home *** CD-ROM | disk | FTP | other *** search

---

/ DOS/V Power Report 2000 April / VPR0004A.BIN / ANTI_VIR / NOR_DEF / 0131i32.exe / WHATSNEW.TXT

< prev

next >

Wrap

Text File  |  2000-01-31  |  18KB  |  323 lines

---

1. **********************************************************************
2. **                                                                  **
3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
4. **                                                                  **
5. **  Symantec AntiVirus Research Center (SARC)      January 31, 2000 **
6. **                                                                  **
7. **********************************************************************
8. This document contains the following topics:
9.  
10.  * Virus Alerts
11.  * New Technologies
12.  * Changes Incorporated Into This Update
13.  * Enabling/Disabling PowerPoint Scanning
14.  * Additional Information
15.  
16. **********************************************************************
17. ** Virus Alerts                                                     **
18. **********************************************************************
19. The ten most commonly reported viruses, worldwide:
20.  
21.     1  W97M.Class
22.     2  XM.Laroux
23.     3  O97M.Tristate
24.     4  W95.CIH
25.     5  Happy99.Worm
26.     6  WM.Cap
27.     7  W97M.ColdApe
28.     8  W97M.Ethan
29.     9  W97M.Melissa
30.    10  Worm.ExploreZip
31.  
32. **********************************************************************
33. ** New Technologies                                                 **
34. **********************************************************************
35.  
36. DATE         Technologies Added
37. ----         ------------------
38. 8/19/98    * Excel heuristics which detect and repair new and unknown
39.              macro viruses in Excel 95 & 97 documents.
40.  
41. 9/16/98    * Added repair for encrypted Excel 97 documents.
42.  
43. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
44.            * WORD Heuristics improvement to increase detection rate.
45.  
46. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
47.              and Excel documents.
48.            * PowerPoint engine to scan PowerPoint related viruses.
49.              To enable this technology please read "Enabling/Disabling
50.              PowerPoint Scanning" section later in this document.
51.  
52. 02/18/99   * Detection and repair of macro viruses in Word and Excel
53.              2000 documents.
54.  
55. 05/12/99   * Added repair for PowerPoint viruses.
56.            * Improved heuristics to detect more WORD 97 related
57.              viruses.
58.  
59. 06/10/99   * Menu repair technology for WORD macro viruses that change
60.              command bar customizations in NORMAL.DOT.
61.  
62. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
63.              (Ichitaro is a Japanese word processing program).
64.  
65. 08/19/99   * Added detection and repair for embedded documents inside
66.              PowerPoint 97.
67.  
68. 11/22/99   * Added detection and repair for Trojans embedded in OLE
69.              files, such as Windows scrap files and MS Office
70.              documents.
71.            * Added detection for viruses which infect Microsoft
72.              Project documents (P98M.Corner.A, for example).
73.  
74.  
75. **********************************************************************
76. ** Changes Incorporated Into This Virus Definitions Update            **
77. **********************************************************************
78. New virus definitions:
79.  
80.         Virus Name                Infection Type          Week added
81.         ----------                --------------          ----------
82.         AOL 79316.Trojan          File infector           01/24/00
83.         Backdoor.Netget.A         File infector           01/03/00
84.         Backdoor.Sockets23        File infector           01/24/00
85.         Backdoor.TheThing-1.2     File infector           01/31/00
86.         Bloodhound.W32            File infector           01/15/00
87.         Deltree Trojan #5         File infector           01/31/00
88.         Divine.Trojan             File infector           01/31/00
89.         DMsetup242.IRC.Trojan     File infector           01/15/00
90.         DonaldD.Trojan.a          File infector           01/15/00
91.         Eek (b)                   Boot infector           01/31/00
92.         Hellfire                  File infector           01/10/00
93.         Hellfire (2)              File infector           01/10/00
94.         Hellfire (3)              File infector           01/10/00
95.         HLP.Demo                  File infector           01/31/00
96.         I-Worm.NewApt.c           File infector           01/10/00
97.         Kill98.Trojan             File infector           01/03/00
98.         Marzia.2048.ww.c          File and boot infector  01/03/00
99.         Marzia.2048.ww.c (2)      File and boot infector  01/03/00
100.         Marzia.2048.ww.c (b)      File and boot infector  01/03/00
101.         Opera                     File infector           01/24/00
102.         Orifice.dr                File infector           01/03/00
103.         PieGates.Demo.Trojan      File infector           01/31/00
104.         Snob.IRCworm              File infector           01/31/00
105.         Trojan.77254              File infector           01/24/00
106.         Trojan.78609              File infector           01/31/00
107.         Trojan.Boom               File infector           01/31/00
108.         Trojan.Coced              File infector           01/24/00
109.         Trojan.Gas                File infector           01/24/00
110.         Trojan.MSREXE.b           File infector           01/24/00
111.         Trojan.MSREXE.b           File infector           01/31/00
112.         Trojan.Skism.a            File infector           01/10/00
113.         Trojan.Watcher            File infector           01/03/00
114.         VBS.Illen.B               File infector           01/24/00
115.         VBS.Lucky                 File infector           01/03/00
116.         VBS.Mix.1852.A            File infector           01/03/00
117.         Vienna.457                File infector           01/15/00
118.         W2K.Installer.1676        File infector           01/10/00
119.         W2K.Installer.1688        File infector           01/10/00
120.         W32.Cabanas (gen1)        File infector           01/10/00
121.         W32.Crypto                File infector           01/03/00
122.         W32.ExploreZip.D.Worm     File infector           01/24/00
123.         W32.I13.8192.B            File infector           01/24/00
124.         W32.IhSix.3048            File infector           01/03/00
125.         W32.IhSix.Wsock           File infector           01/03/00
126.         W32.Legacy                File infector           01/03/00
127.         W32.Mix.1852              File infector           01/03/00
128.         W32.Mix.1852.dr           File infector           01/03/00
129.         W32.NewApt.C2.Worm        File infector           01/10/00
130.         W32.NewApt.D.Worm         File infector           01/10/00
131.         W32.NewApt.E.Worm         File infector           01/31/00
132.         W32.NewApt.F.Worm         File infector           01/31/00
133.         W32.Plage.Worm            File infector           01/14/00
134.         W32.Resure.29696          File infector           01/10/00
135.         W32.Stupid.B              File infector           01/03/00
136.         W32.Winext.Worm           File infector           01/24/00
137.         W95.Caw.1457              File infector           01/31/00
138.         W95.CIH (int)             File infector           01/10/00
139.         W95.Enumiacs              File infector           01/24/00
140.         W95.Fiasko.2500           File infector           01/10/00
141.         W95.Filth.1030            File infector           01/24/00
142.         W95.Horn.1862             File infector           01/24/00
143.         W95.I13.8192              File infector           01/10/00
144.         W95.Mmort.1340            File infector           01/10/00
145.         W95.Murkry.399            File infector           01/03/00
146.         W95.Nathan.3792           File infector           01/10/00
147.         W95.SK                    File infector           01/03/00
148.         W95.SK (com)              File infector           01/31/00
149.         W95.SK (HLP)              File infector           01/31/00
150.         W95.Spawn.4608            File infector           01/10/00
151.         W95.WG.12288              File infector           01/03/00
152.         W97M.Armagid.A            File infector           01/03/00
153.         W97M.Astia.Z              File infector           01/10/00
154.         W97M.Drawbridge           File infector           01/15/00
155.         W97M.Figura.A             File infector           01/10/00
156.         W97M.JuneFill.A           File infector           01/10/00
157.         W97M.Melissa.AL           File infector           01/31/00
158.         W97M.Mxfile.B             File infector           01/24/00
159.         W97M.Myna.C               File infector           01/24/00
160.         W97M.Opey.M               File infector           01/03/00
161.         W97M.Patricia.A           File infector           01/15/00
162.         W97M.Plain.Int            File infector           01/31/00
163.         W97M.Pull.A               File infector           01/10/00
164.         W97M.Rgade                File infector           01/24/00
165.         W97M.Shepmah              File infector           01/10/00
166.         W97M.Thus.B               File infector           01/24/00
167.         W97M.Thus.F               File infector           01/10/00
168.         W97M.Thus.G               File infector           01/15/00
169.         W97M.Thus.H               File infector           01/31/00
170.         W97M.VMPCK1.DF            File infector           01/15/00
171.         W97M.VMPCK1.DG            File infector           01/24/00
172.         WinSKC.Trojan             File infector           01/10/00
173.         WM.TH.A                   File infector           01/15/00
174.         WM.TH.B                   File infector           01/24/00
175.         X97M.Automat.AA           File infector           01/31/00
176.         XM.Laroux.LZ              File infector           01/31/00
177.         YAI.Trojan                File infector           01/24/00
178.         Zelu                      File infector           01/03/00
179.  
180. Name Changes:
181.  
182.         Old Virus Name            New Virus Name          Date changed
183.         --------------            --------------          ------------
184.         W32.Passion.27648(2)   to Backdoor.VHM            01/24/00
185.         W32.Stupid             to W32.Stupid.A            01/03/00
186.         W95.Caw                to W95.Caw.1416            01/31/00
187.         W95.Nathan             to W95.Nathan.3520         01/10/00
188.         W97M.Aleja             to W97M.Aleja.B            01/24/00
189.         W97M.Aleja5            to W97M.Aleja.A            01/24/00
190.         W97M.Aleja5.B          to W97M.Aleja.C            01/24/00
191.         W97M.Aleja5.C          to W97M.Aleja.E            01/24/00
192.         W97M.Aleja5.D          to W97M.Aleja.I            01/24/00
193.         W97M.Aleja5.E          to W97M.Aleja.D            01/24/00
194.         W97M.AntiSocial        to W97M.AntiSocial.A/B     01/24/00
195.         W97M.AntiSocial.F      to W97M.AntiSocial.F,H     01/24/00
196.         W97M.Appder.O          to W97M.Appder.S           01/24/00
197.         W97M.Bablas            to W97M.Bablas.Family      01/24/00
198.         W97M.BADTEMP.A         to W97M.Smac.B             01/24/00
199.         W97M.Bellingham        to W97M.Metys.A            01/24/00
200.         W97M.Biolord           to W97M.Nid.A              01/24/00
201.         W97M.Cali.A            to W97M.Caligula.A         01/24/00
202.         W97M.Carrier.D         to W97M.Sin.A.intd         01/24/00
203.         W97M.Cartman.B         to W97M.VMPCK1.F           01/24/00
204.         W97M.Cartman.C         to W97M.VMPCK1.T           01/24/00
205.         W97M.Cartman.D         to W97M.VMPCK1.U           01/24/00
206.         W97M.Cartman.E         to W97M.VMPCK1.CX          01/24/00
207.         W97M.CHACK.I           to W97M.Chack.K            01/24/00
208.         W97M.CHACK.J           to W97M.Chack.AR           01/24/00
209.         W97M.Class.BD          to W97M.Class.AZ/BD/EA     01/24/00
210.         W97M.Class.BE          to W97M.Class.AY           01/24/00
211.         W97M.Class.BP          to W97M.Class.BH           01/24/00
212.         W97M.Class.BT          to W97M.Class.BV           01/24/00
213.         W97M.Class.D           to W97M.Jerk.A             01/24/00
214.         W97M.Class.S           to W97M.Class.I.var        01/24/00
215.         W97M.ColdApe.B         to W97M.ColdApe.C          01/24/00
216.         W97M.ColdApe.C         to W97M.ColdApe.B          01/24/00
217.         W97M.CopyTemp.intd     to W97M.Buendi.A           01/24/00
218.         W97M.Counter.D         to W97M.Counter.E          01/24/00
219.         W97M.Creeper           to W97M.Magnetic.A         01/24/00
220.         W97M.Daydream.A        to W97M.Lys.E              01/24/00
221.         W97M.Derroche          to W97M.DWMVCK1.F          01/24/00
222.         W97M.Destro            to W97M.Class.BV(2)        01/24/00
223.         W97M.Drawbridge        to W97M.Opey.O             01/24/00
224.         W97M.DWMVCK1.C         to W97M.PassBox.C          01/24/00
225.         W97M.DWMVCK1.F         to W97M.Ozwer.A            01/24/00
226.         W97M.DWMVCK1.G         to W97M.VMPCK1.CZ          01/24/00
227.         W97M.DWMVCK1.H         to W97M.Ozwer.C            01/24/00
228.         W97M.Footprint         to W97M.Footer.B           01/24/00
229.         W97M.Furby             to W97M.Class.BA/BB        01/24/00
230.         W97M.Hark.B            to W97M.Nottice.Y          01/24/00
231.         W97M.India.C           to W97M.Marker.AB          01/24/00
232.         W97M.IRCJack.A         to W97M.Story.A            01/24/00
233.         W97M.ITSC              to W97M.Osm                01/24/00
234.         W97M.Jedi.G            to W97M.Jedi.J             01/24/00
235.         W97M.Joy               to W97M.Class.W            01/24/00
236.         W97M.JuneFill.A        to W97M.Marker.BN          01/24/00
237.         W97M.Passbox.C         to W97M.Passbox.D          01/24/00
238.         W97M.Passbox.D         to W97M.Passbox.D(2)       01/24/00
239.         W97M.VMPCK1.F          to W97M.Remplace.E         01/24/00
240.  
241. Deletions:
242.  
243.         Virus Name                Infection Type          Date removed
244.         ----------                --------------          ------------
245.         Oscar                     File infector           01/31/00
246.  
247. **********************************************************************
248. **    Enabling/Disabling PowerPoint Scanning                            **
249. **********************************************************************
250. PowerPoint Scanning is now enabled by default and can be optionally
251. disabled.  However, you may want to verify that files with
252. PowerPoint extensions will be scanned by making sure that your
253. NAV options have both ".PPT" and ".POT" in the list of extensions
254. to scan.
255.  
256. To disable PowerPoint scanning in NAV for Windows 95/NT
257. version 4.x or NAV for OS/2, a text file named NAVEX15.INF should
258. be placed in the directory where NAV 4.x or NAV 5.x is installed
259. (i.e., C:\Program Files\Norton AntiVirus).
260.  
261. To disable PowerPoint scanning in NAV for Netware version 4.x, a text
262. file named NAVEX15.INF should be placed in the directory where NAV
263. 4.x is installed (i.e., sys:system\navnlm).
264.  
265. To disable PowerPoint scanning in NAV for Windows 95/NT version 2.0,
266. NAV 4.x for Windows 3.1/DOS, NAVIEG 1.x, or NAVFW 1.x a text file
267. named NAVEX.INF should be placed in the directory where NAV is
268. installed (i.e., C:\NAV).
269.  
270. The contents of the text file, NAVEX15.INF or NAVEX.INF, determine
271. which components of NAV have PowerPoint scanning disabled.
272.  
273. To disable PowerPoint scanning for a particular component, use the
274. following table to determine the lines to add to the text file.
275. PowerPoint scanning can be disabled for more than one component if
276. needed by adding the required lines for the desired components.
277.  
278. +---------------------+--------------------------+--------------------+
279. |Windows 95/NT scanner|Windows 95/NT auto-protect|DOS scanner         |
280. +---------------------+--------------------------+--------------------+
281. |[NAVW32]             |[NAVAP]                   |[NAVDX]             |
282. |PowerPointScanning=0 |PowerPointScanning=0      |PowerPointScanning=0|
283. +---------------------+--------------------------+--------------------+
284.  
285. +----------------------+--------------------+--------------------+
286. |Windows 3.1 scanner/AP|Netware scanner         |OS/2 scanner/AP |
287. +----------------------+--------------------+--------------------+
288. |[NAVWIN]              |[NAVNLM]            |[NAVOS2]            |
289. |PowerPointScanning=0  |PowerPointScanning=0|PowerPointScanning=0|
290. +----------------------+--------------------+--------------------+
291.  
292. To enable PowerPoint scanning for a component, delete the lines
293. added for that component from the NAVEX15.INF or NAVEX.INF file.
294.  
295. **********************************************************************
296. **    Additional Information                                            **
297. **********************************************************************
298. SARC has equipped Norton AntiVirus with a new feature called
299. "Infestation Mode."  If a large number of new or unknown viruses
300. is found on the system during a scan, Norton AntiVirus will
301. automatically enable its highest level of detection.  This gives
302. users the most comprehensive protection in cases where a viral
303. infestation may have been detected.  If you would like to disable
304. this feature, you can do so by following these instructions:
305.  
306. 1. Create a text File called NAVEX15.INF in your Norton AntiVirus
307.    directory,e.g., C:\Program Files\Norton AntiVirus. If this file
308.    already exist go to step two.
309.  
310. 2. Place the following lines in this File on the left-hand margin:
311.  
312. [NAVW32]
313. infestmode=0
314.  
315. [NAVDX]
316. infestmode=0
317.  
318. 3. Save the File.
319.  
320.  
321. Additional information regarding this virus definitions update can be
322. found in UPDATE.TXT and TECHNOTE.TXT.
323.