********************************************************************************
Norton AntiVirus 2003 for Windows 98/ME/2000/XP
Copyright © 2002 Symantec Corporation.  All rights reserved.	
README.TXT	                                                   August 2002

********************************************************************************
HOW TO USE THIS DOCUMENT
********************************************************************************
To view README.TXT on screen in Notepad or WordPad, maximize the
Notepad or WordPad window.

To print README.TXT in Notepad or WordPad, choose Print from the File
menu.  If you use another word processor, select the entire document
and format the text in 10-point Courier before printing to ensure
proper spacing.

To print README.TXT from the DOS prompt, type COPY README.TXT PRN:

********************************************************************************
NORTON ANTIVIRUS REPAIR TOOLS INFORMATION
********************************************************************************
This file describes the contents of the Repair folder. The following topics
are discussed:

* FixUpdr.exe
  ---------------
Backdoor.Autoupder is a backdoor program that can be used as a distribution 
mechanism by worms or other malicious programs. 

To obtain additional information about this threat, visit:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.autoupder.html

* FixBadTr.exe
  ------------
This is a MAPI worm that replies to all unread messages in your email message
folders and drops a backdoor Trojan.

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.removal.tool.html

* FixBuddy.exe
  ------------
This tool removes the Trojan horse known as AOL.Trojan.32512. This
Trojan horse is also known as "BuddyList." The tool only works in
Windows 95/98. Therefore, running it in Windows NT is not 
recommended. You can run it from a floppy disk or copy it to the
hard disk and run it from there. Only one file, Fixbuddy.exe, is
required. Execute the file to clean a system infected with BuddyList.
You need not restart the computer after executing the tool. Scan the
entire hard disk with Norton AntiVirus after running this tool to
ensure that no other copies of this Trojan horse exist on the 
computer.  

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/buddyremoval.html

* FixCRed.exe
  -----------
The CodeRed removal tool provides the CodeRed I and II removal and
performs the vulnerability assessment of your computer. Symantec is
providing what it believes to be a safe, reliable and secure utility
to remove the effects of a CodeRed infection. 

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/codered.removal.tool.html

* FixFreth.exe
  ------------
Symantec Security Response has created a fixtool to repair infections
of all known W32.Frethem variants. This includes W32.Frethem.A@mm 
through W32.Frethem.O@mm.

To obtain additional information about this threat, visit:
http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem.removal.tool.html


* FixFun.exe
  ----------
FixFun.exe is a tool for removing W32.FunLove.4099. It is a 16-bit
DOS program, which means it cannot be digitally signed. You must
boot to DOS before running this tool; you cannot run it in a DOS
Window in Windows.

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/dos.funlove.4099.fix.tool.html


* FixGibe.exe
  -----------
W32.Gibe@mm is a worm that uses Microsoft Outlook and its own SMTP engine to
spread. This worm arrives in an email message--which is disguised as a Microsoft
Internet Security Update--as the attachment Q216309.exe. The worm also attempts
to copy itself to all locally mapped remote drives.

To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.removal.tool.html


* FixGoner.exe
  ------------
W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. 
The worm has been compressed using a known Portable Executable (PE)* 
file compressor. The worm can spread its infection using the ICQ network
as well as by email using Microsoft Outlook. If IRC is installed, this
worm can also insert mIRC scripts that will enable the computer to be
used in Denial of Service (DOS) attacks. The IRC channel used for 
controlling the worm is currently blocked preventing this functionality.

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.goner.a@mm.removal.tool.html

* FixHappy.exe
  ------------
The FIXHAPPY tool is designed to safely remove Happy99.Worm 
(a.k.a. W32.Ska) files and restore the WSOCK32.DLL in Windows systems.

To obtain additional information about this threat, visit:   
http://www.symantec.com/avcenter/venc/data/fix.happy99.worm.html

* FixHptme.exe
  --------------
The VBS.Haptime Fix tool removes the changes that were made to a
computer by the VBS.Haptime.A@mm and VBS.Haptime.B@mm worms. 

To obtain additional information about this threat, visit:   
http://www.symantec.com/avcenter/venc/data/vbs.haptime.fix.html

* FixHybf.zip
  -----------
The W95.HybrisF Fix tool will repair the infection caused by 
W95.HybrisF. NOTE: This removal tool only works to remove the 
specific plugin named W95.Hybrisf. It will not clean up a system
infected by the W95.Hybris.plugin, W95.Hybris.gen or W95.Hybris.worm.

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w95.hybrisf.fix.html

* FixKak.exe
  ----------
The Wscript.KakWorm repair tool works only under Windows 95/98 or
Windows NT. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/wscript.kakworm.fix.html

* FixKakb.exe
  -----------
The KAK.Worm.B fix tool only works under Windows 95/98/NT 
operating systems. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/kak.worm.b.fix.html


* FixKlez.com
  -----------
W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy 
itself into folders on both local and network drives. 

To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html


* FixKriz.exe
  -----------
The Fixkriz.exe utility is a preventive measure against the 
W32.Kriz virus. It will not repair damage done after the virus has
been launched. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.kriz.fix.html

* FixLife.exe
  -----------
The FIXLIFE tool is designed to remove the changes to a computer
system caused by VBS.Stages.A worm.  

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/fix.vbs.stages.html

* FixLove.exe
  -----------
The VBS.LoveLetter Fix tool removes the changes that were made to a
computer by all known versions of the VBS.LoveLetter worm except
VBS.LoveLetter.CA, VBS.LoveLetter.BJ, VBS.LoveLetter.BM and 
VBS.LoveLetter.AS. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/fix.vbs.loveletter.html

* Fixmagi.com

W32.Magistr.24876@mm is a virus that has email worm capability. It is
also network aware. It infects Windows Portable Executable (PE) files,
with the exception of .dll system files. It sends email messages to
addresses that it gathers from the Outlook/Outlook Express mail folders
(.dbx, .mbx), the sent items file from Netscape, and Windows address 
books (.wab), which are used by mail clients such as Microsoft Outlook
and Microsoft Outlook Express. The email message may have up to two 
attachments, and it has a randomly generated subject line and message body.


To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.removal.tool.html


* FixMlife.exe
  -----------
W32.MyLife.C@mm is a mass-mailing worm that emails itself to all email
addresses in the Microsoft Outlook address book and the MSN Messenger 
contact list. It arrives as the attachment List.TXT.scr.

To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife.removal.tool.html

* FixMtx.exe
  ----------
This tool repairs damage done by the W95.MTX virus. Due to the
nature of this virus, some files will not be repairable. The
unrepairable files must be restored from clean backup copies, or
from the original distribution disks. 

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/w95.mtx.fix.tool.html

* FixNavid.com
  ------------
This tool repairs damage done by the W32.Navidad worm and the
W32.Navidad.16896 worm variant. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.navidad.fix.html

* FixNimda.com
  ------------
W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods
to spread itself. The name of the virus came from the reversed spelling
of "admin". The worm sends itself out by email, searches for open 
network shares, attempts to copy itself to unpatched or already 
vulnerable Microsoft IIS web servers, and is a virus infecting both local
files and files on remote network shares. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.removal.tool.html

* FxNimdaE.com 
  -------------
W32.Nimda.E@mm is an new version of W32.Nimda.A@mm that contains bug-fixes
and other modifications, which are designed to prevent detection of this
variant by antivirus programs.

To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html


* FixPotok.exe
  ------------
The VBS.Potok@mm Fix tool deletes the files dropped by the 
VBS.Potok@mm worm and repairs files removing VBS.Potok@mm streams. 

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/vbs.potok@mm.removal.tool.html

* FixPpark.exe
  ------------
This worm program behaves similarly to Happy99 Worm. The FIXPPARK.ZIP
contains two files: fixppark.com and psapi.dll. Both fixppark.com and
psapi.dll are required for this tool to function properly on 
Windows NT. If running on Windows 95/98, only fixppark.com is 
required. The files can be run off the floppy disk or copied to the
hard disk and executed to clean a system infected with 
PrettyPark.Worm. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/fix.prettypark.html

* FixQaz.exe
  ----------
This tool repairs the damage done by the W32.HLLW.QAZ.A virus. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.fix.html

* FixSirc.com
  -----------
The W32.Sircam.Worm@mm Fix tool deletes the files infected with the
W32.Sircam.Worm@mm worm and removes the changes that were made
to a computer by this virus. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html

* FixStrm.exe
  -----------
The W2K.Stream Repair Tool detects W2K.Stream and repairs the 
damage, if possible. 

To obtain additional information about this threat, visit: 
http://www.symantec.com/avcenter/venc/data/w2k.stream.repair.tool.html

* FixYaha.com
  -----------
W32.Yaha.F@mm is a mass-mailing worm that sends itself to all email addresses
that exist in the Microsoft Windows Address Book, the MSN Messenger List, 
the Yahoo Pager list, the ICQ list, and files that have extensions that 
contain the letters ht. The worm randomly chooses the subject and body 
of the email message.

To obtain additional information about this threat, visit: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html


* Kill_CIH.exe
  ------------
The KILL_CIH tools was designed to remove the virus from memory to 
avoid rebooting from a clean system disk. 

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/kill_cih.html

* Kill_EZ.exe
  -----------
Worm.ExploreZip is a worm that contains a malicious payload. The 
worm utilizes Microsoft Outlook, Outlook Express, Exchange to mail
itself out by replying to unread messages in your Inbox. 

To obtain additional information about this threat, visit:
http://www.symantec.com/avcenter/venc/data/kill_ez.html

********************************************************************************
                                  END OF FILE
********************************************************************************