home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Experimental BBS Explossion 3
/
Experimental BBS Explossion III.iso
/
virus
/
na21.zip
/
21A10.TXT
< prev
Wrap
Text File
|
1993-08-01
|
5KB
|
119 lines
21A10.TXT - Description file for 21A10.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
August 1, 1993
******************************************************************
[The NAV definition update installation instructions are also
available on this disk in French, German, Italian, Swedish, and
Spanish. Please reference the appropriate file.]
Loading New Definitions
To update NAV 2.1 with the new virus definition you have
just received, do the following:
Note: Each definition set completely replaces the current
set so only the latest is required.
From DOS:
1) At the DOS prompt, type "NAV" then <Enter>.
2) Select the "Cancel" button (ALT-C) to bypass scanning at this time.
3) Select the Definitions menu (ALT-D), then select the "Load from
file" item (L). You will now see the "Load from file" dialog box.
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) In the FILE field, type "A:*.DEF " ("B:*.DEF" if applicable) then
<Enter>.
6) The definition file on the disk should now appear in the
"Files" box.
7) Select the "Files" box (ALT-L). Note: the filename is normally
loaded into the "File" line automatically as it is usually the
only file available. If this is not the case, use the TAB key
to highlight the file then press the spacebar.
8) Select "OK" (ALT-O) to load the new definition set.
9) After loading, press "ESC", exit NAV, and reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
From Windows:
1) Activate NAV by double-clicking on its icon.
2) Click on "CANCEL" in the "Scan Drives" window to bypass scanning
at this time.
3) From the "Definitions" menu choose "Load from file".
4) Place the definition diskette in drive A: (Drive B: where
applicable).
5) Type "A:*.DEF" ("B:*.DEF" if applicable) in the "File" field, then
press the Enter key.
6) The latest definition file should now appear in the "Files" box.
7) Double-Click on the filename inside the "Files" box.
8) The file should begin to load. If not, click the "OK" button to
load the new definition set.
9) After loading, exit NAV, exit Windows, then reboot the machine.
10) NAV will now use the new definitions to scan for viruses.
******************************************************************
Note for users who are not updated through Corporate Channels:
After updating your definitions, if every file is identified as
being infected with "MtE", don't panic. You probably do not have
a virus. Please download the patch file, PTCH1A.ZIP (available
through CompuServe and the Symantec BBS), unzip the file, follow
the instructions included in the readme file, and then load these
definitions again.
If you are unable to download this patch file, or are still
experiencing problems after using it, please contact Symantec
Technical Support.
******************************************************************
Satan Bug
Satan Bug is a polymorphic, non-stealth, resident, COM and EXE infector.
It is approximate in complexity to those viruses incorporating the
Mutation Engine.
The virus starts with a very long decryption routine which varies greatly
in both size and content. Several decryption methods may be employed.
Due to the complexity of the encryption, NAV does not repair this virus.
When an infected file is executed, the virus will seek out COMMAND.COM.
It will be infected first. Then the virus will stay resident in memory
as it infects COM and EXE files as they are executed or copied.
The virus ranges in size from about 3600 to 5400 bytes; the actual virus
being about 3500 bytes and the rest being the polymorphic decryptor.
The text "Satan Bug virus - Little Loc" is hidden in the encrypted portion
of the virus.
A company on the east coast of the United States discovered that it had
been infected by this virus. Thus computer users in the region should be
most careful. If you discover that you are infected by this virus, please
call our Support personnel.
-----
Butterfly
Butterfly is a simple non-resident infector of COM programs. It appears
to be closely related to the Ash virus. Past definition sets would have
been able to detect this variant as the Ash virus.
Butterfly only infects on execution, targetting other files in the current
directory. It is about 300 bytes long and contains the text "butterflies".
This virus has been reported in the wild by another antivirus company.
As noted, you would have been equally protected by the previous definition
of Ash. However, NAV is now able to differentiate.
The Ash definition has been fine tuned to acknowledge the presence of this
new variant and let this new variant be called Butterfly.
Butterfly can be repaired by NAV.
(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)