What's New in McAfee DAT File 3008a (v3.0.3) Copyright 1994-1997 by McAfee, Inc. All Rights Reserved. Thank you for using McAfee products. This What's New file contains important information regarding the current DAT file. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. ___________________ WHAT'S IN THIS FILE - New Features - Known Issues - Installation - Additional Information - Contact McAfee ____________ NEW FEATURES False identification of HLLO.21037 has been resolved. VirusScan for DOS v3.0.2 (or later), in conjunction with these DAT files, has the ability to detect and remove viruses from Word document files infected by viruses that password protect documents. When VirusScan detects an infection of this type, it not only can clean the virus, but also remove the password protection. We are very proud to provide this detection and removal capability beyond the abilities of competing products. Only password protection put in place by viruses are removed from files. Thus a file that was password protected by the user, if infected by virus, will not have its password removed. In such cases, you must remove the password before VirusScan can remove the virus. VirusScan will, of course, still detect and inform you of the infection. Though VirusScan could have the ability to remove all passwords, it has been designed with the best possible compromise between functionality and security. This was the design preferred by respondents to an internet poll conducted by McAfee. * NEW VIRUSES DETECTED * This DAT file, 3008a, is compatible with VirusScan's and NetShield's v3.x.x engines only. This DAT file is not intended for use with VirusScan v2.x or NetShield v2.x. This DAT file detects the following 198 new viruses. Locations that have experienced particular problems with specific viruses are also identified. ABC.A AL-DITH.1502 ALEX.599 ALFONS.1344 ANDYC.565 ANDYC.565 DROPPER ANGEL.A ANT.A:TW ANT.C:TW ANT.D:TW APPDER.G APPDER.H APPDER.I BADSECTOR.3422 BADSECTOR.3428 BAJAB.1024 BANDUNG.AS BANDUNG.AT BANDUNG.AU BANDUNG.AW BANDUNG.AX BANDUNG.AY BANDUNG.AZ BANDUNG.BA BARBARO.A:IT BARROTES.1310.A BLACK.A BLIN.1457 CAFE-AX.1516 CAP.I CAP.K CAP.M CAP.X CAP.Y CEBU.B CHAOS.B CHILL.A COLORS.BL COLORS.BM COLORS.BN COLORS.BO CONCEPT.AL CONCEPT.AR CONCEPT.AW CONCEPT.AX CONCEPT.AY CONCEPT.AZ CONCEPT.BA CONCEPT.BB (US) CONCEPT.BC CONCEPT.BD CONCEPT.BE CONCEPT.BF CONCEPT.BG CONCEPT.BH DEMON.A DISHONOR.A:DE DODGY (UK, Europe) DPOP.1168 DZT.G ELYTHNIA EPIDEMIC.B:TW EPIDEMIC.C:TW ERASER.F:TW FIRE.A:DE FITW_DISK FOG.1748 FORMATS.A (TROJAN) FOUR.A FRIDAY.D:DE FRIDAY.E:DE GINGER (Australia) GINGER-PEANUT GINGER.2774 GLITTER.1462 GOLDSECRET.A (Internet) GOLDSECRET.B (INTENDED) (Internet) HELPER.F HELPER.G HELPER.H HLL.CMP.16052 HLLO.20621 HLLP.21037 HLLT.5850 (Internet) HLLT.5850C (Internet) HYBRID.G HYBRID.H ILLITERATE.A IMPOSTER.E INCARNAT.A ISLAND.3551 IVP.1075 IVP.1755 KOH-INSTALL KOMPU.E KOMPU.F LAMOT.744 LILITH LUCIFER.A LUNCH.E MALARIA.A:TW MDMA.V MDMA.W MDMA.X MDMA.Y MONDAY.A:TW MORPHINE.3500 MSHARK.889 MUCK.G MUCK.H MULTIANI MVCK1.B MVCK1:KIT NAZI.8600 NJ-WMDLK1.G NOP.G NOP.M:DE NPAD.CE NPAD.CF NPAD.CG NPAD.CH NPAD.CI NPAD.CJ NPAD.CK NPAD.CL NPAD.CM NPAD.CN (Canada) NPAD.CO NPAD.CP NPAD.CQ NPAD.CR NPAD.CS NUCLEAR.O NUCLEAR.P NUCLEAR.Q NUCLEAR.R NUKER.A OMINOUS.1846 PAYCHECK.E PEACEKEEPER.A PEACEKEEPER.B PERCENT.A:TW RAPI.AL2 RAZER.A REHENES.A (Word6/7) RELLIK.A:TW SCHUMANN.B:DE SETMD.A SHIN SHOWOFF.BT SHOWOFF.BU SHOWOFF.BV SHOWOFF.BW SKIMPOP.1455 SOCKS.A SOPRON.937 SPOOKY.B:DE SPOOKY.C:DE STOOPID.353 SWAPPER.746 (Germany) SWLABS.E SWLABS.F SWLABS.G (US Military) TALON.B TALON.C TALON.D TALON.J TARGET.B:DE TEMPLE.C TMC-LEVEL42 TODAYBOO TWOLINES.Q TWOLINES.Q1 VAMPIRE.D:TW VAMPIRE.D1:TW VAMPIRE.E:TW VAMPIRE.F:TW VANITAS.2048 (Internet) VICOD.532 VIKING32 (TROJAN) VOLCANO.A:IT (INTENDED) WAZZU.CF (Canada) WAZZU.CJ WAZZU.CK WIN NUKE (TROJAN) WPC_ALAEH.2279 (Phillipines) XM/EMPEROR.B:TW XM/LAROUX.F XM/LAROUX.G XM/YOHIMBE.B XUTE.1056 XUTE2.1062 XUXA.1656 ZAHAK.960 ZERO.A:DE ZMB.A:DE (Germany) ZOOLOG.A (Russia) * NEW VIRUSES CLEANED * This DAT file cleans the following 174 new viruses. Locations that have experienced particular problems with specific viruses are also identified. AL-DITH.1502 ALEX.599 ALFONS.1344 ANDYC.565 ANDYC.565 DROPPER ANGEL.A ANT.A:TW ANT.C:TW ANT.D:TW APPDER.G APPDER.H APPDER.I BADSECTOR.3422 BADSECTOR.3428 BAJAB.1024 BANDUNG.AS BANDUNG.AT BANDUNG.AU BANDUNG.AW BANDUNG.AX BANDUNG.AY BANDUNG.AZ BANDUNG.BA BARBARO.A:IT BARROTES.1310.A BLACK.A CAFE-AX.1516 CAP.I CAP.K CAP.M CAP.X CAP.Y CEBU.B CHAOS.B CHILL.A COLORS.BL COLORS.BM COLORS.BN COLORS.BO CONCEPT.AW CONCEPT.AX CONCEPT.AY CONCEPT.AZ CONCEPT.BA CONCEPT.BB (US) CONCEPT.BC CONCEPT.BD CONCEPT.BE CONCEPT.BF CONCEPT.BG CONCEPT.BH DEMON.A DISHONOR.A:DE DODGY (UK, Europe) DPOP.1168 DZT.G ELYTHNIA EPIDEMIC.B:TW EPIDEMIC.C:TW FIRE.A:DE FITW_DISK FORMATS.A (TROJAN) FOUR.A FRIDAY.D:DE FRIDAY.E:DE GINGER (Australia) GINGER-PEANUT GINGER.2774 GOLDSECRET.A (Internet) GOLDSECRET.B (INTENDED) (Internet) HELPER.F HELPER.G HELPER.H HLL.CMP.16052 HLLO.20621 HLLP.21037 HLLT.5850 (Internet) HLLT.5850C (Internet) HYBRID.G HYBRID.H ILLITERATE.A IMPOSTER.E INCARNAT.A IVP.1075 IVP.1755 KOH-INSTALL KOMPU.E KOMPU.F LAMOT.744 LILITH LUCIFER.A LUNCH.E MALARIA.A:TW MDMA.V MDMA.W MDMA.X MDMA.Y MONDAY.A:TW MSHARK.889 MUCK.G MUCK.H MULTIANI MVCK1.B MVCK1:KIT NAZI.8600 NJ-WMDLK1.G NOP.M:DE NPAD.CE NPAD.CF NPAD.CG NPAD.CH NPAD.CI NPAD.CJ NPAD.CK NPAD.CL NPAD.CM NPAD.CN (Canada) NPAD.CO NPAD.CP NPAD.CQ NPAD.CR NPAD.CS NUCLEAR.O NUCLEAR.P NUCLEAR.Q NUCLEAR.R NUKER.A PAYCHECK.E PERCENT.A:TW RAPI.AL2 RAZER.A RELLIK.A:TW SCHUMANN.B:DE SETMD.A SHIN SHOWOFF.BT SHOWOFF.BU SHOWOFF.BV SHOWOFF.BW SKIMPOP.1455 SOCKS.A SOPRON.937 SPOOKY.B:DE SPOOKY.C:DE STOOPID.353 SWAPPER.746 (Germany) SWLABS.E SWLABS.F SWLABS.G (US Military) TALON.J TARGET.B:DE TMC-LEVEL42 TODAYBOO TWOLINES.Q TWOLINES.Q1 VAMPIRE.D:TW VAMPIRE.D1:TW VAMPIRE.E:TW VAMPIRE.F:TW VANITAS.2048 (Internet) VICOD.532 VOLCANO.A:IT (INTENDED) WAZZU.CF (Canada) WAZZU.CJ WAZZU.CK WPC_ALAEH.2279 (Phillipines) XM/EMPEROR.B:TW XM/LAROUX.F XM/LAROUX.G XM/YOHIMBE.B XUTE.1056 XUTE2.1062 XUXA.1656 ZMB.A:DE (Germany) ZOOLOG.A (Russia) ____________ KNOWN ISSUES 1. Due to the size of Virus List, it is too large to load into memory under the following circumstances: when using this DAT file with VirusScan v3.x for Windows 3.1x after a virus is detected and cleaned. Viewing the Virus List at this time may cause your system to run out of memory. 2. For optimal performance, add and verify the following lines exist in your CONFIG.SYS file: DEVICE=C:\DOS\HIMEM.SYS DOS=HIGH Where C:\DOS\HIMEM.SYS represents the location of your HIMEM.SYS file. ____________ INSTALLATION * INSTALLING THE PRODUCT * Data file updates are stored in a compressed format to reduce transmission time. To install your update, create a temporary directory and copy the downloaded file to the directory. Unzip the files, and copy them to the appropriate permanent directories, replacing your existing files. * PRIMARY PROGRAM FILES FOR VIRUS DEFINITIONS * Files located in the Install directory: ======================================= CLEAN.DAT = Virus clean definition data MCALYZE.DAT = Virus definition data for Hunter engine NAMES.DAT = Virus names definition data SCAN.DAT = Virus scan definition data * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installations. To test your installation, copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69- or 70-byte file. When VirusScan is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. ______________________ ADDITIONAL INFORMATION Macro viruses are named using this standard: The first of a family is given "name.A". For each subsequently discovered variant, The suffix letters progress until .Z is reached. The next is given .AA until .AZ is reached. The next is given .BA, etc. until .ZZ is reached. The next would then be given .AAA and so on. A macro virus name given without a variant notation means a non-specific variant is being referenced. ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Corporate-licensed customers, call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time Retail-licensed customers, call (972) 278-6100 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax (408) 970-9727 24-hour, Group III fax 3. Fax-back automated response system (408) 988-3034 24-hour fax Send correspondence to any of the following McAfee locations. McAfee Corporate Headquarters 2805 Bowers Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral Center West 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 4099 McEwen Suites 500 and 700 Dallas, TX 75244 McAfee Canada 139 Main Street Suite 201 Unionville, Ontario Canada L3R2G6 McAfee Europe B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany McAfee Japan KK 4F Toranomon Mori bldg. 33 3-8-21 Toranomon Minato-Ku Tokyo, 105 Japan Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet e-mail: support@mcafee.com 3. Internet FTP: ftp.mcafee.com 4. World Wide Web: http://www.mcafee.com 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE 7. The Microsoft Network: GO MCAFEE Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script - Microsoft service pack, where applicable - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. Documentation feedback is welcome. Send e-mail to documentation@cc.mcafee.com. * FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established an Agents program to provide service, sales, and support for our products worldwide. For a listing of agents, see the file AGENTS.TXT, where applicable, or contact McAfee Customer Service for agents near you. * MCAFEE BETA SITE * Get pre-release software, including DAT files, through http://beta.mcafee.com. You will have access to Public Beta and External Test Areas. Your feedback will make a difference.