Symantec logo
United States
Antivirus Research Center

Advanced Search

Information for You

Shop Symantec


Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec


© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 2, Issue 9 - September 2, 1997

The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

Highlights Table of Contents

Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:

  • DOS/Windows 3.1—NAV 3.0, revision 3.10
  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.01
  • Windows NT—NAV NT 2.0, revision 2.01
  • Novell—NAV NetWare, revision 2.04
  • Netscape—NAV Internet, revision 1.00
  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:
America Online: Keyword: SYMANTEC
Symantec World Wide Web site:
Symantec FTP:
BBS (28.8 baud): (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

Keeping Up With SARC

September Virus Update Now Available

How can you keep your software safe from the latest macro, file, and boot sector viruses? Just download 09NAV97.EXE from the SARC website or click your LiveUpdate button to obtain this support.

Intelligent Updater News

For your convenience, Intelligent Updater is now available in two forms. One is a single all-inclusive file, and the other is split into packages sized to fit on floppy disks. Either way, you get the same detection, repair, and support.

Rescue Disks

You may have experienced problems building rescue disks after updating with the July 1997 virus definition set. The virus definition files were too large to fit on a single floppy disk. Well, SARC has some great news! The September 1997 LiveUpdate package contains a solution to the problem that works for both Norton AntiVirus 2.0 for Windows 95 and Norton Utilities 2.0 for Windows 95.

The solution is to build a subset of the virus definitions and copy those smaller files to the floppy disk. Only wild viruses--those that pose a direct threat to the world at large--are copied. The remaining viruses (the majority) are classified as "Zoo" samples. SARC has seen them, but to our knowledge, no one has been infected by them, anywhere in the world. Obviously, protection from the wild viruses is much more important.

To summarize, the September 1997 virus definition set is still a complete compilation of virus detection and repair files. However, from now, on the rescue disk will include only the most threatening viruses.

SARC is working on a similar solution for use with Intelligent Updater, supporting Norton AntiVirus 3.0 for DOS/Windows 3.1 and Windows 95. Expect it online in the near future!

In The Wild

In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). You can access the complete Joe Wells Wild List on the SARC Web site at:

Aliases: WM.Jakarta.A
Infection length: One macro
Area of infection: Microsoft Word Documents
Likelihood: Common
Region Reported: Indonesia
Characteristics: Macro
Target Platform: Macro
Trigger Date: None


The WM.Npad.A virus resides in the AutoOpen macro. Every 23 infections, the virus displays the following message in the status bar at the bottom of the application window:

D0EUNPAD94, v.2.21, c Maret 1996, Bandung, Indonesia

WM.Npad.A animates the string, sliding it to the left and right, before it disappears from the left side of the status bar.

Aliases: Bloomington, No Int, Stoned, Stoned III, LastDirSect, NewZealand
Infection length: 512 Bytes
Area of infection: Floppy boot sectors, master boot records
Likelihood: Common
Region Reported: Canada
Characteristics: Wild, memory resident, stealthing
Target Platform: DOS
Trigger Date: None


Stoned.No_Int is a virus that overwrites the root directory on floppy disks, destroying any data located there.

Booting from an infected floppy disk displays the following error message:

Disk boot failure

On hard drives, Stoned.No_Int copies the original master boot record to cylinder 0, side 0, sector 7.

For information on other viruses found in general distribution, see the SARC Web site at:

Most Frequently Reported Viruses

Following is a list of the top reported viruses, as published in Joe Wells’ Wild List last March: Following is a list of the top reported viruses, as published in Joe Wells' Wild List last May:

1. Form.A
2. WM.Concept.A
3. One_Half.3544
4. AntiEXE.A
5. Empire.Monkey.B
6. Junkie.1027
7. Parity_Boot.B
8. AntiCMOS.A
9. Natas.4744
10. Ripper

11. NYB
12. Sampo
13. Boot-437
14. Die_Hard
15. WM.Npad.A
16. WM.Wazzu.A
17. Stoned.Angelina.A
18. Michelangelo.A
19. Stoned.No_INT.A
20. WelcomB

Virus Watch

The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- WM.MDMA 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Xm.Delta 
9th -- Little_Red.1465 
10th -- WM.Helper 
11th -- Cpw.1527 
13th -- Dr&Et.1710 
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
22nd -- 10_Past_3
22nd -- Frodo.Frodo 
22nd -- Hare
23rd -- Barrotes 
24th -- Npox-963.A 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 
30th -- WM.Satanic 

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- WM.MDMA 
1st -- WM.Satanic 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Xm.Delta 
10th -- WM.Helper 
13th -- Dr&Et.1710 
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Cavaco
25th -- Sarampo.1371 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

Symantec Ships Norton AntiVirus for Firewalls

On July 14, 1997, Symantec shipped Norton AntiVirus for Firewalls. As part of the Norton AntiVirus product line, this new program provides comprehensive virus protection for corporations with compatible firewalls. The new product works by catching and destroying Internet-borne viruses before they invade corporate computer networks.

Supported by industry-leading firewall vendors, the program operates in conjunction with an existing firewall to provide an unparalleled corporate gateway security solution. NAV for Firewalls includes an unrivaled degree of administrative flexibility and control at minimal expense to network throughput. Combined with the recently released Norton AntiVirus Internet Email Gateways, Symantec delivers complete protection for corporate networks.

NAV for Firewalls minimizes network throughput degradation by intelligently scanning only suspicious traffic for viruses. An HTML user interface allows remote configuration. Based on the revolutionary product architecture developed jointly by Symantec and Check Point Software Technologies, the new program will be integrated seamlessly into existing corporate firewalls.

Symantec's partners include Check Point Software Technologies, Trusted Information Systems (TIS), Secure Computing, CyberGuard Corporation, and Milkyway. In addition, Symantec plans to implement support for Microsoft's Proxy Server later this year. Together, these vendors hold approximately 50 percent of the firewall market according to market researcher International Data Corporation (IDC.)

Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1997 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at: