Dec 092017
 
Updated .DEF for Norton AntiVirus. Fixes problem with false virus alert when scanning PK204C.ZIP. From PKWare BBS.
File 20A10.ZIP from The Programmer’s Corner in
Category Tutorials + Patches
Updated .DEF for Norton AntiVirus. Fixes problem with false virus alert when scanning PK204C.ZIP. From PKWare BBS.
File Name File Size Zip Size Zip Type
20A10.DEF 86388 29774 deflated
20A10.TXT 4618 2167 deflated

Download File 20A10.ZIP Here

Contents of the 20A10.TXT file


20A10.TXT - Description file for 20A10.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
November 1, 1992
******************************************************************

Instructions for loading virus definitions, using Norton AntiVirus
2.0, Norton Desktop for DOS 1.0 or Norton Desktop for Windows 2.0:

1) Run Virus Clinic by typing NAV at the DOS prompt, choosing Norton
AntiVirus from the Tools menu of the Norton Desktop for DOS or
Windows, or by double-clicking on the Norton AntiVirus Windows icon in
the Norton AntiVirus group window.

2) If you are in DOS, press to accept the Welcome screen.

3) Select "Cancel," or press to bypass the "Scan Drives"
Screen.

4) Select the "Definitions" menu.

5) Select "Load from File..."

6) If the name of the drive and directory to which you loaded the
definition file does not appear on the "Directory:" line, change to
the proper drive and directory name and press .The name of
the definition file should appear in the "Files" window.

7) Select the definition file, select "OK," and press .

8) After the definitions have loaded, press to exit from the
"Load Definition File Results" screen.

9) Select "Exit" from the "Scan" menu.

10) Reboot your computer to activate the new definitions.


The following virus definitions were enhanced with the concept of preventing
false identification of viruses:

529, 566, 855, 1554, African-109, Akuku, Anti-Pascal-2, Bad Boy A, Bad Boy B,
Best Wishes, Black Monday, Brain-A/B, Cinderella, Creeper, Destructor, Durban
Saturday 14th, Eliza, Exodus, Flash, Fu Manchu, Gergana, Gergana-2, GP-1,
Invader, Jerusalem-1, Jerusalem-2, Mix-1, Nina, Paris, Saturday the 14th,
Scream, Sistor-2380, Slow, Star Dot, Sunday-2, SVC v5.00, Tequila, Thimble,
Tokyo, Topo, USSR, USSR-600, USSR-696, V651, V801, V270x, VComm, Vien6,
Voro-370, Voronezh, Weber Warrior, Westwood, Wolfman, Yale/Alameda, ZMT-262.

The following virus definitions were enhanced for more capabilities:

Murphy 1/2 and Murphy (2) were combined into a wide reaching definition,
Murphy Family.Leech, PSQR-1364 (Mummy21), Rape-10, Scream 2B, Shake,
Sylvia, Tiny, Trackswap, Were Here, and Kbug (Keyboard Bug) all were
enhanced for more capability.

The following virus definitions were reorganized:

Flip with Flip-2153B, Flip-2153C, and Flip-2153D.
Perfume and Sorry were combined into Perfume/Sorry.
1381 changed name to "Internal (1381)".
Viruses named with the word "Virus" had that word stricken.

Mocha
Mocha has the capability of destroying hard disks! Mocha is an encrypting
memory resident infector of COM and EXE files.Infected files will grow
approximately 1800 bytes. Infected COM files can be repaired by NAV but
not the EXE files.

Spawn 519
Spawn 519 is a companion virus that creates COM files where there are EXE
files.After infection, a COM file will exist in conjunction with every
EXE file. Files detected as being infected by this virus should simply be
deleted. On Fridays at 11AM, the following message will be printed,
"this ain't no party, this ain't no disco, this ain't no fooling around,"
from a hit single by The Talking Heads. The program will sometimes try to
create a README.COM on the A: drive. This is its preferred propagation mode.

Sticky
Sticky is a memory resident, self-encrypting infector of partition tables
and COM and EXE files.This is referred as a multipartite virus. Infected
files grow by approximately 925 (927) bytes. NAV can repair the infected
partition tables. However, infected files must be deleted. This virus does
not appear to do any damage however because so many components exist, it may
be very difficult to completely be rid of it.

V789
V789 is a direct action infector of EXE and COM files.Infected files will
grow approximately 800 bytes (789 + (1 to 16), whatever makes the result
divisible by 16). Attributes and file timestamp are left unchanged.
Infected files can be repaired by NAV.

On Sept 24 at 7AM, this virus will wipe out ever hard disk from Z: to A:,
writing garbage onto the first 200 sectors of each drive!

(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)


 December 9, 2017  Add comments

Leave a Reply