home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 1996 April
/
CHIP 1996 aprilis (CD06).zip
/
CHIP_CD06.ISO
/
sac
/
avir
/
vnscup.exe
/
221.NEW
< prev
next >
Wrap
Text File
|
1995-12-15
|
19KB
|
831 lines
VirusNet v2.21 Changes
----------------------
Version 2.21 - major changes:
Many virus names have been changed, in order to make the
naming scheme more logical. Most new viruses now receive names of
the form "family.xxxx", where xxxx is the infective length of the
virus, and most old virus names have been changed accordingly.
Version 2.21 - the following problems were found and corrected:
The Antibase virus was only detected in COM files, not EXE.
The Ginger.2774 virus was only detected in boot sectors, but not
identified properly.
The PH33R virus was not detected in Windows applications, just DOS files.
Version 2.21 - the following false alarms were fixed:
EMPRL03.COM: MtE
NC.EXE: Possibly a new variant of Civil_Defense
NGBOOT.EXE: Possibly a new variant of AntiCAD
POSCRN.QPP: MtE
ROMSHELL.COM:Possibly a new variant of PS-MPC
TSRCHK.COM: Possibly a new variant of Taz
VEIJO.EXE: Possibly a new variant of Urfydus
Also, VIRSTOP flagged some ProPack compressed files as containing
the Over1644 virus.
Version 2.21 - minor improvements and changes:
Previously, if a small file was created which contained nothing but a
short byte sequence, which happened to match one of the search strings
VirusNet used, it would report "possibly a new variant of ...". This has
been changed so that if the file is too short to contain a virus, nothing
is reported.
VirusNet now recognizes four new packers/wrappers (Hybrid, JD3, Teus
and Ucexe), which used to trigger the heuristic scanner, but are
now reported properly.
VirusNet now detects programs that have been Trojanized by the Exebug virus.
Invalid files (for example .EXE files with the entry point outside
the loadable part) do not count as "suspicious" files any more.
Version 2.21 - new viruses:
The following 43 viruses are now identified, but can not be removed as
they overwrite or corrupt infected files. Some of them were detected by
earlier versions of VirusNet, but not identified accurately.
_548
Bane
Burgar.560.BB
Darth_Vader.411
Itti.99.C
Leprosy (534, 666.R, 666.S, 666.T and 792)
Linda
Marked-X.304
MSK (272.B, 272.C and 284.B)
Orce (67 and 71)
PS-MPC (343 and 604)
Quasar.422
SillyOR (49, 66.B, 70, 76 and 83)
Springs
Terra
Trelew
Trivial (26.D, 29.F, 31.D, 34.B, 40.H, 41, 42.I, 53 and 119)
VCL (341, 355, 407, 427, 645, Mindless.423.I)
In addition, 2.21 detects the AOLGold Trojan
The following 290 new viruses can now be removed. Many of them were
detected by earlier versions, but are now identified accurately.
_205
_291
_351
_386
_505
_553
_612
_658
_724
_745
_759
_807
_1314
_1315
_1647
_1972
Ahav
Alex.818
Antipascal.604
Anthrax.B
Armagedon (1065 and 1066
Asahi (1045 and 1061)
Australian_Parasite (231 and 279.B)
Avalon
Badsectors.3627
Barrotes (1310.H and 1463)
Beda.1530
Bengal.1170
Bero.1000
Black_Jec.231.B
Blink.495
BootExe (453.A, 453.B and 453.C)
BW.410
Cascade (1701.AL, 1701.AM, 1701.AN, 1701.AO, 1701.AP and 1704.AC)
Catherine
CED
Chomik
Claws.569
Clonewar (194, 200, 207, 220, 229, 235, 242 and 252)
Clouds.705
Combi.1106
Conjurer (181, 265, 270, 277, 353 and 550)
Continua.B
Cor
Coyote
CPW.1457
Creeper.482
Dackness.1125
Dagger
Danish_Tiny (253, 263.B and 312)
Dark_Avenger.2000.GoGo
Dark_Revenge
Darth_Vader.344.E
Deicide_II (2403 and 2568)
Dex
Diablo
Diamond.1024.D
Drunk.527
EM
Fis
Flame.B
Flying.633
Freedom.2448
Genvir (1504 and 1808)
Ginger.2620
Gippo.Bumpy.B
Gidra.506
Golgi.608
Green_Caterpillar (1575.K and 1618)
Gynx
H8
Hates.190
Heja (511.B and 511.C)
Helloween (1376.B, 1376.C, 1376.D, 1376.E and 1376.F)
Hellspawn.1075
HLL.10217
HLLC.12573
Ibqqz
Intruder (2050 and 2051)
IVP (336, 568, 585, 592, 594, 652, 668.B, 694, 724, Hot_Zone.539
and Hot_Zone.642)
Jerusalem (679, 880, 1013, 1024, 1234, 1478, 1548, 1587, 1624,
1653.A, 1653.B, 1653.C, 1653.D, 1747.B, 1808.Frere.K,
1808.sUMsDos.AS, 1808.sUMsDos.AT, 1808.sUMsDos.AU,
1808.sUMsDos.AV, 1805.sUMsDos.AW, 2368, Sunday.P and
Sunday.T)
Katvir
Keeling
Kode_4 (399.B and 412)
Kolumna.1100
Leda
Leech.1008
Little_Brother (276 and 398)
Lordzero (370 and 374)
Malaise.D
Mario.661
MDS.331
Megas.932
Mephisto.510
Minnie
Mixture.1000
MR
MSU.297
Murphy (HIV.D and HIV.E)
Natas.4740
No_Frills.1358
NotStoned
November_17th.768.E
Ntmy
Odo (816 and 930)
Opal
Open (1569 and 1581)
Overboot
Peligro.1208
PH33R
Phi
Pihenj
Pixel
Platov
PS-MPC (G2.312, 306, 331.C, 465, 475, 603.D, 696, 697, 719, 1242,
G2.585.C, Joshua.985 and Skeleton.598.G)
Pure.439
Quell
Quick
Quish.303
Reverse.C
Riihi.258
Riot (1299, 1305 and 1415)
Rip.3214
RMC
Rocket
Rodolf.4096.B
Salamander
Scotch
Serve.905
Seventh_son.334
SillyC (101, 109, 110, 162, 184, 186, 226, 254.A, 254.B and 559)
SillyCR (125.B, 303 and 3152)
SillyER.168
Sofia_term (1393 and 1487)
Solar (100, 102 and 122)
Span.1127
Src.65
Stat
Stoned (Dinamo.B and Dinamo.C)
Suriv_1 (941 and 1000.B)
Swiss_boot.B
Tai-Pan.438.C
Tankar.212
Teh
Three_Months.509
Tib
Timid (245, 289 and 302.B)
Titanium
Undershove
VCL (229, 331, 339, 343.A, 343.B, 395, 401, 432, 453, 485, 513,
517, 570, 606.B, 609.B, 659, 708, 715, 851.B, 909, Spam, VCC.343 and VCC.353)
Vienna (595, 648.AG, 648.AH, 895, Iraqui_Warrior.C, Violator.716.B
and W-13.600)
Virdem.1336.German.C
Won't_Last
WSI
WZ (436.A and 465.B)
Xiv
YB.8588
The following 108 new viruses are now detected and identified but can not
yet be removed.
_732
_2158
Air_Raid.330
Andris
Annihilator (208, 272.B, 276, 298, 299, 305, 308, 314, 361, 383,
394, 416, 453, 510, 548, 596, 603, 673, 733 and 739)
Attitude.823
Caos
Conjurer (300, 312, 377, 408, 433, 506, 510, 586 and 886)
Crazy_Frog
Dan (1092 and 1871)
Digdeath (1062 and 1153)
Entity.1997
Explorer.3037
Father_Mac.1382
Grace
Hello.430
Int13.B
IVP (421, 534, 632, 653, 673, 674, 677, 682, 683, 693, 703,
786, 967, 999, 1017 and Insomnio)
Kato.1536
Lapidario (768 and 787)
Lost_Friend (881 and 882)
Lucifer
Marbas.1303
M01
MPTI.1536
Nightfall.5764
NRLG (575, 587, 624, 654, 655, 656, 719, 727, 834, 899 and 982)
No_of_the_beast.AC
Pizelun.3599
PS-MPC.583
Psychosis.991
Qtiny.162
Quish.398)
Red_October.584
Red_Zar (461 and 467)
Rider.575
Riot.Carpe_Diem.1012
Rubbit.1274
Spec
Split_Second.1120
St_R
Thirty_First
Tigre.1800.B
Valid.821
Vampiro.1623
VCL (VCC.367, VCC.438 and VCC.571)
WordMacro/Colors
Zmia
The following 5 new viruses are now detected, but not identified.
VirusNet will just report the family name with a (?) or report the
virus as "New or modified variant", as it is not yet able to determine
which variant it is dealing with. Disinfection of these viruses is not
yet possible.
Avispa (C, D, E and F)
FinnPoly
The following 3 viruses which were identified by earlier versions can
now be removed.
Boot-437
Com2S
LV
The following viruses have been renamed:
_1798 -> Com2S.1798
Espejo -> Fifteen_Years
Vienna.IWG -> Vienna.Iraqui_Warrior.B
Version 2.20d - the following problems were found and corrected:
The Antibase virus was only detected in COM files, not EXE.
The Ginger.2774 virus was only detected in boot sectors, but not
identified properly.
The PH33R virus was not detected in Windows applications, just DOS files.
Version 2.20d - minor improvements and changes:
Previously, if a small file was created which contained nothing but a
short byte sequence, which happened to match one of the search strings
VirusNet used, it would report "possibly a new variant of ...". This has
been changed so that if the file is too short to contain a virus, nothing
is reported.
VirusNet now detects programs that have been Trojanized by the Exebug
virus.
Version 2.20d - new viruses:
The following 29 viruses are now identified, but can not be removed as
they overwrite or corrupt infected files. Some of them were detected by
earlier versions of VirusNet, but not identified accurately.
_548
Bane
Burgar.560.BB
Darth_Vader.411
Itti.99.C
Leprosy (534, 666.R and 792)
Linda
MSK (272.B, 272.C and 284.B)
Orce (67 and 71)
Quasar.422
SillyOR.83
Springs
Terra
Trelew
Trivial (26.D, 29.F, 40.H and 42.I)
VCL (341, 355, 407, 427, 645, Mindless.423.I)
The following 183 new viruses can now be removed. Many of them were
detected by earlier versions, but are now identified accurately.
_205
_351
_553
_612
_658
_724
_759
_1314
_1972
Ahav
Alex.818
Anthrax.B
Armagedon (1065 and 1066
Asahi (1045 and 1061)
Australian_Parasite (231 and 279.B)
Avalon
Badsectors.3627
Barrotes.1463
Beda.1530
Bengal.1170
Black_Jec.231.B
BootExe (453.A, 453.B and 453.C)
Cascade (1701.AL, 1701.AM, 1701.AN, 1701.AO and 1701.AP)
Catherine
CED
Chomik
Conjurer (181, 265, 270, 277, 353 and 550)
Continua.B
Cor
Coyote
CPW.1457
Creeper.482
Dagger
Danish_Tiny (263.B and 312
Dark_Avenger.2000.GoGo
Dark_Revenge
Darth_Vader.344.E
Dex
Diablo
Diamond.1024.D
Drunk.527
EM
Fis
Flame.B
Ginger.2620
Gippo.Bumpy.B
Gynx
H8
Hates.190
Heja (511.B and 511.C)
Helloween (1376.B, 1376.C, 1376.D, 1376.E and 1376.F)
Hellspawn.1075
HLL.10217
HLLC.12573
Ibqqz
IVP.652
Jerusalem (1024, 1234, 1624, 1747.B, 1808.Frere.K, 1808.sUMsDos.AS,
1808.sUMsDos.AT, 1808.sUMsDos.AU and Sunday.P)
Katvir
Keeling
Kode_4 (399.B and 412)
Kolumna.1100
Leda
Leech.1008
Little_Brother.276
Malaise.D
Mario
MDS.331
Mephisto.510
Minnie
MR
Murphy (HIV.D and HIV.E)
Natas.4740
No_Frills.1358
NotStoned
November_17th.768.E
Ntmy
Opal
Open (1569 and 1581)
Overboot
Peligro.1208
PH33R
Phi
Pihenj
PS-MPC (306, 603.D and Skeleton.598.G)
Pure.439
Quell
Quick
Reverse.C
Riihi.258
Riot (Carpe_Diem.1305 and Carpe_Diem.1415)
RMC
Rocket
Rodolf.4096.B
Salamander
Scotch
Seventh_son.334
SillyC (101, 109, 162, 184, 254.A and 254.B)
SillyCR (125.B and 3152)
SillyER.168
Stoned (Dinamo.B and Dinamo.C)
Suriv_1 (941 and 1000.B)
Swiss_boot.B
Tai-Pan.438.C
Tankar.212
Teh
Tib
Timid (245, 289 and 302.B)
Titanium
Undershove
VCL (229, 331, 339, 343.A, 343.B, 395, 401, 432, 453, 485, 513,
517, 570, 708, 851.B, 909, Spam, VCC.343 and VCC.353)
Vienna (648.AG, 648.AH, Iraqui_Warrior.C and W-13.600)
Virdem.1336.German.C
Won't_Last
WSI
WZ (436.A and 465.B)
Xiv
YB.8588
The following 65 new viruses are now detected and identified but can not
yet be removed.
_732
_2158
Air_Raid.330
Annihilator (208, 272.B, 276, 308, 314, 361, 394, 453, 510 and 548)
Attitude.823
Caos
Conjurer (300, 312, 377, 408, 433, 506, 510, 586 and 886)
Crazy_Frog
Dan (1092 and 1871)
Digdeath (1062 and 1153)
Explorer.3037
Grace
Int13.B
IVP (632, 674, 703, 1017 and Insomnio)
Lost_Friend (881 and 882)
Lucifer
Marbas.1303
M01
NRLG (575, 587, 624, 655, 727 and 982)
No_of_the_beast.AC
Psychosis.991
Qtiny.162
Quish
Red_Zar (461 and 467)
Rider.575
Riot.Carpe_Diem.1012
Spec
St_R
Thirty_First
Tigre.1800.B
Vampiro.1623
VCL (VCC.367, VCC.438 and VCC.571)
WordMacro/Colors
The following 5 new viruses are now detected, but not identified.
VirusNet will just report the family name with a (?) or report the
virus as "New or modified variant", as it is not yet able to determine
which variant it is dealing with. Disinfection of these viruses is not
yet possible.
Avispa (C, D, E and F)
FinnPoly
The following 2 viruses which were identified by earlier versions can
now be removed.
Boot-437
LV
The following viruses have been renamed:
Espejo -> Fifteen_Years
Vienna.IWG -> Vienna.Iraqui_Warrior.B
Version 2.20 - major changes:
VirusNet will now scan .DO? (typically .DOC and .DOT) files by default.
This is done because of the Microsoft Word Macro-based viruses that
appeared recently. This behavior can be disabled with the /NODOC
command-line switch.
Version 2.20 - the following false alarms were fixed:
DLL.COM : Possibly a variant of Australian_Parasite
LXDSPS.COM : Possibly a dropper program for a new variant of Stoned
PCUNPACK.EXE : MtE
WSASRV.EXE : MtE
Version 2.20 - new viruses:
The following 2 viruses are now identified, but can not be removed as
they overwrite or corrupt infected files. Some of them were detected by
earlier versions of VirusNet, but not identified accurately.
HLLO.7227
VCL.Windoze
The following 75 new viruses can now be removed. Many of them were
detected by earlier versions, but are now identified accurately.
Ache
Arg
Australian_Parasite (268, 273, 279, 284, 297, 305, 306.B, 310,
312.A, 312.B, 312.C, 315, 320, 352, 423, 550.B and 579)
Barrotes.840
Bit_Addict (512.A and 512.B)
BJK
Cascade.1701.AK
Chapa (A and B)
Danish_Tiny.163
Datalock.1000
Elaine
Finnish.378
GV.2856
Hates.166
HLL.Commo
IVP (Angry_Samoans.593 and Gwynned)
Ivy (454 and 568)
Jackal.3120
Jerusalem (1238, 1747, 2224 and KorWan)
Keypress.1280
Khiznjak (586 and 696)
Korean_Stranger
Little_Brother (301 and 385)
Major
MMIR.281
Monica
November_17th,706.B
Old_Yankee.1961.D
Pixel.847.No_Teu
PS-MPC (164, 573.L, 573.M, Hiccup, Skeleton.282, Skeleton.386 and
Skeleton.494)
SD.120
Shirley.F
SillyC.222
Suriv_1.1000
Sword.C
Valentine
Vcomm.636.B
Vienna.680.C
Vico.1000
Vivian
Wiz
Xeram
YB (291 and 426.B)
The following 28 new viruses are now detected and identified but can not
yet be removed.
_1121
AC.1400
Anston.1960
Fitw
KY
NRLG (678, 684, 688, 692, 694, 700, 728, 867, 930, 955, 1002 and 1026)
Skater (571 and 697)
Stardot.892
Timid.288
Toothless
Weizen
WordMacro/Concept
WordMacro/DMV
WordMacro/Nuclear
Xuxa.1656
Zarm.2389
Version 2.19 - major changes:
We have added detection of the EICAR standard test file.
Testing the scanner
The correct operation of VirusNet can be tested with a special test
file. This is a dummy file which is detected by VirusNet exactly like
if it were a virus. This file is known as EICAR Standard Anti-virus
Test file, and it is also detected by several other anti-virus products
in a similar manner. (EICAR is the European Institute of Computer
Anti-virus Research).
To create the EICAR test file, use any text editor to create a file
with the following single line in it:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file to any name with COM extension, for example EICAR.COM.
Make sure you save the file in standard MS-DOS ASCII format and that it is
exactly 68 bytes long. Now you can use this file to test what happens
when VirusNet enconters a "real" virus.
Naturally, the file is not a virus. When executed, EICAR.COM will
display the text 'EICAR-STANDARD-ANTIVIRUS-TEST-FILE' and exit.
Version 2.19 - the following false alarms were fixed:
3FD.EXE : Possibly a new variant of Grog
FLOS.EXE : Possibly a new variant of Trivial
LOCKSYSS.COM: Possibly a new variant of AstraSYS
OPENING.SYS : Possibly a new variant of Taz
PENTEST.COM : Possibly a new variant of Quiet
SWMP.EXE : Fish_6 (Virstop)
TRAPBIG.COM : Possibly a new variant of Three_Tunes
TRAPINT.COM : Possibly a new variant of Three_Tunes
Version 2.19 - minor improvements and changes:
Because of problems with using "=" in .BAT file arguments, we now allow
/REPORT:filename in addition to /REPORT=filename.
Version 2.19 - new viruses:
The following 18 viruses are now identified, but can not be removed as
they overwrite or corrupt infected files. Some of them were detected by
earlier versions of VirusNet, but not identified accurately.
Burger.398
Burma.756
Dual_GTM (1436, 1446, 1528, 1643) .COM files infected with any
of those viruses can be disinfected, but due to a flaw in the
virus, disinfection of .EXE files in not possible.
HLLO (7227 and 41714)
Itti.162
Kode_4_over.131
Leprosy.loard
Sandra.1356
Trivial (50.A, 50.B, 84, 100 and 127)
VCL.Mindless.423.H
The following 89 new viruses can now be removed. Many of them were
detected by earlier versions, but are now identified accurately.
_385
_419
_998
_3128
A-OD
Ambulance.795
Anticad.2900.ABT.C
AntiCMOS.C
Apparition
Avalanche.2818
Beda (883 and 1301)
Cascade.1701.AJ
Cyberloard
Dark_Avenger.2000.Dieyoung.C
Datafire
Die.666
EAF.656
Equals.1448
Equus
Father_Mac.269.B
Future
Gidra.505
Ginger.2351
Hafenstrasse.1640
HLL (4629 and Mercury)
HLLC.8902
Holiday.3000
IMI.1536.G
IQ
Jerusalem (1808.EVg, Fu_Manchu.E and Pipi.1552.B)
Jolter
Judge
Khiznjak (306 and 711)
Kode_4.285
Larry.497
Lockjaw.518
Lokinator.971
Lost_Geek.734
MMIR.393
Marian.700
Mirage.1322
Mirea.737
Moonlight
MZV
Nchc
Nightfall (4480, 4518 and 4519)
Npox (1487 and 1726)
OOP
Override.1280
Polifemo.736
PS-MPC (Skeleton.556 and Skeleton.590)
Ranger
Riot.Carpe_Diem.1354
Seagull
Shirley.E
SillyC (122, 190.B and 281)
SillyCR (403 and 710)
Sol (545 and 557)
Sofia_Term.1369
SVC.1689.G
Svin
Swas
Tai-Pan.438.B
Tabulero.B
Tea
That
Trakia.1320
Vampiro (A, B and C)
Vienna.767
VLAD (653, 655 and 2042)
X-Fungus.1483
The following 31 new viruses are now detected and identified but can not
yet be removed.
Antigus
Australian_Parasite.254
BW.708
Caustic
Cowabunga
Dementia
Earle
Father_Mac.306.B
G_World
Green
Ha!.1224.B
Hello.365
JVW.893
Mickie
NRLG (713, 750, 752 and 872)
Radiation
Ratboy (513, 545 and 671)
RTL
Sign
Slovakia_II
Tiawan
TT
Uniq.308
Vice.1197
VLAD.696
Zarm
The following 2 new viruses are now detected, but not identified.
VirusNet will just report the family name with a (?) or report the
virus as "New or modified variant", as it is not yet able to determine
which variant it is dealing with. Disinfection of these viruses is not
yet possible.
Byway
Manzon
The following 7 viruses which were identified by earlier versions can
now be removed.
5lo
Die_Hard
Dream
Jerusalem (Zerotime.Australian.A, Zerotime.Australian.B and
Zerotime.Australian.C) .EXE files can now be disinfected,
but previously only .COM files could be cleaned.
Sayha
The following viruses have been renamed:
_1376 -> Quicky
Media -> Markt
Stanco -> HLL.Stanco
Voodoo -> HLL.Voodoo