and its Affiliated Companies. All Rights Reserved.
Thank you for using Virex, the fastest, most accurate virus detection and repair solution available for the Macintosh. This Read Me file contains important information about the current Virex Virus Update. Network Associates strongly recommends that you read the entire document.
Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact Network Associates Customer Care and technical support.
WHAT'S IN THIS FILE
- What Is a Virus Update File?
- New Viruses Detected
- Understanding Virus Names
- Installation
- Additional Information
- Documentation
- Contacting Network Associates
WHAT IS A VIRUS UPDATE FILE?
Virus Update files contain up-to-date virus signatures and other information for Virex to use to protect your computer against the thousands of computer viruses in circulation and against the hundreds of new viruses that emerge between updates. Network Associates releases new Virus Update files each month. To protect yourself against these virus threats, download and install the latest Virus Update file every month.
NEW VIRUSES DETECTED AND REMOVED
• IMPORTANT NOTE •
This Virus Update file functions only with Virex v5.9.0 or later. You cannot use this Virus Update file with earlier Virex versions. This Virus Update file detects these 63 new viruses:
PP97M/KELLY
W97M/BENCH
W97M/BENCH
W97M/BOGOR
W97M/CLASS.CN
W97M/DED
W97M/DERROCHE
W97M/DESECRATE
W97M/EMT
W97M/GEST
W97M/HOG
W97M/KILLER
W97M/KOP.B
W97M/LAMAH
W97M/MARRAUDER
W97M/MCK
W97M/MELISSA.B
W97M/MELISSA.D
W97M/MELISSA.DAM
W97M/MELISSA.GEN
W97M/MELISSA.I
W97M/MISTAKEN
W97M/MUTALISK
W97M/NEWHOPE
W97M/PING
W97M/POC
W97M/POLYM
W97M/RUT
W97M/SATURN
W97M/SYNDICATE
W97M/VACUITY
W97M/VMPCK1.BQ
W97M/VOLTRON
W97M/ZERG
WM/AZRAEL
WM/DVL
WM/FERT
WM/GIZMO
WM/IRAWAN
WM/JELLY
WM/REMINDER
WM/SCHUMANN.AB
WM/UHRJAP
X97M/FLYAWAY
X97M/FRIEND
X97M/LAROUX.IO
X97M/LAROUX.IQ
X97M/LAROUX.IT
X97M/MISTAKEN
X97M/NEG
X97M/NEG.D
X97M/NINJA
X97M/PAPA
X97M/PAPA.GEN
X97M/TRASH
XM/LAROUX.BP.DAM
XM/LAROUX.IO
XM/LAROUX.IQ
XM/LAROUX.IT
XM/MANUELA
XM/NEG.D
XM/UEDASAN.A
XM/UEDASAN.C
UNDERSTANDING VIRUS NAMES
Network Associates anti-virus software typically follows industry-wide naming conventions to identify the viruses that it detects and cleans. Occasionally, some virus names deviate from strict industry standards.
The first virus with a given set of characteristics that mark it as a distinctly new entity receives a "family" name. Virus researchers draw the family name from some identifying quirk in the virus--a text string, perhaps, or a payload effect.
Names for variants of that first virus consist of the family name and a suffix--<VIRUS>.A, for example. The suffix designations continue in alphabetical order until they reach .Z. At that point, they begin again with .AA and continue until they reach .AZ. Still later variants receive the suffix .BA through .BZ, and so forth, until the suffix designations reach .ZZ. If yet another variant appears after that, it would get the suffix .AAA.
As new virus strains appeared, industry naming conventions evolved to include more information. Some names, for instance, include parts that identify the platform on which the virus originated or can run. Macro viruses, the most prevalent of the virus types, can have a complex names that consists of a number of parts. Although the virus name might identify the platform of origin, most macro viruses are cross-platform and can run in a number of different environments. The effects of a virus infection can vary between platforms, but in a networked environment, what might have no effect on one platform can do severe damage in another.
Among anti-virus vendors, virus names can include:
• PREFIX •
The prefix designates the type of file that the virus infects or the platform on which it can run. Network Associates virus names can include these prefixes:
A97M/ Macro virus. Infects Microsoft Access
97 files
HLL/ File-infector or boot-sector virus.
Written in a high-level language
O97M/ Macro virus. Infects Microsoft Office
files
PP97M/ Macro virus. Infects Microsoft PowerPoint
files
VBS/ Script virus. Infects Visual Basic
scripts
W32/ File-infector or boot-sector virus.
Runs in 32-bit Windows environments
(Windows 95, Windows 98 or Windows NT).
Does not infect Mac OS systems
Win95/ File-infector or boot-sector virus.
Runs in Windows 95 and Windows 98
environments. Does not infect Mac OS
systems
WM/ Macro virus. Infects Microsoft Word 95
files
W97M/ Macro virus. Infects Microsoft Word 97
files
XM/ Macro virus. Infects Microsoft Excel 95
files
X97M/ Macro virus. Infects Microsoft Excel 97
files
XF/ Macro virus. Infects Microsoft Excel 95
or 97 via Excel formulas
• INFIX •
These designations usually appear in the middle of a virus name. Network Associates assigns these designations, which will differ from industry conventions.
.MP. Multi-partite virus. A Network Associates
designation
• SUFFIX •
These designations usually appear as the last part of a virus name. A virus name can have more than one suffix. One might designate a variant, for example, while others give additional information. Network Associates assigns many of these designations, which can differ from industry conventions.
.A to .ZZZ Virus variant designation
.DAM Virus appears damaged or corrupted in
files
.DR Dropper file. This file introduces the
virus into the host program.
.GEN Generic detection. Native routines in
Network Associates software detect
this virus without using specific code
strings
.GR Generic detection and removal. Native
routines in Network Associates software
detect and remove this virus without
using specific code strings
.KIT Virus derived from virus kit generator
INSTALLATION
Network Associates distributes Virus Update files in StuffIt format. To extract the files for installation, you'll need a copy of StuffIt Expander, StuffIt Lite, or another utility that can read and process files saved in StuffIt format. You can download the utilities you need from most electronic services. Most browser software also includes a plug-in version of StuffIt Expander that can extract the files automatically, as soon as you download them.
To install the Virus Update file, download or copy the compressed file to your Macintosh desktop or to a temporary folder on your hard disk. Next, follow these steps:
1. Start your compression application, then use it to open
and extract the Virus Definitions 1999-05-01.sit file.
If you have a copy of StuffIt Expander on your desktop,
you can simply drag the Virus Definitions file on top of
StuffIt Expander to have the file extract automatically.
2. The extracted file will appear on your hard disk with the
name Virus Definitions 1999-05-01. Double-click this file
to start Virex.
Virex will ask you to confirm that you want to update your
Virus Definitions file.
3. Click Update to continue.
Virex will tell you when it has finished updating your file. Click OK to return to the Virex application's main window, where you can immediately start a new scan operation. In the lower left corner of its main window, the Virex application displays the legend Virus Definitions, followed by a date. This date marks the day Network Associates produced or designated this update file for release. For the May 1, 1999 Virus Update, this date is 4/30/99.
Note: By default, the Virex Installer uses the Virus Definition file that comes with it to scan your system. You should
consider replacing this Virus Definition file with a current Virus Update file in order to take advantage of new
detection capabilities.
ADDITIONAL INFORMATION
• AUTOSTART WORMS •
If Virex detects an AutoStart worm on your computer, Network Associates strongly recommends that you restart your system with extensions disabled, then start a scan operation with the Virex application.
To disable your extensions, press the Shift key on your keyboard as you restart your computer. Continue to hold the Shift key until you see the message Extensions Disabled. This prevents the AutoStart worm from loading into your computer's memory and allows Virex to remove it from your system. If you do not disable your extensions, the worm will load into memory and can continue to spread even after you remove its original files from your system.
As an alternative, follow these steps:
1. Choose Virex Control Panel from the Apple menu to
open the control panel window.
2. Click Preferences.
3. Select the General icon at the left of the Preferences
dialog box, then choose either First or Alphabetically
from the Load Control Panel menu.
4. Select the File Access icon at the left of the
Preferences dialog box.
5. Verify that the Scan Files When Opened checkbox is
selected.
6. Click Save to save your settings and return to the
Virex Control Panel window.
7. Close the Control Panel window, then restart your
computer.
Virex will load into your computer's memory first and will remove the worm as it attempts to launch at startup.
To prevent the AutoStart worm from reappearing on your computer or infecting other computers, use Virex to scan all disks that you might have used with an infected computer. If you have the Virex Control Panel's Scan Files When Opened option activated, you can safely mount infected disks for scanning.
If you need to enable additional extensions in order to mount some disk types, you should disable the AutoPlay option in the QuickTime Settings control panel before you restart your computer. Follow these steps:
1. Choose QuickTime Settings from the Apple menu to
open the control panel window.
2. Choose AutoPlay from the menu at the top of the
control panel window.
3. Verify that the Enable Audio CD AutoPlay and the
Enable CD-ROM AutoPlay checkboxes are clear.
4. Close the control panel window.
5. Use Extensions Manager or an extensions manager
utility to enable the extensions you need, then
restart your computer.
DOCUMENTATION
For more information, refer to the users guides for each product included on the CD-ROM or available from Network Associates electronic services. Each product user's guide is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print this document with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product.
To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's website at:
To download documentation for Network Associates anti-virus software, visit the Network Associates FTP site at:
ftp://www.nai.com/pub/manuals/total_virus_defense
Additional contact information appears in the following section.
Documentation feedback is welcome. Send e-mail to tvd_documentation@nai.com.
CONTACTING NETWORK ASSOCIATES
On December 1, 1997, McAfee Associates merged with Network General Corporation, Pretty Good Privacy, Inc.,
and Helix Software, Inc. to form Network Associates, Inc. The combined Company subsequently acquired Dr Solomon's
Software and CyberMedia, Inc.
Network Associates continues to market and support the product lines from each of the former entities. You may
direct all questions, comments and technical support requests to the Network Associates Customer Care department
at any of the addresses or phone numbers listed below.
Contact the Network Associates Customer Care department at:
1. Phone (408) 988-3832
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
2. Fax (408) 970-9727
24-hour, Group III Fax
3. Fax-back automated response system (408) 346-3414
Send correspondence to any of the following Network Associates locations:
Network Associates Corporate Headquarters
3965 Freedom Circle
McCandless Towers
Santa Clara, CA 95054
Phone numbers for corporate-licensed customers:
Phone: (408) 988-3832
Fax: (408) 970-9727
Phone numbers for retail-licensed customers:
Phone: (972) 278-6100
Fax: (408) 970-9727
Network Associates offices outside the United States:
Network Associates Australia
Level 1, 500 Pacific Highway
St. Leonards, NSW
Sydney, Australia 2065
Phone: 61-2-8425-4200
Fax: 61-2-9439-5166
Network Associates Austria
Pulvermuehlstrasse 17
Linz, Austria
Postal Code A-4040
Phone: 43-732-757-244
Fax: 43-732-757-244-20
Network Associates Belgium
Bessenveldtstraat 25a
Diegem, Belgium - 1831
Phone: 32-3-716-4070
Fax: 61-2-716-4770
Network Associates do Brasil
Rua Geraldo Flausino Gomez 78
Cj. - 51 Brooklin Novo - São Paulo
SP - 04575-060 - Brasil
Phone: (55 11) 5505 1009
Fax: (55 11) 5505 1006
Network Associates Canada
139 Main Street, Suite 201
Unionville, Ontario
Canada L3R 2G6
Phone: (905) 479-4189
Fax: (905) 479-4540
Network Associates People's Republic of China
New Century Office Tower, Room 1557
No. 6 Southern Road Capitol Gym
Beijing
People's Republic of China 100044
Phone: 86 10 6849-2650
Fax: 86 10 6849-2069
NA Network Associates Oy
Sinikalliontie 9, 3rd Floor
02630 Espoo
Finland
Phone: 358 9 5270 70
Fax: 358 9 5270 7100
Network Associates France S.A.
50 Rue de Londres
75008 Paris
France
Phone: 33 1 44 908 737
Fax: 33 1 45 227 554
Network Associates GmbH
Ohmstraße 1
D-85716 Unterschleißheim
Deutschland
Phone: 49 (0)89/3707-0
Fax: 49 (0)89/3707-1199
Network Associates Hong Kong
19th Floor, Matheson Centre
3 Matheson Way
Causeway Bay
Hong Kong 63225
Phone: 852-2832-9525
Fax: 852-2832-9530
Network Associates Srl
Centro Direzionale Summit
Palazzo D/1
Via Brescia, 28
20063 - Cernusco sul Naviglio (MI)
ITALY
Phone: 39 (0)2 9214 1555
Fax: 39 (0)2 9214 1644
Network Associates Japan, Inc.
Toranomon 33 Mori Bldg.
3-8-21 Toranomon Minato-ku
Tokyo 105-0001 Japan
Phone: 81 3 5408 0700
Fax: 81 3 5408 0780
Network Associates Latin America
150 South Pine Island Road, Suite 205
Plantation, Florida 33324
United States
Phone: (954) 452-1731
Fax: (954) 236-8031
Network Associates de Mexico
Andres Bello No. 10, 4 Piso
4th Floor
Col. Polanco
Mexico City, Mexico D.F. 11560
Phone: (525) 282-9180
Fax: (525) 282-9183
Network Associates International B.V.
Gatwickstraat 25
1043 GL Amsterdam
The Netherlands
Phone: 31 20 586 6100
Fax: 31 20 586 6101
Network Associates Portugal
Av. da Liberdade, 114
1269-046 Lisboa
Portugal
Phone: 351 1 340 4543
Fax: 351 1 340 4575
Net Tools Network Associates South Africa
Bardev House, St. Andrews
Meadowbrook Lane
Epson Downs, P.O. Box 7062
Bryanston, Johannesburg
South Africa 2021
Phone: 27 11 706-1629
Fax: 27 11 706-1569
Network Associates South East Asia
78 Shenton Way
#29-02
Singapore 079120
Phone: 65 222-7555
Fax: 65 222-7555
Network Associates Spain
Orense 4, 4a Planta.
Edificio Trieste
28020 Madrid
Spain
Phone: 34 91 598 18 00
Fax: 34 91 556 14 04
Network Associates Sweden
Datavägen 3A
Box 596
S-175 26 Järfälla
Sweden
Phone: 46 (0) 8 580 88 400
Fax: 46 (0) 8 580 88 405
Network Associates AG
Baeulerwisenstrasse 3
8152 Glattbrugg
Switzerland
Phone: 0041 1 808 99 66
Fax: 0041 1 808 99 77
Network Associates Taiwan
Suite 6, 11F
No. 188, Sec. 5
Nan King E. Rd.
Taipei, Taiwan, Republic of China
Phone: 886-2-27-474-8800
Fax: 886-2-27-635-5864
Network Associates International Ltd.
Minton Place, Victoria Street
Windsor, Berkshire
SL4 1EG
United Kingdom
Phone: 44 (0)1753 827 500
Fax: 44 (0)1753 827 520
Or, you can receive online assistance through any
of the following resources:
1. Internet E-mail: support@nai.com
2. Internet FTP: ftp.nai.com
3. World Wide Web: http://support.nai.com
4. America Online: keyword MCAFEE
5. CompuServe: GO NAI
To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call:
- Program name and version number
- Computer brand and model
- Any additional hardware or peripherals connected to your computer
- Operating system version number
- Network name, operating system, and version
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where applicable
- Relevant browsers or applications, and their version numbers, where applicable
- How to reproduce your problem: when it occurs, whether you can reproduce it regularly,
and under what conditions
- Information needed to contact you by voice, fax, or e-mail
We also seek and appreciate general feedback.
• FOR PRODUCT UPGRADES •
To make it easier for you to receive and use Network Associates products, we have established a reseller's program to provide service, sales, and support for our products worldwide. For a listing of resellers, see the resellers.txt file or contact Network Associates Customer Care for resellers near you.
• FOR REPORTING PROBLEMS •
Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered is documented, there is no need to report the problem to Network Associates.
If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates with your suggestions or concerns.
• FOR ON-SITE TRAINING INFORMATION •
Contact Network Associates Customer Service at (800) 338-8754.
• NETWORK ASSOCIATES BETA SITE •
Get pre-release software, including .DAT files, through http://beta.nai.com. You will have access to Public Beta and External Test Areas. Your feedback will make a difference.
