21A18.TXT - Description file for 21A18.DEF AntiVirus Lab, SYMANTEC/Peter Norton Product Group November 1, 1994 ****************************************************************** [The NAV definition update installation instructions are also available on this disk in French, German, Italian, Swedish, and Spanish. Please reference the appropriate file.] Loading New Definitions To update NAV 2.1 with the new virus definition you have just received, do the following: Note: Each definition set completely replaces the current set so only the latest is required. From DOS: 1) At the DOS prompt, type "NAV" then . 2) Select the "Cancel" button (ALT-C) to bypass scanning at this time. 3) Select the Definitions menu (ALT-D), then select the "Load from file" item (L). You will now see the "Load from file" dialog box. 4) Place the definition diskette in drive A: (Drive B: where applicable). 5) In the FILE field, type "A:*.DEF " ("B:*.DEF" if applicable) then . 6) The definition file on the disk should now appear in the "Files" box. 7) Select the "Files" box (ALT-L). Note: the filename is normally loaded into the "File" line automatically as it is usually the only file available. If this is not the case, use the TAB key to highlight the file then press the spacebar. 8) Select "OK" (ALT-O) to load the new definition set. 9) After loading, press "ESC", exit NAV, and reboot the machine. 10) NAV will now use the new definitions to scan for viruses. From Windows: 1) Activate NAV by double-clicking on its icon. 2) Click on "CANCEL" in the "Scan Drives" window to bypass scanning at this time. 3) From the "Definitions" menu choose "Load from file". 4) Place the definition diskette in drive A: (Drive B: where applicable). 5) Type "A:*.DEF" ("B:*.DEF" if applicable) in the "File" field, then press the Enter key. 6) The latest definition file should now appear in the "Files" box. 7) Double-Click on the filename inside the "Files" box. 8) The file should begin to load. If not, click the "OK" button to load the new definition set. 9) After loading, exit NAV, exit Windows, then reboot the machine. 10) NAV will now use the new definitions to scan for viruses. ****************************************************************** Note for users who are not updated through Corporate Channels: After updating your definitions, if every file is identified as being infected with "MtE", don't panic. You probably do not have a virus. Please download the patch file, PTCH1A.ZIP (available through CompuServe and the Symantec BBS), unzip the file, follow the instructions included in the readme file, and then load these definitions again. If you are unable to download this patch file, or are still experiencing problems after using it, please contact Symantec Technical Support. Stealth Boot It is a memory resident MBR and boot record infector. We now also detect Stealth.C in memory. Both Stealth.B and Stealth.C will be detected on media as "Stealth Boot." Repair is now possible for hard disks. Does nothing more than spread. It conceals the fact that it has taken over the MBR (stealth). Natas Boot This is a highly polymorphic EXE and COM infector and an infector of the hard disk Master Boot Record. It is extremely prolific and is said to be infecting perhaps one-third of all machines in Mexico. It has also infected some companies and government agencies in the US which have dealings in Mexico. A definition to detect Natas in memory and on the MBR is provided for NAV 2.1. The ability to detect and/or repair files is beyond the technology available to NAV 2.1. If you detect this virus in memory or on the MBR, you will need to call our Technical Support and request to upgrade to the most current NAV 3.0. ----- (Note: File size growth is given in approximate numbers. If a number is enclosed in parentheses, that number would be the growth of one of the more common variants. As it is too easy for a virus writer to alter this number without changing the virus significantly, do not depend on the more precise number. It is provided for your confidence should you encounter it, which we hope never happens.)