Symantec logo
United States
Antivirus Research Center

Advanced Search

Information for You

Shop Symantec


Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec


© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 2, Issue 11 - November 17, 1997

The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

Highlights Table of Contents

Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:

  • DOS/Windows 3.1—NAV 3.0, revision 3.11
  • DOS/Windows 3.1—NAV 4.0, revision 4.00

  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.01
  • Windows 95—NAV 95 4.0, revision 4.00

  • Windows NT—NAV NT 2.0, revision 2.01
  • Windows NT—NAV NT 4.0 for Workstations, revision 4.00
  • Windows NT—NAV NT 4.0 for Servers, revision 4.00
  • Windows NT—NAV Internet E-mail Gateways 1.01, revision 1.00
  • Windows NT—NAV Firewalls 1.0, revision 1.00

  • Novell—NAV NetWare, revision 2.05

  • Lotus—Norton AntiVirus for Lotus Notes

  • Netscape—NAV Internet, revision 1.00

  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:
America Online: Keyword: SYMANTEC
Symantec World Wide Web site:
Symantec FTP:
BBS (28.8 baud): (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

Keeping Up With SARC

November Virus Update Now Available

The November 1997 virus definition set is available for downloading from the SARC website and other online services. However, if you're using our latest Norton AntiVirus 4.0 products for Windows 95 or Windows NT, you can click the attached file and launch LiveUpdate automatically!

Now a standard feature of this newsletter, the attached file is a LiveUpdate e-mail trigger. Although the file is only 38 bytes in size, it can call up your Norton AntiVirus product and activate LiveUpdate. This begins the process of downloading the latest virus definition sets.

Keeping your virus definitions current is one of the most important aspects of maintaining a virus-free working environment. Symantec makes it as easy as possible by providing the LiveUpdate e-mail feature in Norton AntiVirus 4.0 for Windows 95, Windows NT Workstation, and Windows NT Server.

Norton AntiVirus for Lotus Notes Ships!

Now you can extend the industry's best virus defense technology to your Lotus Notes workgroups. Norton AntiVirus for Lotus Notes keeps your Notes database free from current and future viruses without slowing performance. Through an interface that integrates smoothly with the Lotus Notes environment, the new product provides flexible, unobtrusive protection for Domino/Notes 4.5 or 4.6 servers.

For more detailed information, please visit Symantec's WebSite. Under the "What's New" section on the home page, click "Norton AntiVirus for Lotus Notes press release--November 3, 1997."

If you want to obtain a Beta copy of Norton AntiVirus for Lotus Notes, we invite you to visit:

Click "Find out more about our Beta Program" then click the Lotus Notes button.

To use the Beta software, you will need Lotus Notes Server 4.5 or higher running on a Windows NT 3.51 or higher system (Intel only).

Please contact your corporate or local reseller or visit the Symantec website at: for information and free product downloads for the current Norton AntiVirus products.

Some Common Questions and Answers

How do I update my other Symantec products that contain anti-virus protection?

Download the Intelligent Updater version 1.6 package from the NAV for DOS/Windows 3.x web page. For programs that contain LiveUpdate, you can obtain the latest virus definition sets automatically by e-mail.

What happened to the Rescue Builder Utility?

The Rescue Builder utility was a temporary way to create the final disk of the Rescue set. As more complete solutions have become available, we have removed the Rescue Builder utility.

For Norton AntiVirus 3.0, please download and install the 3.11 patch. This will allow you to create a full set of Rescue Disks (a total of 2 floppy disks).

For Norton AntiVirus 2.0 for Windows 95, download and install the 2.01 patch and use LiveUpdate to download the latest virus definitions. Then you will be able to create a complete set of Rescue Disks (3 or more floppy disks).

Symantec's Virus Solutions Featured at COMDEX

Stop by the Symantec Booth at COMDEX--Booth # S2644--November 17-23. See and hear about the latest Symantec technological advances in the control and elimination of viruses. Watch continuous demonstrations and theater presentations of Symantec's anti-virus solutions. Presentations will focus on both newly released products and updates of existing products, providing the information you need to effectively evaluate a multi-platform virus solution for yourself and your company.

Check out Booth #S2644 for a free gift and learn all about our new "Make the Break" promotion for corporate customers.

Free Virus Solutions Seminar Receives Rave Reviews!

Here's what some of our seminar attendees had to say about the Costa Mesa seminar last month:

  • Very interesting and valuable.
  • [Seminar] went very well. I am ready to uninstall McAfee.
  • Speakers were informative and to the point.
  • Very enjoyable and informative.
  • Very knowledgeable speakers.

If you are an MIS manager, system or network administrator, security manager, or anyone responsible for evaluating your company's virus solutions, you won't want to miss this valuable FREE seminar.

Symantec is proud to present Dr. Peter Tippett, President and CEO of the National Computer Security Association (NCSA) as our guest speaker. The mission of the NCSA is to improve global security, trust, and confidence in computing through certification of products, systems, and people.

For scheduling, location information, and online registration, go to:

But hurry! Reservations are almost full for Chicago, New York, and Dallas.

Thousands of MIS/IS Professionals Have Visited the New Corporate Virus Solutions Center

Check out the newest addition to the Symantec website:

This site provides a dedicated resource for corporate evaluators of anti-virus software and existing Norton AntiVirus corporate customers. You can obtain detailed product and licensing information, free trialware, competitive data, and other relevant content about our anti-virus product solutions.

In The Wild

In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). However, this month we are covering a new virus hoax which is causing some unnecessary concern.

For information on this and other virus hoaxes, see:

FatCat Virus Hoax
Aliases: sysinfo.exe
Infection length: Hoax
Area of infection: Hoax
Likelihood: Hoax
Region Reported: Hoax
Characteristics: Hoax
Target Platform: Hoax
Trigger Date: Hoax

FatCat is not a virus; it is a complete hoax. There is currently no virus that has the characteristics ascribed to FatCat. It is a sham, meant only to panic new or inexperienced computer users.

The hoax message includes the following warning:

     a recently posted file (sysinfo.exe) is an insidious and deadly
     VIRUS ! also known as the fatcat virus, due to its tendency to eat
     mice, this is the most indestructible virus known to (wo)man !!!
     under NO circumstances should you download this file ... what you
     have done so already ?!?

     that's too bad, now your mouse is dead !

     time to go and buy a new one ... better yet, buy 20 as this virus
     is self-replicating and will infect at least 12 and up to 18 mice
     no matter what you do. no anti-virus program has yet been able to
     eradicate all traces of this vile, extractor-type, virus and cases
     of the anti-virus program being infected and ultimately mutated by
     this virus have been recorded. what this means is that the virus
     will actually copy a small hidden file onto you anti-virus disk
     and this will then be activated everytime the anti-virus program
     is used. worse yet, by electromagnetic induction pulse, it will
     also infect any disk stored within 15 feet of the affected disk.
     do NOT simply try to dispose of the infected disk by throwing it
     away - you never know what other disks it will come to within 15'
     of and transfer its stealth program to.

     sofar the only absolutely sure way to get rid of all data on an
     infected disk has been shown to be a combination of intense heat
     and extreme pressure and only one company in the world has been
     able to create these conditions and they GUARANTEE complete
     destruction of the virus. this company is called "macrohard c.c."
     and any affected disks, hard-drives or even cd-roms can be sent to
     them at p.o box 1009 north riding 2162, RSA. once your disk has
     been successfully destroyed by the above measures, the resultant
     product will be returned to you, so do not forget to include your
     full POSTAL address! the returned product's size varies from
     0.01ct (for a 5 1/2 floppy) to 1.12ct (for a 6.4gig hard drive).

     remember this company GUARANTEES safe and complete destruction of
     affected products - the ONLY way to deal with the FATCAT virus.

Please ignore any messages regarding this supposed "virus" and do not pass the messages on. Spreading warnings about this hoax serves only to further propagate it.

For information about other viruses found in general distribution, see the SARC website at:

Most Frequently Reported Viruses

Following is a list of the top reported viruses, as published in the Joe Wells Wild List last October:

1. Form.A
2. WM.Concept.A
3. AntiEXE.A
4. One_Half.3544
5. Empire.Monkey.B
6. Junkie.1027
7. AntiCMOS.A
8. Parity_Boot.B
9. Natas.4744
10. NYB

11. Ripper
12. Sampo
13. WM.Npad.A
14. WM.Wazzu.A
15. Die_Hard
16. Boot-437
17. Michelangelo.A
18. Stoned.Angelina.A
19. Stoned.No_INT.A
20. WelcomB

Virus Watch

The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- Helloween.1376.A 
1st -- Maltese_Amoeba 
1st -- WM.MDMA 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
4th -- Delta.1163 
5th -- Xm.Delta 
10th -- WM.Helper 
13th -- Dr&Et.1710 
15th -- J&M 
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
21st -- Necros.1164 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

EVERY SUNDAY -- Jerusalem.Sunday.A 
ANY DAY -- Jerusalem.1500 
ANY DAY -- QRry 
1st -- WM.MDMA 
1st -- Wm.Stryx:De 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Xm.Delta 
8th -- Chance 
10th -- WM.Helper 
13th -- Dr&Et.1710 
13th -- WM.Atom.A
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
16th -- Little_Red.1465 
18th -- Form
20th -- Wm.Outlaw 
21st (year 2000) -- Istanbul.1349 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Cavaco
25th -- Sarampo.1371 
25th -- Wm.Twno.D 
28th -- Cpw.1527 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

Subscribe and Unsubscribe

To be added to the subscription mailing list, please fill out the form available on the SARC website at:

If you want to be removed from this mailing list, simply send an e-mail to with the following on a line by itself in the body of the message:


Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1997 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at: