Symantec logo
United States
Antivirus Research Center

Advanced Search

Information for You

Shop Symantec


Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec


© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 1, Issue 4 - December 1, 1996
The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global responses to computer virus threats, proactively researching and developing technologies that eliminate such threats and educating the public on safe computing practices.

Highlights Table of Contents

Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:
  • DOS/Windows 3.1—NAV 3.0, revision 3.10
  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.00
  • Windows NT—NAV NT 2.0, revision 2.00
  • Novell—NAV 2.0 NetWare, revision 2.02
  • Netscape—NAV Internet, revision 1.00
  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.50
You can get the latest updates through any of these online services:

CompuServe, go SYMANTEC
Microsoft Network (Windows 95 products only), go to SYMANTEC
America Online, keyword SYMANTEC
Symantec World Wide Web site,
Symantec FTP or BBS (28.8 baud), (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

NAV News

Protect Your Site Program Unveiled

How can you keep your Internet website or corporate intranet virus free? Use Protect Your Site, the new virtual certification program from Symantec. Introduced by the AntiVirus Business Unit on October 22, 1996, Protect Your Site runs on Windows NT, Windows 95, and Macintosh websites.

To authenticate your site, you install a small program on your web server that automatically detects the presence and status of Symantec’s family of AntiVirus products. These include Norton AntiVirus 2.0 for Windows NT, Norton AntiVirus 2.0 for Windows 95, or Symantec AntiVirus 4.5 for Macintosh. A Protect Your Site icon and a certificate showing the date and time of approval appear on your website as a GIF image.

The Protect Your Site icon automatically indicates any change in the status of your AntiVirus program. Your icon can change for three reasons:

  1. Your Auto-Protect/Intercept feature is disabled.
  2. You need updated virus definitions.
  3. The Symantec AntiVirus software is no longer installed on your web server.

Your virus definitions must be less than 45 days old to receive Protect Your Site certification.

For complete information and details, see the Symantec website at:

NAV Awarded SECURE Computing Checkmark™

In November 1996, Norton AntiVirus 2.0 for Windows NT and Norton AntiVirus 2.0 for Windows 95 were granted the ground-breaking SECURE Computing Checkmark™ approval.

In order to receive a Checkmark from the SECURE Computing Labs, anti-virus software must pass a series of tests which verify that the products can detect those viruses which are actually causing infections "in the wild," or in the real world. This certification process gives a clear and independent indication to end users that Checkmarked anti-virus products can be relied on. The testing procedure is repeated at least every three months to ensure that certified products stay current with the latest virus threats.

According to Alex Haddox, Product Manager of the Symantec AntiVirus Research Center (SARC) in Santa Monica, CA, "We are very proud to be awarded the Checkmark from SECURE Computing, as it reassures customers that we are making a serious commitment to the quality and currency of our products. When a customer looks at our product boxes and finds the Checkmark logo, they know they can rely on our software. Other anti-virus products were submitted, but not all passed the stringent tests."

"Symantec has worked hard to join an elite group of anti-virus product developers," said Paul Robinson, Editorial Director of SECURE Computing Magazine. "This single independent check on their anti-virus protection is worth a hundred claims by other manufacturers who don’t have a Checkmark. Users can be reassured that the viruses which are out there causing infections can be detected by Norton AntiVirus."

Virus Hoaxes In The Wild

Normally in this section of this newsletter, we profile a few viruses that are "in the wild," or in free distribution among the general public. However, in this issue we are responding to the increasing number of requests for information about viruses that do not exist. These are what we call virus hoaxes.

The three hoaxes described below are not virus threats at all. Please ignore any messages about these supposed "viruses" and do not share them with anyone else. Passing on messages about these hoaxes serves only to further propagate them.

Good Times

Aliases: Email   Description:
Good Times is not a virus; it is a complete hoax. No existing virus has the characteristics ascribed to it.

The e-mail Good Times "warning" was written by a couple of pranksters on America Online (AOL) sometime in 1994. Since then, it has traveled the Internet electronic mail system, spreading fear wherever it crops up.

The message about Good Times is just convincing enough that people share the news with all of their friends. Needless to say, it has propagated itself well over the years.

Several times a year, our AV Research Center receives calls or e-mail regarding the Good Times "virus." Reports appear most often around the major holidays when e-mail and letter mail usage is highest.

Infection length: Hoax
Area of infection: Hoax
Likelihood: Hoax
Region reported: Worldwide
Characteristics: Hoax
Target platform: Hoax
Trigger date: Hoax


Aliases: none   Description:
The Irina "virus" does not exist.

In September 1996, Penguin Books published a press release announcing the publication of an interactive novel called Irina. Various part of this press release led some readers to believe that a new virus was spreading over the Internet and World Wide Web.

Penguin Books published a second press release soon after, but the word had already spread beyond recall.

Infection length: Hoax
Area of infection: Hoax
Likelihood: Hoax
Region reported: Worldwide
Characteristics: Hoax
Target platform: Hoax
Trigger date: Hoax


Aliases: Email, Good Times.Deeyenda   Description:
Deeyenda is also a hoax. There is currently no virus that fits Deeyenda’s description.

News about this supposed virus has spread through Internet electronic mail, apparently from a student at Carnegie Mellon University. The message comes from the original Good Times virus e-mail hoax. It could be described as the first virus hoax strain, and includes the following "warning:"

There is a computer virus that is being sent across the Internet. If you receive an e-mail message with the subject line "Deeyenda," DO NOT read the message. DELETE it immediately.
The message even goes so far as to claim the warning is from the FCC (as does the Good Times hoax). It also claims that this "[virus] rewrites your hard drive, obliterating anything on it."
Infection length: Hoax
Area of infection: Hoax
Likelihood: Hoax
Region reported: Worldwide
Characteristics: Hoax
Target platform: Hoax
Trigger date: Hoax

Program Updates

FREE Patches Online

As we continue to discover new viruses with alarming regularity, our virus definitions files have correspondingly grown in size to counter the latest threats. However, older versions of Norton AntiVirus products cannot handle these larger databases.

If your Norton AntiVirus product is dated before June 1, 1996, you should update it using free online patches or upgrade to the latest product revision (Windows 95 users). Using older versions of Norton AntiVirus with the latest virus definitions sets can cause false detections.

To keep your products current, apply the online patches and make sure you can continue to use the latest (and largest) virus definitions files.

Product Last Virus Definition Set Accepted
NAV 3.09 January 1, 1997
NAV 3.10 December 1997
NAV 1.0 95.0a November 5, 1996
NAV 1.0 95.0b December 1997

Again, we encourage you either to update your product with the latest free online patch or upgrade to the latest product revision (Windows 95 users).

You can get free updates through any of the online services listed above or from the following World Wide Web address:
If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

Macro Virus Name Changes

The following is a list of name changes to the macro virus list implemented in the December 1996 virus definitions sets. The name changes conform to the CARO naming standard and are implemented on all NAV and SAM platforms.
WM.AntiDMV          Renamed to WM.MDMA.A
WM.Atom             Renamed to WM.Atom.B
WM.Atom.b           Renamed to WM.Atom.A
WM.Bandung.a        Renamed to WM.Bandung.A
WM.Bandung.b        Renamed to WM.Bandung.B
WM.Bandung.c (1)    Renamed to WM.Showofxx (1)
WM.Bandung.c (2)    Renamed to WM.Showofxx (2)
WM.Birthday         Renamed to WM.PCW:De
WM.Bogus (1)        Renamed to WM.Hassle (1)
WM.Bogus (2)        Renamed to WM.Hassle (2)
WM.Boom             Renamed to WM.Boom:De
WM.Bosco            Renamed to WM.Wazzu.F
WM.BuroNeu (1)      Renamed to WM.Buero:De (1)
WM.BuroNeu (2)      Renamed to WM.Buero:De (2)
WM.Colors           Renamed to WM.Colors.A
WM.Colors_B         Renamed to WM.Colors.B
WM.Concept (1)      Renamed to WM.Concept.A (1)
WM.Concept (2)      Renamed to WM.Concept.A (2)
WM.Concept.b        Renamed to WM.PheeeW:NL
WM.Concept.c        Renamed to WM.Concept.C
WM.Concept.d        Renamed to WM.Concept.D
WM.Concept.E (1)    Renamed to WM.Concept.F (1)
WM.Concept.E (2)    Renamed to WM.Concept.F (2)
WM.Concept.E (3)    Renamed to WM.Concept.J (1)
WM.Concept.E (4)    Renamed to WM.Concept.J (2)
WM.Concept.e        Renamed to WM.Concept.E
WM.Concept.hcr      Renamed to WM.Concept.N
WM.Divina           Renamed to WM.Divina.A
WM.DMV              Renamed to WM.DMV.A
WM.EasyMan          Renamed to WM.Easy
WM.Fishfood         Renamed to WM.Goldfish
WM.Friendly         Renamed to WM.Friendly:De
WM.Imposter (1)     Renamed to WM.Imposter.A (1)
WM.Imposter (2)     Renamed to WM.Imposter.A (2)
WM.Infezione        Renamed to WM.Date
WM.Jakarta          Renamed to WM.Npad.A
WM.MDMA             Renamed to WM.MDMA.A
WM.Microsloth       Renamed to WM.Wazzu.H
WM.NOP (1)          Renamed to WM.NOP.A:De (1)
WM.NOP (2)          Renamed to WM.NOP.A:De (2)
WM.NOP.B (1)        Renamed to WM.NOP.B:De (1)
WM.NOP.B (2)        Renamed to WM.NOP.B:De (2)
WM.Nuclear          Renamed to WM.Nuclear.A
WM.Nuclear.b        Renamed to WM.Nuclear.B
WM.Phantom Macro    Renamed to WM.Guess
WM.Saver            Renamed to WM.Saver:De
WM.Spooky           Renamed to WM.Spooky:De
WM.Taiwan1          Renamed to WM.Twno.A:Tw
WM.Telefonica       Renamed to WM.LBYNJ:De
WM.Wazzu (3)        Renamed to WM.Wazzu.L
WM.Wazzu            Renamed to WM.Wazzu.A
WM.Wazzu.C          Renamed to WM.Wazzu.E
WM.Xenixos          Renamed to WM.Xenixos:De


Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1996 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at: