Whats New in the NAV Virus Definitions Files WHATSNEWTXT

Symantec AntiVirus Research Center SARC May 12 1999

This document contains the following topics
Virus Alerts
New Technologies
Changes Incorporated Into This Update
EnablingDisabling PowerPoint Scanning
Additional Information

Virus Alerts

The fifteen most commonly reported viruses worldwide
1 XMLaroux
2 WMConcept
3 XMExtra
4 WMCap
5 W97MClass
6 WMCopyCap
7 NYB
8 AntiCMOSA
9 StealthBootB
10 W95CIH
11 XFPaix
12 StonedEmpireMonk
13 AntiExe
14 FormA
15 WMWazzu

New Technologies

DATE Technologies Added
—- ——————
81998 Excel heuristics which detect and repair new and unknown
macro viruses in Excel 95 97 documents
91698 Added repair for encrypted Excel 97 documents
102198 Heuristics to detect AOL Password Stealer Trojans
WORD Heuristics improvement to increase detection rate
121798 Macro Exclusion Engine to speed up the scanning for Word
and Excel documents
PowerPoint engine to scan PowerPoint related viruses
To enable this technology please read EnablingDisabling
PowerPoint Scanning section later in this document
021899 Detection and repair of macro viruses in Word and Excel
2000 documents
051299 Added repair for PowerPoint viruses
Improved heuristics to detect more WORD 97 related
viruses

Changes Incorporated Into This Virus Definitions Update

New virus definitions
Virus Name Infection Type Week added
———- ————– ———-
ANTICOM8535 File infector 042699
AntiPascal583 File infector 041999
AntiPascal653 File infector 041999
ARCV1060 1 File infector 040899
ARCV1060 2 File infector 040899
ARCV1060 x File infector 040899
ARCV1060Dropper File infector 040899
AWME1206 File infector 042699
BATBingo1963 File infector 051299
BATCombat736 File infector 051299
BATCombat737 File infector 051299
BATFRET1023 File infector 051299
BATGRUNCH1189 File infector 051299
BATHIGHJAQ1400 File infector 051299
BATHOLOCAST1362 File infector 051299
BATHOLOCAST1655 File infector 051299
BATMDMA990 File infector 051299
Bel2124 File infector 042699
BleemTrojan File infector 040899
BloodhoundHybrid File infector 051299
BloodhoundNeuralBoot Boot infector 040899
BloodhoundNeuralM
Boot infector 040899
BOSpeakeasyDLL File infector 041999
BOSpeakeasyDLL 2 File infector 041999
BOSpeakeasyDLL 3 File infector 041999
Bolero1039 File infector 041999
Bootache2048 File infector 042699
BozaD File infector 051299
BuptC b Boot infector 041999
Burglar1365 1 File infector 041999
Burglar1365 2 File infector 041999
Camilodd378 File infector 050399
Carbuncle621 File infector 042699
Carbuncle621 2 File infector 042699
Carbuncle621 3 File infector 042699
Carbuncle621 4 File infector 042699
CSGaladriel File infector 051299
CSGaladriel 2 File infector 051299
CSGaladriel 3 File infector 051299
DarkCowboy2484 File infector 040899
DarkCowboy2484 2 File infector 040899
DarkCowboy2484 E 2 File infector 041999
DarkCowboy2484 EXE File infector 041999
Devcon8824 File infector 051299
Dikshev119 File infector 041999
Dreg-Based File infector 041999
Erdem421 File infector 042699
EXEHDRBANE256C File infector 051299
EXEHDRCLUST384C File infector 051299
EXEHDREM250 File infector 051299
ExeHeaderCluster277 File infector 041999
Extrano6702 File infector 042699
Extrano6702 2 File infector 042699
Fair2102 1 File infector 041999
Fair2102 2 File infector 041999
Fair2102 x File infector 041999
Fairz1936 File infector 041999
Fairz1936 x File infector 041999
Fp52000 File infector 042699
Helloween1377 File infector 041999
HLLC6052 1 File infector 040899
HLLC6052 2 File infector 040899
HLLC7200 File infector 041999
HLLC7200 2 File infector 041999
HLLCDosInfo52480 File infector 041999
HLLCURI39196 File infector 041999
HLLO4317B File infector 051299
HLLO7808 File infector 041999
HLLO7808 2 File infector 041999
HLLOC-VIRUS4601 File infector 051299
HLLOC-VIRUS5924 File infector 051299
HLLOJulius40932 File infector 041999
HLLOJulius40932 2 File infector 041999
HLLOJulius40932 3 File infector 041999
HLLOKiller17179 File infector 041999
HLLOKiller17179 2 File infector 041999
HLLOKiller17179 3 File infector 041999
HLLP5000 File infector 042699
HLLP5000 2 File infector 042699
HLLP5400 File infector 042699
HLLP5400 2 File infector 042699
HLLP5968 File infector 041999
HLLP5968 2 File infector 041999
HLLP8308 File infector 041999
HLLP8308 1 File infector 041999
HLLP8308 Gen1 File infector 041999
HLLPBanshee4349 File infector 041999
HLLPBanshee4349 2 File infector 041999
HLLPBishkek4160 File infector 042699
HLLPBishkek4160 2 File infector 042699
HLLPBishkek4170 File infector 042699
HLLPBishkek4170 2 File infector 042699
HLLPBishkek4240 File infector 042699
HLLPBishkek4240 2 File infector 042699
HLLPBob10752 File infector 042699
HLLPBob10752 2 File infector 042699
HLLPBrian4933 File infector 041999
HLLPBrian4933 2 File infector 041999
HLLPBuka6998 File infector 042699
HLLPBuka6998 2 File infector 042699
HLLPBuka6998 3 File infector 042699
HLLPGrab5728 File infector 041999
HLLPGrab5728 2 File infector 041999
HLLPHTC File infector 041999
HLLPHTC 2 File infector 041999
HLLPInna6640A File infector 042699
HLLPInna6640A 2 File infector 042699
HLLPInna6640C File infector 042699
HLLPInna6640C 2 File infector 042699
HLLPKasienka File infector 050399
HLLPKasienka 2 File infector 050399
HLLPKobr9488 File infector 041999
HLLPKobr9488 2 File infector 041999
HLLPKornik5658a File infector 041999
HLLPKornik5658a 2 File infector 041999
HLLPKornik5658a 3 File infector 041999
HLLPKRILE5776 File infector 042699
HLLPKRILE57762 File infector 042699
HLLPLight4917a File infector 041999
HLLPLight4917a 2 File infector 041999
HLLPLight4917a 3 File infector 041999
HLLPLithua File infector 050399
HLLPLithua 2 File infector 050399
HLLPNazi8000B File infector 042699
HLLPNazi8000B 2 File infector 042699
HLLPPPZ7864 File infector 042699
HLLPPPZ7864 2 File infector 042699
HLLPPPZ8516 File infector 042699
HLLPPPZ8516 2 File infector 042699
HLLPPPZ8516 u File infector 042699
HLLPPPZ8516 u2 File infector 042699
HLLPRangel5000 File infector 041999
HLLPRangel5000 2 File infector 041999
HLLPRangel5000 3 File infector 041999
HLLPRenia6253 File infector 041999
HLLPRenia6253 2 File infector 041999
HLLPRenia6253 3 File infector 041999
HLLPRomeo5248 File infector 041999
HLLPRomeo5248 2 File infector 041999
HLLPSabot41961 2 File infector 042699
HLLPSaboteur41961 File infector 042699
HLLPSlonik9787 File infector 042699
HLLPSlonik9787 2 File infector 042699
HLLPTaras4884 File infector 042699
HLLPTaras4884 2 File infector 042699
HLLPTaras5046 File infector 042699
HLLPTaras5046 2 File infector 042699
HLLPUX1427200 File infector 042699
HLLPUX1427200 2 File infector 042699
I13Camilo247 File infector 042699
I13Camilo380 File infector 042699
I13Litera2126 File infector 042699
I13Tolkien b Boot infector 042699
IMMUNE536 1 File infector 041999
IMMUNE536 2 File infector 041999
Implant6144 File infector 042699
Implant6144 x File infector 042699
Implant6200 File infector 042699
Implant6200 x File infector 042699
IOS1290 File infector 041999
Jacky1107 Gen1 File infector 051099
Jam1295 File infector 041999
Jerkin333 File infector 040899
JeruTarapaB 1 File infector 040899
JeruTarapaB 2 File infector 040899
JeruTarapaB x1 File infector 040899
JeruTarapaB x2 File infector 040899
K2PSTrojan File infector 051299
Keypress1522 x File infector 042699
KID256 File infector 051299
KSENIA3599 File infector 042699
leo328 File infector 040899
leo328 2 File infector 040899
LHAdmb File infector 041999
LHAdmb 1 File infector 041999
Lilith2 Boot infector 051299
Lizard5150 VXD File infector 040899
Lizard5150 VXD 2 File infector 040899
LUCE3600 File infector 040899
LuciferBoot Boot infector 041999
Lungmp2589 b File and Boot infector 041999
Marina902 File infector 041999
Markiz1560 File infector 042699
Mini COM File infector 042699
MiniB File infector 042699
Moloch2 Boot infector 051299
MondayWorm File infector 041999
MondayWorm 2 File infector 041999
MondayWorm 3 File infector 041999
Naff821 File infector 042699
Natas4826 b Boot infector 042699
NetBus v20 File infector 042699
NetBus v20 2 File infector 042699
NetBus v20 3 File infector 042699
NukeHowardDropper File infector 040899
NukeMarauderDropper File infector 040899
O97MShiverE File infector 041999
O97MShiverF File infector 041999
OBJ150 File infector 042699
Opic1712 2 File infector 041999
OrificeAddonTrojan File infector 040899
Poful5392 File infector 041999
Poful5392 2 File infector 041999
Poful5392 3 File infector 041999
Poful5392 4 File infector 041999
Poful5392 5 File infector 041999
PresidentB1504 File infector 041999
Pusher374 File infector 042699
Senda4162 File and Boot infector 051099
Senda4162 b File and Boot infector 051099
Senda4162 m File and Boot infector 051099
SillyBP1f81 b Boot infector 041999
SILLYC110B File infector 042699
SILLYC834 File infector 042699
SILLYCOverwriter File infector 042699
SILLYOC106A File infector 051299
SILLYOC186B2 File infector 051299
SillyOC247A File infector 042699
SillyOC247C File infector 042699
SillyOrce132 File infector 042699
SimpleIncorrectDOS File infector 040899
SimpleNazareth File infector 050399
Small104b File infector 040899
Sysm348 File infector 042699
Taek2119 File infector 042699
Taipan438C File infector 041999
Tiny273 File infector 040899
Tiny273 2 File infector 040899
TPKAnti-Stoned b Boot infector 041999
Treb1426 File infector 042699
Trial768 File infector 042699
Trivial77 File infector 040899
Trojan Generator File infector 041999
Trojan21653 File infector 042699
Ugly4893 File infector 051299
V1061 File infector 041999
V544 File infector 040899
V768B File infector 041999
Vien623 2 File infector 040899
Voodoo3081 File infector 042699
Voodoo3081 2 File infector 042699
Voodoo3081 3 File infector 042699
W31NEHeader File infector 042699
W32Apathy File infector 040899
W32Heretic File infector 040899
W32Heretic DLL File infector 040899
W32Heretic DLL 2 File infector 040899
W32Heretic DLL 3 File infector 040899
W32Idyllwild File infector 040899
W32Maya File infector 040899
W32Redemption File infector 040899
W32VB File infector 040899
W95Apparition File infector 051099
W95CrazyPunk File infector 042699
W95CrazyPunk 2 File infector 042699
W95Emotion File infector 051099
W95Emotion 2 File infector 051099
W95Enumiacs File infector 051299
W95Enumiacs EXE File infector 051299
W95Enumiacs EXE 2 File infector 051299
W95Enumiacs EXE 3 File infector 051299
W95Fono b File and Boot infector 040899
W95Giri File infector 051099
W95Highway File infector 051299
W95Highway DLL File infector 051299
W95Highway DLL 2 File infector 051299
W95Highway DLL 3 File infector 051299
W95HPS Gen1 File infector 050399
W95HPS Gen1 2 File infector 050399
W95Levi File infector 051099
W95LudJadis File infector 040899
W95LudJez File infector 051099
W95Mad2736 File infector 040899
W95Murky390 File infector 040899
W95Niko File infector 051299
W95Obsolete File infector 051299
W95Powerful File infector 051099
W95Regswap File infector 040899
W95Ruff File infector 051299
W95Savior File infector 051299
W95Tentacle2048 File infector 051099
W95Twinny File infector 040899
W95Uwaga File infector 040899
W95Voodoo File infector 051099
W95Yabran File infector 042699
W95Yabran Gen1 File infector 051099
W95Zerg File infector 042699
W97MAPMRS File infector 042699
W97MAstiaD File infector 041999
W97MCaligulaB File infector 042699
W97MCarrierC File infector 042699
W97MCarrierE File infector 042699
W97MCarrierF File infector 042699
W97MColombiaA File infector 042699
W97MCounterD File infector 040899
W97MDWMVCK1H File infector 041999
W97MIISE File infector 042699
W97MITSC File infector 041999
W97MJoy File infector 040899
W97MMAMMA File infector 051299
W97MMDMABV File infector 051299
W97MMimirA File infector 051299
W97MModel File infector 041999
W97MNail File infector 040899
W97MNewHopeATW File infector 040899
W97MNotticeFamily File infector 050399
W97MNSIA File infector 051099
W97MOpeyC File infector 041999
W97MOpeyVariant File infector 042699
W97MParasit File infector 042699
W97MSWLABSAB File infector 040899
W97MSwlabsV File infector 040899
W97MUCKC File infector 042699
W97MUscamA File infector 042699
W97MVMPCK1BJ File infector 050399
W97MVMPCK1HOB99 File infector 042699
W97MVMPCK1MANUELA File infector 042699
W97MVMPCK1PERFECT File infector 042699
W97MVPA File infector 041999
WinPadania File infector 051099
WMAutomatH File infector 051299
WMCRIstall File infector 042699
WMDecept Damaged File infector 050399
WMErrorsoftA File infector 042699
WMExternalUpdate File infector 040899
WMGiantA File infector 042699
WMK302A File infector 042699
WMMinimalSendKeys File infector 040899
WMMVGA File infector 042699
WMOverA File infector 042699
WMUCKA File infector 042699
WMUCKB File infector 042699
X97MLarouxIU File infector 042699
X97MVCXE File infector 051099
XMBulet File infector 040899
XMGTHOMSNZ File infector 040899
YELET2098 File infector 041999
Zamol4358 b Boot infector 041999
ZhengZhou3576A b Boot infector 042699
Zombie747 File infector 042699
Zombie7472 File infector 042699
ZYX3474 File infector 051099
ZYX3474 2 File infector 051099
ZYX3474 SYS File infector 051099
Name Changes
Old Virus Name New Virus Name Date changed
————– ————– ————
DarkCowboy2484 to DarkCowboy2484 COM 041999
DarkCowboy2484 2 to DarkCowboy2484 C 2 041999
Howard to NukeHoward967 040899
Marauder860B to NukeMarauder860 040899
P3IDthiefTrojan to P3IDthiefTrojanDemo 050399
Tentacle to W95Tentacle1958 050399
Vien622 to Vien622 1 040899
Vien623 2 to Vien622 2 040899
W95MarburgB to W95Marburg 040899
W97MMelissaIntended to W97MMelissaVariant 042699
Werewolf1367 to Werewolf1361B 051099
Werewolf1367 2 to Werewolf1361 2 051099
Werewolf1367 3 to Werewolf1361 3 051099
Deletions
Virus Name Infection Type Date removed
———- ————– ————
ARCVX-3B File infector 040899
Djifx2372 File infector 051299
Helloween1377 File infector 041999
HLLKasienka File infector 050399
HLLKasienka 2 File infector 050399
HLLO7808 File infector 040899
PVW Gen1 File infector 051299
ToysCompanion5000 File infector 042699
ToysCompanion50002 File infector 042699

EnablingDisabling PowerPoint Scanning

PowerPoint Scanning is now enabled by default and can be optionally
disabled However you may want to verify that files with
PowerPoint extensions will be scanned by making sure that your
NAV options have both PPT and POT in the list of extensions
to scan
To disable PowerPoint scanning in NAV for Windows 95NT
version 4x or NAV for OS2 a text file named NAVEX15INF should
be placed in the directory where NAV 4x or NAV 5x is installed
ie CProgram FilesNorton AntiVirus
To disable PowerPoint scanning in NAV for Netware version 4x a text
file named NAVEX15INF should be placed in the directory where NAV
4x is installed ie syssystemnavnlm
To disable PowerPoint scanning in NAV for Windows 95NT version 20
NAV 4x for Windows 31DOS NAVIEG 1x or NAVFW 1x a text file
named NAVEXINF should be placed in the directory where NAV is
installed ie CNAV
The contents of the text file NAVEX15INF or NAVEXINF determine
which components of NAV have PowerPoint scanning disabled
To disable PowerPoint scanning for a particular component use the
following table to determine the lines to add to the text file
PowerPoint scanning can be disabled for more than one component if
needed by adding the required lines for the desired components
——————————————————————-
Windows 95NT scannerWindows 95NT auto-protectDOS scanner
——————————————————————-
NAVW32 NAVAP NAVDX
PowerPointScanning0 PowerPointScanning0 PowerPointScanning0
——————————————————————-
————————————————————–
Windows 31 scann