Symantec logo
United States
Antivirus Research Center

Advanced Search

Information for You

Shop Symantec


Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec


© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 2, Issue 10 - October 14, 1997

The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

Highlights Table of Contents

Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:

  • DOS/Windows 3.1—NAV 3.0, revision 3.10
  • DOS/Windows 3.1—NAV 4.0, revision 4.00

  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.01
  • Windows 95—NAV 95 4.0, revision 4.00
  • Windows NT—NAV NT 2.0, revision 2.01
  • Windows NT—NAV NT 4.0 for Workstations, revision 4.00
  • Windows NT—NAV NT 4.0 for Servers, revision 4.00
  • Windows NT—NAV Internet E-mail Gateways 1.0, revision 1.00
  • Windows NT—NAV Firewalls 1.0, revision 1.00

  • Novell—NAV NetWare, revision 2.05
  • Netscape—NAV Internet, revision 1.00

  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:
America Online: Keyword: SYMANTEC
Symantec World Wide Web site:
Symantec FTP:
BBS (28.8 baud): (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

Keeping Up With SARC

October Virus Update Now Available

The October 1997 virus definition set is available for downloading from the SARC website and other online services. However, if you're using our latest Norton AntiVirus 4.0 products for Windows 95 or Windows NT, you can click the attached file and launch LiveUpdate automatically!

Now a standard feature of this newsletter, the attached file is a LiveUpdate e-mail trigger. Although the file is only 1 byte in size, it can call up your Norton AntiVirus product and activate LiveUpdate. This begins the process of downloading the latest virus definition sets.

Keeping your virus definitions current is one of the most important aspects of maintaining a virus-free working environment. Symantec makes it as easy as possible by providing the LiveUpdate e-mail feature in Norton AntiVirus 4.0 for Windows 95, Windows NT Workstation, and Windows NT Server.

Intelligent Updater News

If you prefer a more hands-on approach, you can use the Intelligent Updater. This program scans your local hard drives, determines the version and revision of your Norton AntiVirus product, and updates the virus definitions appropriately.

Two versions of Intelligent Updater are available. Version 1.6 is designed to update all 16-bit Norton AntiVirus products and all other Symantec products containing virus protection. This includes Norton Utilities, Norton NT Tools, and pcANYWHERE.

Version 4.0 is designed to update all 32-bit versions of the Norton AntiVirus products, including NAV 4.0 for Windows 95, NAV 4.0 for Windows NT Server, and NAV 4.0 for Windows NT Workstation.

In summary...

You can use version 1.6 of Intelligent Updater for:

  • Norton AntiVirus 3.0 and 4.0 for DOS/Windows 3.1
  • Norton AntiVirus 1.0 and 2.0 for Windows 95
  • Norton AntiVirus 2.0 for Windows NT
  • Norton AntiVirus 2.0 for NetWare

  • Norton Utilities 2.0 for Windows 95
  • Norton Utilities 2.0 for Windows NT
  • Norton NT Tools
  • pcANYWHERE 32, version 7.5 and 8.0

You can use version 4.0 of Intelligent Updater for:

  • Norton AntiVirus 4.0 for Windows 95
  • Norton AntiVirus 4.0 for Windows NT Workstation
  • Norton AntiVirus 4.0 for Windows NT Server

In The Wild

In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). You can access the complete Joe Wells Wild List on the SARC Web site at:

Aliases: none
Infection length: Three macros
Area of infection: Microsoft Word documents
Likelihood: Common
Region Reported: Germany, U.S.
Characteristics: Macro, Wild, Polymorphic
Target Platform: Macro
Trigger Date: 20th of any month


WM.Outlaw is one of the few known polymorphic macro viruses. It is believed to have originated in Germany. When you attempt to edit an infected document, the virus activates by copying itself to the global template, NORMAL.DOT.

On the 20th of the month, WM.Outlaw drops a file called LAUGH.WAV on the hard drive of 32-bit Windows systems running Word 7.0 or later. The virus plays the sound file, maximizes the current document window, and inserts the following text in a large font:

You are infected with
A virus from Nightmare Joker

WM.Outlaw achieves polymorphism by changing its macro names. The infection consists of three macros, each macro name having five characters: the first one is a letter, and the last four are digits.

For information on other viruses found in general distribution, see the SARC website at:

Virus Encyclopedia

Free Virus Solutions Seminar

Over 1000 computer viruses are created each year. Did you know that 50% of them come from the Internet?

Learn about this contagious threat and much more at Symantec's FREE Computer Virus Solutions seminar. For scheduling, location information, and online registration, go to:

Dr. Peter Tippett, President and CEO of the National Computer Security Association (NCSA), will be the guest speaker. The NCSA certifies products, systems, and people to achieve its mission of improving global security, trust, and confidence in computing.

If you are an MIS manager, systems or network administrator, security manager, or anyone responsible for evaluating your company's virus solutions, you won't want to miss this valuable FREE seminar.

Seating is limited; sign up now.

Corporate Virus Solution Center

Visit the newest addition to the Symantec website at

This site provides a dedicated resource for corporate evaluators of antivirus software. Existing Norton AntiVirus corporate customers can obtain detailed product data, free trialware, competitive information, and other relevant content about our anti-virus product solutions.

New Symantec Virus Solutions At COMDEX

Stop by the Symantec Booth at COMDEX--BOOTH # S2644--November 17-23. See the latest Symantec technological advances in the control and elimination of viruses. Watch continuous demonstrations of newly released products and updates of existing products that protect your company against viruses at each point of entry. You'll get the information you need to effectively evaluate a multi-platform virus solution for your company.

Most Frequently Reported Viruses

Following is a list of the top reported viruses, as published in the Joe Wells Wild List last September:

1. Form.A
2. WM.Concept.A
3. One_Half.3544
4. AntiEXE.A
5. Empire.Monkey.B
6. Junkie.1027
7. AntiCMOS.A
8. Parity_Boot.B
9. Natas.4744
10. NYB

11. Ripper
12. Sampo
13. WM.Npad.A
14. WM.Wazzu.A
15. Die_Hard
16. Boot-437
17. Michelangelo.A
18. Stoned.Angelina.A
19. Stoned.No_INT.A
20. WelcomB

Virus Watch

The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- WM.MDMA 
1st -- WM.Satanic 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Xm.Delta 
10th -- WM.Helper 
13th -- Dr&Et.1710 
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Cavaco
25th -- Sarampo.1371 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- Helloween.1376.A 
1st -- Maltese_Amoeba 
1st -- WM.MDMA 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
4th -- Delta.1163 
5th -- Xm.Delta 
10th -- WM.Helper 
13th -- Dr&Et.1710 
15th -- J&M 
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
21st -- Necros.1164 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

Subscribe and Unsubscribe

To be added to the subscription mailing list, please fill out the form available on the SARC website at:

If you want to be removed from this mailing list, simply send an e-mail to with the following on a line by itself in the body of the message:


Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1997 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at: