F-PROT Professional Update Bulletins
F-PROT Professional 2.23 Update Bulletin
CONTENTS BRIEFLY
- F-Secure to shield Internet connections
- F-PROT in European Football Championships
- F-PROT to protect more than 50 servers and 450 workstations
- The global virus situation
- Major
- Glupak
- Nado
- Tentacle
- WereWolf
- WordMacro/Wazzu
- News in short
- PC World Hong Kong chooses F-PROT as best buy
- Microsoft distributes the Sampo virus by accident
- Common questions and answers
- New products
- Changes in F-PROT Professional version 2.23
- Changes in F-PROT for DOS
- Changes in F-PROT for Windows
- New viruses detected by F-PROT
F-Secure to shield Internet connections
A new group of information security products has been developed
to stand beside F-Secure' F-PROT anti-virus products and the
Vineyard sales and marketing software. The F-Secure products will
fulfill companies' information security requirements in access
control and cryptography.
The strongest possible security is common to all F-Secure products.
The cryptographic features of F-Secure products are one example
of this; they are based on the same methods that are used by military
and intelligence organizations.
Among the encrypting algorithms used in F-Secure are RSA, 3key3DES
and IDEA.
The SSH software tools are the first F-Secure products to reach
the market. They have been in development since last spring. The
size of the development team has recently been multiplied, and
several new products are about to start shipping. F-Secure SSH
Client and Server programs make secure communication between two
UNIX computers or a UNIX computer and a Windows computer possible.
Macintosh Client programs will be ready this summer.
These products provide, for instance, the strongest possible
security for employees connecting remotely to office systems.
The connections are secured automatically and transparently by
powerful cryptography.
The F-Secure Virtual Private Network (VPN). With the F-Secure
VPN it is possible to create a secure network between several
locations connected by unsecure networks, most often the Internet.
Installing and using VPN does not require any special knowledge.
Installation and configuration can easily be carried out by any
system administrator.
You can find out more about our new products from your local F-PROT
distributor, or by visiting our WWW server
www.F-Secure.com.
F-PROT in European Football Championships
The F-PROT Professional anti-virus software has again proved its
leading position in the market. F-PROT has been chosen as the official
anti-virus product of Europe's Football Championship Tournament.
All computers and networks used in the Euro'96 tournament will
be protected F-PROT Professional anti-virus products.
This new acknowledgment of F-PROT's capabilities comes only four
months after our product was again named "Editor's Choice"
in the evaluation published by the respected Secure Computing
magazine.
F-PROT to protect more than 50 servers and 450 workstations
According to the technology consultant of the Euro'96 tournament,
Bill Alaoglu, Euro'96 wanted the best available anti-virus software
to protect its more than 450 computers and over 50 servers. "That
is why F-PROT Professional was chosen as the anti-virus software
of this year's biggest European sports event."
F-Secure' distributor in UK, Portcullis Distribution, will
supply the tournament organizers with the required F-PROT Professional
licenses. Bob Hoxey, the managing director of Portcullis, states
that the choice of F-PROT is once more an indication of the fact
that information security professionals consider the virus protection
offered by F-PROT to be the best available in the world.
The global virus situation
During the last few months, there have been particularly many
incidents involving viruses which spread through Internet. Infected
files in Internet are typically either games, demos or a crack
programs used for removing the copy protection from commercial
software.
Major
The Major virus got widespread in April 1996, because it had managed
to get into a file package called CANCER01.ZIP in the ftp site
wuarchive.wustl.edu.
In addition to the infected files inside CANCER01.ZIP, Major virus
has spread inside files called TAP.EXE and FLASH.EXE (PKLited
dropper).
Major tries to interact with the Major BBS system. Without further
information about this BBS system, it is impossible to tell what
the virus actually tries to do. However, it is clear that it tries
to access the files \BBSV6\BBSAUDIT.DAT and \BBSV6\BBSUSR.DAT.
Major contains the following encrypted texts:
The Major BBS Virus created by Major tomwn to DOS
Puppet Image Gnat Minion Cindy F'nor
Like many other memory-resident viruses, Major causes conflicts
with some memory-managing programs.
The Major virus has been found in the wild in several countries.
Glupak
Glupak is a buggy direct action infector of COM files. It activates
on October 21st and attempts to overwrite the hard disk. After
this, it displays the following text and hangs the PC:
Happy Birthday Freaky!
Glupak also contains the following encrypted text which is never
shown:
[TV.Suicidal.Dream.B] (c) 1996 The Freak/The Underground
From the hypnotic spectre of wake I scream locked in depths of suicidal Dream
The virus may also delete *.ZIP and ANTI-VIR.DAT files.
Glupak was discovered in the wild in Switzerland and Finland in
April 1996.
There is also another, 890 byte variant of the virus. It contains
slightly different texts.
Nado
This Danish virus infects COM files when they are accessed, and
tries to hide the size increase of the infected files.
It contains the following text:
[Yitzak-Rabin 1.00 (c) made by TorNado in Denmark'96]
Nado contains code which activates when the DEL key is pressed
on the keyboard. At this time, it tries to overwrite the boot
sector of the hard disk with the text shown above. Nado.841 also
deletes ANTI-VIR.DAT files.
There are several different variants of the virus, varying between
584 and 841 bytes in size. Some of the variants overwrite hard
drives and corrupt CMOS setup information, others just delete
anti-virus programs when they are executed. Certain variants infect
EXE files instead of COM files. However, the 841 byte variant
is the only commonly found Nado virus. Note that the damage done
by the 584 byte variant can not always be successfully repaired;
it corrupts files while infecting them.
Nado was confirmed to be in the wild in Denmark in April 1996.
Tentacle
This Windows virus was found in the wild in France and UK in March
1996. The virus spread in a file called DOGZCODE.ZIP, which was
posted in the alt.cracks Usenet newsgroup in Internet. After that,
the virus quickly became widespread. Tentacle infects Windows
3.1x EXE files.
Tentacle infects files in the current and Windows directories.
It does not stay resident in memory.
Occasionally, Tentacle will replace the icon of an infected EXE
file with its own picture. This new icon has a picture of a tentacle
and the text 'Tentacle'.
WereWolf
In fact, WereWolf is a large family of related viruses. Between
December 1995 - February 1996, many of them were reported to be
in the wild in France. Most of the WereWolf viruses are memory-resident
COM and EXE file infectors.
WereWolf is a stealth virus, but it will only hide the changes
in file sizes. The virus is not encrypted, and it contains the
following text:
BEAST
WereWolf avoids infecting the following programs:
CLEAN - McAfee CLEAN
AVP - Antiviral Toolkit Pro
TB - ThunderByte Antivirus
QB - QBasic
SCAN - McAfee SCAN
COMM - Many communication programs
NAV - Norton Antivirus
V - Anything starting with a 'V'
FINDV - S&S Findvirus
GUARD - S&S VirusGuard
FV - S&S Findvirus
CHKDS - DOS CHKDSK
F-PR - F-PROT
-D - AVP TSR
Werewolf.1500.B is a polymorphic variant of this virus. It managed
to get into widespread distribution in April 1996. The virus had
attached itself to a shareware game called 'PackMan', which was
available in the upload directory of a major shareware ftp server.
This variant has been found in the wild in several countries.
WordMacro/Wazzu
There are now almost 20 Word-specific macro viruses. Unlike most
other macro viruses, WordMacro/Wazzu has actually been seen in
the wild: there were a few reports of infections in USA during
spring 1996.
WordMacro/Wazzu consists of a single AutoOpen macro; this makes
it language independent, i.e. this macro virus is able to infect
localized versions of Word as well as the English Word.
Wazzu frequently modifies the contents of documents it infects, moving
words around and inserting the text 'wazzu '. The word 'Wazzu' is
reported to be a nickname for the Washington State University.
News in short
Michelangelo 1996: Allan Dyer of Yui Kee Company Ltd Reports from
Hong Kong
There were very few Michelangelo activation reports world-wide
this year. The Michelangelo virus activates every year on March
6th, overwriting the beginning of the hard drive. However, the
South China Morning Post news reported in March that Martin Lee
Chu-Ming, chairman of the Democratic Party of Hong Kong, lost
"every speech, newspaper article, press release, legal brief
or other utterance in English made by Mr Lee since the middle
of 1994" because the Michelangelo virus had destructively
activated on his machine. "Some data has been recovered and
there are some backups, but much is expected to be lost forever".
PC World Hong Kong chooses F-PROT as best buy
Once again, F-PROT Professional received a "Best Buy"
award, this time in PC World Hong Kong's March review of anti-virus
software. F-PROT had the best detection rate against a test set
of 2223 viruses, and was also praised for ease-of use and documentation.
Microsoft distributes the Sampo virus by accident
Microsoft accidentally distributed approximately 1500 diskettes
infected with the Sampo boot sector virus (see Update Bulletin
2.16) at a recent Microsoft Business Solutions Conference in Hong
Kong. The diskettes contained the Microsoft Internet Explorer
2.0 web browser. The infection took place at the diskette duplication
company, and Microsoft will replace the infected diskettes.
Common questions and answers
If you have questions about information security or virus prevention,
contact your local F-PROT distributor. You can also contact Data
Fellows directly in the number 358-0-478 444.
Written questions can be mailed to:
F-Secure Ltd
F-PROT Support
Päiväntaite 8
02210 ESPOO
FINLAND
Questions can also be sent by electronic mail to:
Internet: F-PROTSupport@F-Secure.com
X.400: S=F-PROT, OU1=DF, O=elma, P=inet, A=mailnet, C=fi
I received a warning about a harmful program called PKZIP300.
What should I do?
Don't worry too much. PKZIP300 was a Trojan Horse program which
claimed to be a new version of the popular compression/packing
utility PKZIP. Actually the program tried to format the hard disk.
This Trojan was reported in a couple of places during spring 1995.
After that, it has not been seen anywhere.
For some reason, there was a renewed warning scare about the PKZIP300
Trojan during spring 1996. However, although the PKZIP300 Trojan
does exist, it is extremely unlikely for anybody to actually run
into it.
V2.04g is the latest official version of PKZIP.
I have heard that there are Trojan Horses capable of destroying
certain PCs' motherboards for good by writing to the Flash BIOS.
Is this true? Is such a thing possible?
No, we haven't seen any Trojans or viruses which can actually
do so. However, according to an announcement from Microid Research,
the Intel Endeavor-2 motherboards have a design problem which
would make it very difficult to recover from a flash programming
problem.
It seems that the flash ROM on these machines is not equipped
with a write-protected failsafe recovery mode. Furthermore, the
flash chip is soldered directly onto the system board.
This means that if the flash BIOS gets corrupted, it can not be
reprogrammed and the chip itself cannot easily be replaced. In
practice, you could lose the whole motherboard because of a program
that rewrites the flash BIOS.
I have heard much about the WWW Java language and the risks
inherent in it. Are there any known Java viruses?
No. The Java language itself is considered very safe, especially
when compared to any common programming language. The problems
lie in WWW-browsers' Java implementations; even simple errors
in the browsers are known to have caused serious problems. At
the moment, the Netscape 2.x browsers are known to have at least
three serious gaps in security. These security holes make it possible
to transfer any kind of PC code inside a Java program, and to
execute it in the user's computer.
There's no real risk of running into Java viruses, but other harmful
programs pose a potential threat. We recommend switching off Java
support in Netscape.
New products
The old NET-PROT Novell Netware NLM scanner has now been replaced
by an all-new NLM product, F-PROT Professional for Netware.
The main differences between the two products are listed in the
table on next page.
Upon upgrading, NET-PROT must first be unloaded from the server.
Remove also all NET-PROT-related commands from autoexec.ncf.
AlertTrace Lite should be installed and loaded before installing
F-PROT for NetWare.
Initially, the administrator must install F-PROT for NetWare on
every NetWare server separately. This cannot be automated either
with F-PROT or the normal Netware tools. The deploy feature will
take care of updating once the initial installations are in place.
Changes in F-PROT Professional version 2.23
Changes in F-PROT for DOS
Disinfection of boot sector viruses has been improved. This is
readily apparent when you browse the list of viruses which were
previously detected, but can only now be disinfected (following
chapter).
F-PROT now detects the PKZIP 3.00B Trojan. This Trojan is, however,
not a "real" threat, but, due to unfounded hysteria,
numerous warnings about it are in circulation, far outnumbering
actual copies of the Trojan.
Changes in F-PROT for Windows
F-PROT (Win 3.1x/NT): This scanner (available on demand) will
show an error message if an attempt is made to scan a directory
to which access is denied (this can happen on NTFS partitions).
F-PROT/Gatekeeper/F-Agent (Win3.1x): F-Agent's Gatekeeper Settings
dialog and the main program's Protection Preferences dialog now
have a "More" button. When you click it, the program
brings out another dialog where you can set scans on created files,
document macros and adjust visual display options. These settings
were previously stored in F-PROTW.INI as undocumented options.
They are now stored in F-PROTW.CFG.
F-PROT (Win95): The Distribute F-PROT Installations feature now
supports Gatekeeper's installation (as Gatekeeper is included
in the Windows 95 package).
The scanning engine: Document macro disinfection has been implemented.
Boot sector scanning used to sometimes cause a GPF because of
a bug in the scan engine. This has now been fixed
Gatekeeper (Win3.1x): A setting called LoadDelay= has been added
to F-PROTW.INI's [Gatekeeper] section. The setting is used for
delaying the loading of Gatekeeper. This feature can be useful
in situations where many applications are loaded at Windows startup,
and there's not enough conventional memory available: Gatekeeper's
loading can be delayed until more memory becomes available.
The setting in F-PROTW.INI is:
AUTOW32: Autow32 supports the Windows 95 Gatekeeper installation.
Use the same AUTOINST.INI settings that are used for installing
the Windows 3.1x Gatekeeper.
AUTOW31: If a program group creation/modification is desired,
Autoinst will wait until the "Program Manager DDE" is
available. Previous versions simply failed in program group creation
if no Program Manager DDE was available, because Autoinst was
started from a logon script before the Windows shell (Program
Manager) had had time to completely boot itself up. The default
timeout value is 5000 ms; you can use the [Autoinst] DDEPMTimeOut=
setting to override this.
F-Agent/Gatekeeper (Win3.1x): The dialog that says that the VxD
is not loaded and Gatekeeper can't be started has now two new
buttons: "Restart Windows" and "Continue".
This has been implemented in F-Agent only.
Gatekeeper (Win3.1x): After a boot sector infection has been detected
and the user has clicked OK in the message box, the boot sector
is scanned again to make sure that the user has removed the infected
diskette. The user will not be able to continue using the computer
until the diskette has been removed or replaced by another, clean
diskette.
New viruses detected by F-PROT
The following 47 viruses are now identified, but can not be removed
as they overwrite or corrupt infected files. Some of them were
detected by earlier versions of F-PROT, but not identified accurately.
Burma.442.E
Country.611
Crazy.1024
Demand.666.C
Fack.180
HLLO.3836
HLLO.4019
HLLO.7680
HLLO.8096
HLLO.21603
IOE.155
IOE.239.A
IOE.239.B
Itti.99.D
IVP.O.229
Leprosy.371
Leprosy.622
Leprosy.625.A
Leprosy.625.B
Leprosy.2013
Markiz.1972
Milan.249
Rauser.296
SillyC.201
Sod.257
Trivial.28.D
Trivial.42.L
Trivial.45.J
Trivial.45.K
Trivial.53.B
Trivial.53.C
Trivial.53.D
Trivial.53.E
Trivial.67
Trivial.72
Trivial.80
Trivial.87
Trivial.111
Trivial.112
Trivial.117.B
Trivial.284
Trivial.963
VCL.O.372
VCL.O.454
VCL.O.464
VCL.O.466.C
VCL.O.538
The following 377 new viruses can now be removed. Many of them
were detected by earlier versions, but are now identified accurately.
_264
_432
_709
_768
Abbas.5660
Acid.736
Afraid.1036
Alexe.1287
Alfa.3072
Alfons.1536
Andris.683
Angels.1571
Annres.553
Annres.972
Annres.1052
Antibasic.351
Anti-C.726
AntiCAD.4096.L
AntiMIT.764
Antiwin.633
AOS.736
AOS.744
AOS.752
AOS.758
AOS.833
AOS.847
AOS.854
Babol.2048
Barrotes.1874
Beer.2920
BGU.1295
BGU.1298
Blue_Nine.925.C
Blue_Nine.1725
Blue_Poison.487
BodyBuilding.884
BootExe.444
Boso.1037
Boso.1388
BW.291
BW.343
BW.491
BW.495
BW.751
BW.Mayberry.499
BW.Mayberry.604
BW.Mayberry.682
C&Y.426
Cannabis.C
Cascade.1701.AQ
Cascade.1701.AR
Cascade.1701.AS
Cascade.1701.AT
Cascade.1704.AD
CB.450
Cholera.2415
Civil_Defense.6656.C
Civil_IV.588
Clisti
Clonewar.551
Compiac.379
CPW.1395
Creeper.482.B
Cybercide.1309
Danish_Tiny.333.D
Dark_Avenger.1690
Dark_Avenger.1797.B
Dark_Avenger.1800.AC
Dark_Avenger.1841
Dark_Avenger.2000.M
Dbase.1850
Debilitated.2000
Defo
Delwin.1199
DespChem.633
DieHard.4000.B
Ditwet.465
Dos-1.185
Dron.1024
Dull_Boy.A
Dull_Boy.B
Dumb.192
Dumb.215
Eliza.1194
Eliza.1282
End_of.773
Euskadi.811
Eventide.1061
Exemplary.586
Exile.255
Fack.330
Fallen_Angel.338
Fasola.2215
Favorite.2576
Fizzle.313
Fletan.565
Fletan.574
Flipflop.610
Floriana.939
Four_Seasons.1514
Fowl.3072
Genvir.1600.B
Genvir.1856
Ginger.2337
Glupak.847
Glupak.890
Greetings.297
Gotcha
Guppy.152.E
Hi.680
Hi.764
HLLC.4045
HLLC.4870
HLLC.5129
HLLC.6644
HLLP.5872
HLLP.9072
HLLP.16470
Hole.476
Horror.1173
Horsa.1185
Hue.482
Icelandic.1618.F
Inside.752
Intruder.1413
IstanbulCCC
IVP.366
IVP.368
IVP.371
IVP.647.A
IVP.647.B
IVP.650
IVP.751
IVP.754
Jack.436
Jerusalem.1500
Jerusalem.1607
Jerusalem.1808.Frere.M
Kela.2018
Khiznjak.834
Khiznjak.1101
Kobrin.491
Kouser.1648
Kpi.329
Kusumah.2588
Kyokushinkai.2048.C
La.802
Lamego.722
Lenin.943
Lesson.189
Lesson_I.301
Letter_H.665
Locust.1158
Major.1644
Mand.1061
Maripuri.1942
Mazur.2541
Minzhou.1024
Mirea.665
Morgen.656.B
Morgot.823
Mosca.1278
Mosca.1372
Murphy.1277.C
Nado.838
Narcosis.1431
Natas.4746
NLA.333
NLA.348
No_frills.815.B
No_frills.950
NSD.267
Nutcracker.2000.A
Nutcracker.2000.B
Nutcracker.2293
Nutcracker.2725
Nutcracker.2900
Nutcracker.3100
Nutcracker.3500.A
Nutcracker.3500.B
Nutcracker.3500.C
Nutcracker.3500.D
Oguro.446
Ozzy.546
Pantera.400
PC-Knight.2083
Pixel.847.L
Plove.322
Plove.327
Porridge.1061
Presumptious.680
Proto-T.629
Proto-T.688
Proto-T.893
Proto-T.1041
Proto-T.1048
PS-MPC.269
PS-MPC.281
PS-MPC.305
PS-MPC.356
PS-MPC.377.B
PS-MPC.379
PS-MPC.386.B
PS-MPC.409
PS-MPC.410
PS-MPC.414.A
PS-MPC.414.B
PS-MPC.414.C
PS-MPC.414.D
PS-MPC.415.A
PS-MPC.415.B
PS-MPC.415.C
PS-MPC.444.B
PS-MPC.446.A
PS-MPC.446.B
PS-MPC.450
PS-MPC.454
PS-MPC.460
PS-MPC.495
PS-MPC.505
PS-MPC.513.B
PS-MPC.522
PS-MPC.526.B
PS-MPC.528.A
PS-MPC.528.B
PS-MPC.545
PS-MPC.548
PS-MPC.549
PS-MPC.555
PS-MPC.565.J
PS-MPC.565.K
PS-MPC.568
PS-MPC.570.J
PS-MPC.573.R
PS-MPC.573.S
PS-MPC.573.T
PS-MPC.575.D
PS-MPC.578.T
PS-MPC.578.U
PS-MPC.579.G
PS-MPC.579.H
PS-MPC.581.B
PS-MPC.583.C
PS-MPC.585.E
PS-MPC.585.F
PS-MPC.598.O
PS-MPC.603.E
PS-MPC.603.F
PS-MPC.603.G
PS-MPC.606.H
PS-MPC.606.I
PS-MPC.606.J
PS-MPC.607.D
PS-MPC.607.E
PS-MPC.607.F
PS-MPC.607.G
PS-MPC.610.D
PS-MPC.611.M
PS-MPC.611.N
PS-MPC.611.O
PS-MPC.611.P
PS-MPC.611.Q
PS-MPC.611.R
PS-MPC.611.S
PS-MPC.611.T
PS-MPC.612.H
PS-MPC.612.I
PS-MPC.616.D
PS-MPC.621
PS-MPC.625.B
PS-MPC.634
PS-MPC.652
PS-MPC.661.B
PS-MPC.666.A
PS-MPC.666.B
PS-MPC.701
PS-MPC.761
PS-MPC.808
PS-MPC.853
PS-MPC.921.B
PS-MPC.929
Rabbit
Rael.3211.B
Rain
Red_Hacker.1405
Retailer.1536
RP.B
RWV.549
Rycho.1024.A
Rycho.1024.B
Rycho.1536.A
Rycho.1536.B
Salamander.940
Satria.A
Satria.B
Satria.C
Saturday.669.C
Saynay.5115
SE.1853
Semi.895
Shel.983
Silent_Night.1111
SillyC.91
SillyC.139
SillyC.175
SillyC.192
SillyC.253
SillyC.302.B
SillyC.432
SillyC.478
SillyComp.116
SillyE.512
Sirius.361
Sirius.365
Sirius.402
Sirius.547.A
Sirius.547.B
Sirius.615.A
Sirius.615.B
Sirius.640.A
Sirius.640.B
Sirius.720
Slava.500
Snowfall.945
Stay_Cool.573
SuperF.1175
Suriv.941.B
SVC.2936.B
SVC.2936.C
SVC.2936.D
SVC.2936.E
Syndrome.1485
Szatan
Tanpro.749
Taurus.1153
Tequila.2469
Tet.409
Tiger.1116
Trakia.1471
Trebujena.1094
Trieda.851
Trooper.2259
Tpvo.3464
Tpvo.3654
Uddy.2617.B
Uklott.1327
Union.1531
Ups.1155
Vampiro.1000.D
VCC.328
VCC.341
VCC.357
VCC.614
VCL.500
VCL.550
VCL.822.B
VCL.1212
VCS.1077.M
VCS2.799
VD.1664
Vesna.1000
VFSI.426
Vienna.559
Vienna.595.B
Vienna.638
Vienna.648.SDI
Vienna.699
Vienna.708
Vienna.718
Vienna.733.B
Vulcan.496
Wire.3518
YB.405
Year_1992.1731.C
Youareill.1186
Xantic
Youhave.577
The following 125 new viruses are now detected and identified
but can not yet be removed.
_700
_979
_995
_1499
_2965
Annihilator.599
Annihilator.607
Annihilator.610
AnotherW.706
Antifor.1110
ARCV.800
Ask.708
Asmodeus.1833
Avalgasil.666
Batman.2844
Bolero.1000
Buffalo.486
BW.688
Civil_Defense.6656
Coito.644
Cordobes.3334
Crawler.545
Cybertech.1078
DBF.1046
Detic.1514
DIR-II.1024.AB
Doubleheart.539
Doubleheart.553
Doubleheart.639
Dune.579
Dune.672
Emmie.2496
Faws.2340
Flack.1330
Ghost.5000
Gothic.2097
Green_girl.1055
Green_Monster.784
Gregory.406
Handel.1000
Harvester.1422
HLLC.7508
HLLC.8096
HLLP.5667.A
HLLP.5667.B
HLLP.6144
HLLP.7000
IVP.419
IVP.449
IVP.728
IVP.762
IVP.922
Johnny.826
Johnny.955
Juice.305
Lame.435
Lame.636
Ludwig.573
Mac.1098
Manic.2143
Mantis.1215
Maresme.1062
Mark.2660
Mef.1481
Mef.1538
Moonlite.338
MPTI.1536.B
Nocopy.3655
Notyet.1277
Notyet.1577
November_17th.1045
NRLG.914
NRLG.926
NRLG.933
NRLG.940
NRLG.963
NRLG.982.B
NRLG.984
NRLG.990
NRLG.1010
PCBB.3072.C
Peel.334
Phalcon.1136
Pincher.1632
Pirania.1617
Predator.1070
Predator.2424
Prohibit.1500
Quish.333
Rape.1883
Rape.2496
Riot.464
Rotator.869
Rubbit.3164
SanLoreno.1025
Saratov.1790
Scitzo.1337
Shadow.1185
Shadow.1702
Shel.973
Shel.988
Small_comp.100.B
Sochi.703
Spinner.1071
Svetlana.1110
Svetlana.2060
Svetlana.3410
Svetlana.4734
Swiss.921
TCH.1909
Tease.840
Unskip.1908
Vampiro.1492
Vampiro.1542
Vampiro.1619
Vampiro.1621
VCC.537
VCL.522
Werewolf.684.B
WinVik.A
WinVik.B
WordMacro/Atom
WordMacro/Imposter
WordMacro/Nuclear.B
WordMacro/Xenixos
Yankee_Doodle.XPEH.4048.B
The following new virus is now detected, but not identified. F-PROT
will just report the family name with a (?) or report the virus
as a "New or modified variant", as it is not yet able
to determine which variant it is dealing with. Disinfection of
this virus is not yet possible.
Tentacle
The following 60 viruses which were identified by earlier versions
can now be removed.
3_NOPs
Abs-3.A
Abs-3.B
Boot_Intruder
Brasil
Cannabis.A
Cannabis.B
Crazy_Eddie.A
Crazy_Eddie.B
Diskwasher.A
Diskwasher.B
EB79
Flame.A
Flame.B
Galicia
Godoy
Ibex
JKTK
Kaczor.4444
Lavot.A
Lavot.B
Lch15
Lulu
Malaga
MISiS.A
MISiS.B
MISiS.C
MISiS.D
Mr_D.1536
MzBoot.464
Nichols.A
Nichols.B
Nichols.C
Peter
PMBS.A
PMBS.B
RM.A
RM.B
Satria.A
SheHas
Smiley_Boot
Stoned.8.A
Stoned.8.B
Stoned.Stonehenge
Swiss_Boot.A
Swiss_Boot.B
Tony_Boot.A
Tony_Boot.B
Verify
Whirl.A
Whirl.B
Whirl.C
Windmill
X-3a.A
X-3a.B
Yankee_Doodle.1817
Yankee_Doodle.2505
Yankee_Doodle.XPEH.3600
Yankee_Doodle.XPEH.3840
Yankee_Doodle.XPEH.4016
The following viruses have been renamed:
Bones -> Ibex
Breasts -> SheHas
Hello -> Sirius
Ilove -> Satria
Sno -> Snowfall
F-PROT Professional 2.23 Update Bulletin
F-Secure Ltd, Paivantaite 8, FIN-02210 ESPOO, Finland
Tel. +358-0-478 444, Fax +358-0-478 44 599, E-mail: F-PROT-Support@F-Secure.com
This material can be freely quoted when the source, F-PROT Professional
Update Bulletin 2.23 is mentioned. Copyright (c) 1996 F-Secure Ltd.
F-PROT Professional Support < f-prot@datafellows.fi >
.
.
|
