© 1995-2000 Symantec Corporation
All rights reserved.
Volume 2, Issue 5 - May 1, 1997
The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.
Current AntiVirus Products
The Symantec AntiVirus solution includes the following line-up of currently available products:
You can get the latest updates to many of these products through any of the following online services:
If you dont have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).
May Virus Update Available Now!
The May 1997 virus definition set fully supports Word and Excel for Microsoft Office 97 with detection and repair. How can you keep your software safe from the latest macro, file, and boot sector viruses? Just run 05NAV97a.EXE or click your LiveUpdate button to obtain this support.
Viruses, Trojan Horses, and Hoaxes
Well begin by clarifying several definitions. It is critical to understand the differences between a virus, a trojan horse, and a virus hoax.
A computer virus is a program written and designed to adversely affect your computer by altering the way it works without your knowledge or consent. The defining component of a computer virus is self-replication. In order for a program to be categorized as a virus, it must be able to move and spread from host system to host system on its own; no user action must be required once it has been introduced.
Computer viruses are classified under three broad categories, according to their infection target: file viruses (.COM, .EXE and macro files), boot sector viruses (restricted physical media of floppy disks or hard drives) and multipartite viruses (combination of files and boot sectors).
These programs have malicious behavior as their goal. Like their classical namesake, trojan horses typically masquerade as something desirable; the ability to obtain AOL access for free is one example.
Trojan horses are unable to replicate, and therefore must be manually downloaded (installed) onto your system. When a trigger (activation) event occurs, the trojan horse can display a message, destroy specific files, or erase all information on the system. In most cases, simply running a trojan horse program immediately triggers the event. Because these programs cannot replicate, they are not classified as viruses.
Computer Virus Hoaxes
A message or alert about a virus that does not exist is known as a computer virus hoax. The goal of the hoax message is to cause panic. Consider it a prank in poor taste, or the computer equivalent of the Boy Who Cried Wolf. In recent times, such false warning messages have proliferated, generally preying on the fears of inexperienced users.
Telltale signs of a virus hoax include the following descriptions:
There are two issues involving AOL4Free: the first is a virus hoax, and the second is the AOL4Free trojan horse program.
The AOL4Free virus alert message is a hoax. The activities described in the alert cannot exist.
To confuse matters, a trojan horse program by the same name has been discovered in limited distribution. As explained above, a trojan horse is not a virus, but a malicious program. We are not positive at this point which came first, the hoax alert or the trojan horse, but one could easily lead to the creation of the other.
SARC has developed a way to detect the AOL4Free program. Once it is detected, you can simply delete it. The detection will be made publicly available with the May 1997 virus definition release.
AOL4Free Virus Hoax
Even though there is currently no virus that has the characteristics ascribed to AOL4Free, the e-mail "warning" has been widely distributed on America Online (AOL) since March 1997.
The hoax message includes the following warning:
Please ignore any messages regarding this supposed "virus" and do not pass the messages on. Spreading warnings about this hoax serves only to further propagate it.
AOL4Free Trojan Horse
The AOL4Free trojan horse program was first reported as being distributed through America Online e-mail in early March 1997. Attached to the e-mail message is an archive file named AOL4FREE.COM, which is actually converted from a batch file using the DOS utility BAT2EXEC version 1.5. This utility is commonly used for converting large batch files to enhance speed.
The trojan horse first searches for the DOS program DELTREE.EXE in various directories, and then uses DELTREE.EXE to delete all files from your C drive. After deleting your files, it produces the DOS error message "Bad Command or file name" and continuously displays an obscene message. AOL4FREE cant delete your files if it is unable to find DELTREE.EXE, but the obscene message will always display.
This works on both DOS and Windows 95 environments as long as DELTREE.EXE is present and accessible.
SARC Technology Update
Macro Virus Protection Additions
Protection for the following macro viruses has been added to the May virus definition update:
WM.Colors.B Remnant Renamed to WM.Colors Remnant