The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

The Symantec AntiVirus solution includes the following line-up of currently available products:

• DOS/Windows 3.1—NAV 3.0, revision 3.10
• Windows 95—NAV 95 1.0, revision 95.0b
• Windows 95—NAV 95 2.0, revision 2.01
• Windows NT—NAV NT 2.0, revision 2.01
• Novell—NAV NetWare, revision 2.04
• Netscape—NAV Internet, revision 1.00
• Macintosh/Power Macintosh—SAM, revision 4.0.8
• Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

The May 1997 virus definition set fully supports Word and Excel for Microsoft Office 97 with detection and repair. How can you keep your software safe from the latest macro, file, and boot sector viruses? Just run 05NAV97a.EXE or click your LiveUpdate button to obtain this support.

Computer Viruses

A computer virus is a program written and designed to adversely affect your computer by altering the way it works without your knowledge or consent. The defining component of a computer virus is self-replication. In order for a program to be categorized as a virus, it must be able to move and spread from host system to host system on its own; no user action must be required once it has been introduced.

Computer viruses are classified under three broad categories, according to their infection target: file viruses (.COM, .EXE and macro files), boot sector viruses (restricted physical media of floppy disks or hard drives) and multipartite viruses (combination of files and boot sectors).

Trojan Horses

These programs have malicious behavior as their goal. Like their classical namesake, trojan horses typically masquerade as something desirable; the ability to obtain AOL access for free is one example.

Trojan horses are unable to replicate, and therefore must be manually downloaded (installed) onto your system. When a trigger (activation) event occurs, the trojan horse can display a message, destroy specific files, or erase all information on the system. In most cases, simply running a trojan horse program immediately triggers the event. Because these programs cannot replicate, they are not classified as viruses.

Computer Virus Hoaxes

A message or alert about a virus that does not exist is known as a computer virus hoax. The goal of the hoax message is to cause panic. Consider it a prank in poor taste, or the computer equivalent of the Boy Who Cried Wolf. In recent times, such false warning messages have proliferated, generally preying on the fears of inexperienced users.

Telltale signs of a virus hoax include the following descriptions:

• Self-replication through Internet e-mail
• Physical destruction of hardware
• Use of odd and undocumented features in the computer or modem to spread and do damage
• Requesting you to "send this alert to as many people as possible"

Other references:

• http://www.symantec.com/avcenter/vinfodb.html
• http://www.symantec.com/avcenter/refa.html
• http://www.symantec.com/avcenter/reference/corpst.html (no longer available)
• http://www.symantec.com/avcenter/hoax.html
• http://ciac.llnl.gov/ciac/CIACHoaxes.html
• http://ciac.llnl.gov/ciac/CIACVirusDatabase.html

There are two issues involving AOL4Free: the first is a virus hoax, and the second is the AOL4Free trojan horse program.

The AOL4Free virus alert message is a hoax. The activities described in the alert cannot exist.

To confuse matters, a trojan horse program by the same name has been discovered in limited distribution. As explained above, a trojan horse is not a virus, but a malicious program. We are not positive at this point which came first, the hoax alert or the trojan horse, but one could easily lead to the creation of the other.

SARC has developed a way to detect the AOL4Free program. Once it is detected, you can simply delete it. The detection will be made publicly available with the May 1997 virus definition release.

AOL4Free Virus Hoax

Description
The virus hoax is different from the AOL4Free trojan horse. No virus exists as described below; however, the trojan horse program with the same name is a real threat.

Even though there is currently no virus that has the characteristics ascribed to AOL4Free, the e-mail "warning" has been widely distributed on America Online (AOL) since March 1997.

The hoax message includes the following warning:

Anyone who receives this must send it to as many people as you can. It is essential that this problem be reconciled as soon as possible. A few hours ago, I opened an E-mail that had the subject heading of "aol4free.com."

Within seconds of opening it, a window appeared and began to display my files that were being deleted. I immediately shut down my computer, but it was too late. This virus wiped me out. It ate the Anti-Virus Software that comes with the Windows 95 program along with F-Prot AVS. Neither was able to detect it. Please be careful and send this to as many people as possible, so maybe this new virus can be eliminated.

Please ignore any messages regarding this supposed "virus" and do not pass the messages on. Spreading warnings about this hoax serves only to further propagate it.

AOL4Free Trojan Horse

Description
This trojan horse program should not be confused with the AOL4Free virus hoax message, which was distributed under the same name in the same timeframe (March 1997).

The AOL4Free trojan horse program was first reported as being distributed through America Online e-mail in early March 1997. Attached to the e-mail message is an archive file named AOL4FREE.COM, which is actually converted from a batch file using the DOS utility BAT2EXEC version 1.5. This utility is commonly used for converting large batch files to enhance speed.

The trojan horse first searches for the DOS program DELTREE.EXE in various directories, and then uses DELTREE.EXE to delete all files from your C drive. After deleting your files, it produces the DOS error message "Bad Command or file name" and continuously displays an obscene message. AOL4FREE can’t delete your files if it is unable to find DELTREE.EXE, but the obscene message will always display.

This works on both DOS and Windows 95 environments as long as DELTREE.EXE is present and accessible.

Macro Virus Protection Additions

Protection for the following macro viruses has been added to the May virus definition update:

WM.Colors.B Remnant Renamed to WM.Colors Remnant
WM.Irish.E Renamed to WM.Irish.F