© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global responses to computer virus threats, proactively researching and developing technologies that eliminate such threats and educating the public on safe computing practices.
| Highlights | Table of Contents |
|---|---|
Current AntiVirus Products
The Symantec AntiVirus solution includes the following
line-up of currently available products:
- DOS/Windows 3.1—NAV 3.0, revision 3.10
- Windows 95—NAV 95 1.0, revision 95.0b
- Windows 95—NAV 95 2.0, revision 2.00
- Windows NT—NAV NT 2.0, revision 2.00
- Novell—NAV NetWare, revision 2.02
- Netscape—NAV Internet, revision 1.00
- Macintosh/Power Macintosh—SAM, revision 4.0.8
- Macintosh/Power Macintosh—SAM, revision 4.50
CompuServe, go SYMANTEC
Microsoft Network (Windows 95 products only), go to
SYMANTEC
America Online, keyword SYMANTEC
Symantec World Wide Web site, http://www.symantec.com
Symantec FTP or BBS (28.8 baud), (541) 484-6669 and (541)
984-5366
If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).
NAV News
Norton AntiVirus for Windows NT, version 2.0
NAV 2.0 for Windows NT is the first antivirus product from Symantec to protect both servers and workstations operating under Windows NT 4.0 and Windows NT 3.51. NAV 2.0 guards your system against computer viruses transmitted by every means possible:- over the Internet or through Intranets
- attached to electronic mail
- hidden in compressed files
- on floppy disks, hard drives, or CD-ROMs
- on network drives and drives shared between peer machines
NAV NT 2.0 works with Norton AntiVirus for NetWare to provide manageable, effective protection on the most common network server platforms. The software manages the setup, control, and sending of alerts by using the NT Messenger Service or by notifying Norton AntiVirus for NetWare. The Alert service logs all events to the Windows NT event log—and to the NAV Activity Log. Similarly, the software communicates virus events to Norton AntiVirus for NetWare, which logs the events on the NetWare server and notifies system administrators via NetWare messaging, e-mail, or paging. Key Features
- Offers the first full protection for servers and workstations under both Windows NT 3.51 and Windows NT 4.0.
- Provides one-button access to the latest software and virus definition updates with LiveUpdate.
- Includes Striker, Symantec’s patent-pending, next-generation polymorphic virus detection engine.
- Provides industry-leading Macro virus detection and repair.
- Runs Auto-Protect in the background, scanning local and remote files as they are downloaded, opened, created, modified, or run.
- Backed by unparalleled support from the Symantec AntiVirus Research Center (SARC).
Healthy PC
Symantec Corporation’s new program, Healthy PC, runs a complete computer maintenance routine at the click of a mouse. In less than five minutes, Healthy PC reports on antivirus activity and hard drive fragmentation, including lost clusters and disk file arrangement. The new program also handles file management after your computer crashes.You now have a "click-and-forget" tool you can use to protect your software and valuable data like financial records. With one mouse click, Healthy PC detects and fixes small problems before they become big ones.
The program not only detects and removes viruses, but also makes your PC run faster and more efficiently. Healthy PC tunes up your hard drive by arranging files for faster access.
It also includes comprehensive online help that gives you answers to frequently-asked questions. There’s no thick manual to read and no new jargon to learn. In fact, the "push-button" metaphor requires no learning curve at all.
"Bringing our heritage in the development of utility products to the consumer market, we created Healthy PC specifically for the new Windows 95 computer user," said Mary Engstrom, general manager of Symantec’s AntiVirus Business Unit. "We believe that Healthy PC offers the essential utilities to ensure a safe and productive computing experience for novice users."
How Healthy PC Works
With the growing number of first-time PC buyers using Windows 95, many computer owners can benefit from Healthy PC. The program’s unconventional oval-shaped interface provides a totally new and non-intimidating experience. If you’re uncomfortable with the more traditional software designs, such as pull-down menus and check boxes, you’ll love Healthy PC.
On this intuitive user interface, scanning for viruses and optimizing the hard disk are literally as simple as clicking the Start button. The program shows you the areas that it’s checking and gives a quick summary report on the "health" of your PC.
Healthy PC combines the benefits of two of Symantec’s best-selling programs—Norton AntiVirus and Speed Disk—in one utility program. If Healthy PC uncovers problems it can’t repair, the program points you to other resources. Healthy PC also features LiveUpdate: one button access to the latest virus definitions. In an environment where three to six new viruses are being written each day, this updated protection is vital to the health of your PC data. LiveUpdate connects you to Symantec via modem or Internet and provides you with new virus protection updates and automatic software enhancements.
In The Wild
In each issue of the SARC AntiVirus News Update, we
profile a few viruses known to be in free distribution
among the general public ("in the wild"). You can access
the complete Joe Wells Wild List on the SARC Web site at:
http://www.symantec.com/avcenter/wild/wl.html
3b Trojan
Aliases: PKZip Trojan, PKZ300B.ZIPInfection Length: Trojan Horse
Area of Infection: Trojan Horse
Likelihood: Uncommon
Region Reported: FTP sites, Internet service providers
Characteristics: Trojan Horse
Target Platform: DOS
Trigger date: Immediate
Technical Notes:
The 3b Trojan program is a trojan horse that claims to be the latest version of PKZIP, Version 3.0g, from PKWARE Inc. The Symantec AntiVirus Research Center first received 3b Trojan in late July 1995. We integrated the definition or "fingerprint" into the August 1995 virus definition set and included it in every update since that initial release.
The 3b Trojan program is not a virus. Trojan horses do not replicate and spread themselves. Instead, they masquerade as legitimate programs, in this case, as a new release of PKZIP. You manually download these files and consciously run them. This causes the triggered event to take place. The vast majority of trojan horse programs are written with a destructive intent.
The 3b Trojan program has been distributed under the following names:
- PKZ300B.EXE
- PKZ300B.ZIP
- PKZIP300.EXE
- PKZIP300.ZIP
As of October 1996, only the following releases of the PKZIP program are valid:
- 1.10
- 1.93
- 2.04c
- 2.04e
- 2.04g
In response to 3b Trojan, PKWARE Inc. has issued the following statement:
It has come to the attention of PKWARE that a fake version of PKZIP is being distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an official version from PKWARE and it will attempt to delete all the directories of your hard drive if you run it. If you have any information as to the creators of this trojan horse, PKWARE would be extremely interested to hear from you. If you have any other questions about this fake version, please email support@pkware.com.You can download PKZIP 2.04g from the Symantec FTP server ( ftp://ftp.symantec.com).
Stoned.Empire.Monkey
Aliases: Monkey, Monkey 2Infection Length: 512 bytes
Area of Infection: Floppy boot sectors and master boot records
Likelihood: Common
Region Reported: North America, South America, Europe, India, Japan, Australia/New Zealand, Taiwan, South Africa
Characteristics: Wild, Memory Resident, Encrypting
Target Platform: DOS
Trigger date: none
Technical Notes:
While currently known Stoned.Empire.Monkey virus strains cause no intentional permanent damage, the infection is a major inconvenience. If you boot from a floppy on an infected computer, the system will not find your hard drive. Carried only on diskettes, this virus can spread easily to systems without protection.
Stoned.Empire.Monkey is a memory-resident infector of the master boot record on hard disks and the boot sector on floppies. When the virus is in memory, it re-routes any boot record access to a copy of the original boot sector.
The virus encrypts the partition table (an essential part of the system area), moves the original to a different location on the hard drive, and then takes the place of the real partition table. In order for the system to read the real partition (and see the drive), the virus must be active in memory. If you boot from a clean floppy disk, thus avoiding the virus, your system cannot access the hard drive by normal means.
Stoned.Empire.Monkey occupies one K at the top of memory (640K mark). Any memory indicator will show one less K than the computer actually has. To verify that you have the virus, you can run either DOS CHKDSK or MEM. These commands will report about 638K to 639K if your system is infected.
Although the Stoned.Empire.Monkey virus is not designed to damage data (in its current incarnations), it will blindly write to any available disk, regardless of format. This will undoubtedly cause loss of data and formatting on non-DOS disks.
Although Stoned.Empire.Monkey is common worldwide, it is especially prevalent in Canada, North America, and South America.
SARC Technology Update
Keeping your virus definitions current is one of the most
critical aspects of virus protection. New viruses are being
discovered every day. Symantec has revolutionized the
industry by offering two simple means of keeping your virus
protection current: Live Update and Intelligent Updater. Live Update
From within the Norton AntiVirus program interface, you click a button to launch Live Update. The software detects the availability of an Internet connection or modem, and automatically contacts a Symantec server. Once LiveUpdate is connected, the system downloads and installs the latest virus definitions.You can also use LiveUpdate to install software patches or obtain product information. Added to all versions of Norton Antivirus, LiveUpdate is a patent-pending technology that will appear in many other Symantec products over the coming months. It provides a unique way for you to ensure that your software solutions are always up to date.
Intelligent Updater
If you’re running a version of Norton AntiVirus without Live Update, you get your virus definition sets on diskette, or you just prefer the manual touch, you can use the Intelligent Updater. "IU" locates all versions of Norton AntiVirus on your computer and installs new virus definition files automatically. All you have to do is run the program and then scan your disk with Norton AntiVirus. It’s so intelligent that it will even detect other Symantec programs offering antivirus protection and will update them as well. Now that’s convenient!
| Editor: Alex Haddox, Product Manager, Symantec
AntiVirus Research Center
Address all correspondence to:
SARC AntiVirus News Update is published monthly by Symantec Corporation. No Reprint without Permission in writing, in advance. Information in this newsletter is compiled from a number of sources, including the Symantec BBS and the Symantec Home Page on the Internet, as well as the major online services - all of which are available and updated daily. |