
- These release notes cover what is new in VirusScan 2.2.6 and the
- August DAT release (9509) of VirusScan for DOS, VirusScan for
- Windows, VirusScan for OS/2 and VShield.
-
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- ! NOTE: OS/2 users. IF YOUR OS/2 SYSTEM IS CONNECTED TO OS/2 !
- ! LANMANAGER, DO NOT RUN OS/2 SCAN FROM STARTUP.CMD. DOING SO !
- ! COULD RESULT IN LOST DESKTOP OR OTHER UNDESIRABLE RESULTS. !
- ! !
- ! McAfee is working with IBM and with several large !
- ! organizations, which rely heavily on OS/2, to alleviate the !
- ! corruption problem. !
- ! !
- ! The temporary solution is to put VirusScan in a start up !
- ! group. Not in the log in script or in the start up command !
- ! file. !
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
- Note for NT users:
- You must add the following line in your DEFAULT.CFG and PROFILE1.PRF
- file (or any other profile you have chosen to use), residing in the
- same directory as WSCAN.EXE.
-
- /NODDA
-
- If you are not familiar with profiles, please refer to VIRUSCAN.TXT
- or your printed manual.
-
- -----------------------------------------------------
- 2.2.6 New Functionality:
-
- The new VSHIELD.EXE is required for VSHIELD to make use of these new
- detection strings (DAT files).
-
- /ALL
- Now understands the data format of a Microsoft Word (tm) document
- file format in order to search for the new breed of Word Macro
- viruses. For example:
-
- SCAN C: /ALL /REPORT scan.rpt
-
- ------------------------------------------------------
- Detectors added or updated in the 9509 DAT file (149):
- _383
- _383 GENERATION 1
- 571
- _1315
- 2014
- 4SEASONS
- ADIN.3026
- ALAMEDA.DR.B
- ALFA.3072
- ARARA.1054
- ASH.280.B
- ASSASSIN.952
- BACKFORM.2329 (2345)
- BACKFORM.2365 (2381)
- BCV
- BEACHES
- BELORUSSIA
- BENGAL.863 (EXE)
- BIOSPASS
- BOB.448.B
- BOOTKILL
- BYE
- CANNIBAL
- CASINO.2330
- CCC_381
- CECE
- CENTENARY
- CHCC.2662
- CHEMIST.265
- CIVIL_IV.594
- CLI&HLT.1345
- CLOUDS.588
- CLOUDS.657
- CLOUDS.718
- CREPATE
- CYBERTECH.503
- DAME.LAME.2326
- DARK_APOCALYPSE.1020
- DARK_AVENGER.G
- DEI.1526 GENERATION-1
- DIABLO
- DIAMOND.DAVID
- DREAMER.4808
- DRUID.311
- DSU.1414
- DUAL_GTM.1528
- ESPEJO.A
- ESPEJO.C
- ESTO TE PASA
- EXEBUG.A
- FAILLURE
- FAXFREE.BLINKER
- FEEBLEMIND
- FRED-657
- FF_CHAR.1000
- FRED-657
- GAMBLER.288
- GARDEN
- GREEN
- HATES.212
- HLLO.CVIR.2
- HS.903
- HS.982
- ICELANDIC.2706 (EXE)
- ISTANBUL.1349
- IVP 365
- IVP.683
- JERUSALEM.MOCTEZUMA
- JESTER.1258
- KEYPRESS.BBS.1258
- LEPROSY.LUBEC
- LITTLE.GIRL.1008
- MARAWI.2828
- MASSACRE
- MING.359
- MIRROR.2
- MURTI.577
- N-XERAM
- NATAS.G (MBR)
- NARCOSIS
- NEUROQUILA.A (MBR)
- NEUROQUILA.B (MBR)
- NEUROQUILA.VARIENT (MBR)
- NIGHT_KNIGHT
- NR.300
- OVERRIDE
- PARITY.BOOT.ENC
- PARITY.BOOT.UNE
- PEANUT.443
- PEANUT.453
- PIA
- PJ.VARIES
- PLAYGAME.A
- POSSESSED.2443
- PS-MPC.MOM.974
- PS-MPC.TRAIN.646
- PURE.441.B
- PURE.441.CAV
- RADISH.8466
- RETRIBUTION
- RIOT.MULTIPLEX.815
- RMNS.456
- RMNS.651
- RMNS.736
- RMNS.736.B
- RMNS.MAN
- RMNS.WOMAN
- RUSSIAN_FLAG.A
- SANDY
- SAROV.1140
- SATURDAY_14TH_2
- SCREAMING_FIST.927 (MBR)
- SHUTDOWN.698
- SIGN.615
- SILLYC.126
- SLOFTXC
- SLUKNOV
- SPLIT SECOND 1033
- SPLIT SECOND 1035
- STRANGER
- TALON
- TELECO.1000
- THIEF
- TINY_SHARK
- TPE-GEN
- TRIVIAL.24
- TRIVIAL.25.B
- TRIVIAL.31.C
- TRIVIAL.54
- TRIVIAL.346
- TRIVIAL.B&B
- VCL.2
- VCL.FIRE.206
- VIENNA.648.LISBON.H
- VIENNA.REBOOT
- VLAMIX.1
- VODKA.560
- VOLGA.A
- VOLGA.B
- VOLGA.C
- VS.985
- VVM.204
- VVM.207
- VVMA.205
- WEFLOW.93
- WINWORD.CONCEPT (see below)
- WORDMACRO.DMV (see below)
- XEP.1355
- XINIX.CHAOS
-
- Winword.Concept (alias Prank Macro, WordMacro.Concept, WW6Macro)
-
- The new virus, Winword.Concept, representing a new class of viruses,
- has been discovered! This virus is a Macro virus. It infects the
- Word environment on any hardware platform (PC Compatible, Mac, PowerPC,
- etc.) and its .DOC and .DOT files.
-
- Winword.Concept is a benign virus. Your only symptom if you have this
- virus is a one time occurance of a dialog box with only "1" as text and
- only "OK" as a choice. Following that, it replicates a set of macros
- into your global template file (usually NORMAL.DOT) and changes any
- file saved using the "Save As..." command to be of the template type.
-
- VirusScan 2.2.6 can be used to scan your .DOC and .DOT files. You must
- use the /ALL switch as described above.
-
- If you discover that you have this virus, please enter into Word and read
- the .DOC file included in this package. Follow the instructions and apply
- them to every .DOC or .DOT file which VirusScan detects as being infected
- with the WinWord.Concept virus.
-
- If you determine that you are not infected, please take this opportunity
- to protect yourself from this form of viruses. In Word, go to:
-
- Tools
- Options...
- Save
-
- and enable the "Prompt to Save Normal.dot" option. This will alert you
- to any future attempt by any macro viruses to infect your system.
-
- WordMacro.DMV
-
- This one was published shortly after the outbreak of WinWord.Concept.
- It is not as widespread as WinWord.Concept.
-
- ----------------------------------------------------
- Removers added or updated in the 9509 DAT file (74):
- _1315
- ALFA.3072
- ALFA.3072 (MBR)
- BONES
- BW.MAYBERRY.ANDY.609
- BYE
- CAZ.722
- DESPERADO.C
- DIABLO
- DUAL_GTM.1528
- ESPEJO.B
- ESPEJO.C
- EXEBUG.A
- FAILLURE
- HATES.212
- ICELANDIC.2706 (EXE)
- ISTANBUL.1349
- IVP.683
- JERUSALEM.1808.NEW8 (COM)
- JERUSALEM.1808.NEW8 (EXE)
- JERUSALEM.1808.NEW8.A
- JERUSALEM.CVEX3.5120.A/C
- JUNE_12TH.2660
- LITTLE.GIRL.1008
- MANZON
- MARAWI.2828
- MPS-OPC2.682
- N-XERAM
- NEUROQUILA.A (MBR)
- NEUROQUILA.B (MBR)
- PARITY.BOOT.ENC
- PARITY.BOOT.UNE
- PEANUT.443
- PEANUT.453
- PS-MPC.331.A
- PS-MPC.478
- PS-MPC.569.D
- PS-MPC.644
- PS-MPC.644_
- PS-MPC.ANARCHIST.524
- PS-MPC.G2.585
- PS-MPC.G2.MUDSHARK.314
- PS-MPC.G2.MUDSHARK.314 (DROPPER)
- PS-MPC.GREETINGS.1118
- PS-MPC.KERSPLAT.670
- PS-MPC.MAYBERRY.OPY.409
- PS-MPC.MOM.974
- PS-MPC.NAPOLEAN.729
- PS-MPC.POWERMAN.717
- PS-MPC.SAMH.441
- PS-MPC.SCHRUNCH.458
- PS-MPC.SKELETON.596.B/601
- PS-MPC.SOUL.517
- PS-MPC.SWANSONG.1508
- PS-MPC.TOYS.773
- PS-MPC.TRAIN.646
- PS-MPC.TREX
- PS-MPC.WALT.311
- PS-MPC.WAREZ.1803
- PUPPET
- RUSSIAN_FLAG.A
- SAROV.1140
- SAROV.1200A
- SAROV.1200B
- SATANBUG
- SATANBUG.9849
- SATANBUG.A
- SCREAMING_FIST.927 (MBR)
- SLOFTXC
- TEKRAR.VAZGEC.561
- TRACEBACK.2930.B
- TRACEBACK.3066.A
- TRACEBACK.3066.B
- VIENNA.648.LISBON.H
-
- -----------------------
- False Alarms fixed:
- KILROY
- HLLC.4875.A
-
- ----------------------------------------------------
- Top active viruses other than those presented above:
- AntiCmos (alias: Lixi)
- Byway (alias: Dir2.Byway) (*)
- Da'Boys (**)
- Junkie
- MonkeyA
- MonkeyB
- Natas
- NYB (alias: B1)
- Ripper
- Sampo
- V-Sign (alias: Cansu)
- WelcomB (alias: BuptBoot)
- Winword.Concept
-
- (*) Effective 9508, we adopted the CARO name of Byway. To remove
- this virus, boot up with the virus in memory. Copy all executable
- files to floppy, with a non-executable extension. Copy all the data
- files off. Format harddisk. Replace files.
-
- (**) To remove Da'Boys from a hard disk infection, one needs to
- boot from a clean corresponding DOS version and execute the
- command "SYS C:".
-