The Norton AntiVirus

May Contain an Unknown Virus

Norton AntiVirus Detect Unknown Virus option actually detects changes in
files.  Since viruses change files by adding viral code to them, it is
possible for a change in a file to be caused by an unknown virus.  It is also
possible that the file was changed on purpose.  When you get the unknown
virus message, ask yourself if there is a reason the file should be different
from what it was last time you used it. Did you install a new version?  Does
this particular program alter its own EXE file?  If the file has changed for
a reason then all you need to do is reinoculate the file. You may do this at
the prompt that says you may have an unknown virus.   Also from the TOOLS
menu in the antivirus program (2.0 or later) or run NAV /REFRESH and scan
the drive, which will reinoculate the entire drive.  If you are on a network,
remember that files may have changed unbeknownst to you.  If you are in a
situation where files change regularly, you may wish to turn off Detect
Unknown Viruses.  Just make sure you keep up to date with the latest program
updates and virus definitions.

If there is no reason the file would have changed, then you may have an
unknown virus.
	
What To Do If You May Have an Unknown Virus

	The first thing to do is make sure you have the latest version of the
Norton AntiVirus.  The second thing is to make sure you have the latest virus
definitions.  See the fax document on virus definitions for more information.
Virus definitions are updated the first week of each month.  If  you are
still finding an unknown virus on your system, you will need to create a disk
to send to our Virus Detection Lab.  If there is a virus, we will find it.
	
	
How to send a disk to the Virus Detection Lab

Follow these instructions to send a disk that may contain an unknown virus
to the virus detection lab.

	1	Boot the allegedly infected system from its own hard drive
                as you normally would. You may need to deactivate the
                Norton AntiVirus Intercept in order to avoid Unknown Virus
                messages.  You may do this by holding down both shift keys
                during the boot process or by remarking the statement that
                runs the intercept in your CONFIG.SYS file.
	
	2	Format a floppy in drive  A with the system by typing
                FORMAT A:/S.  If your A drive is not 5.25" but your B
                drive is, then do the same for drive B and send us both
                disks.
	
	3	Copy the following files to the floppy from the DOS directory
                of the suspect system.

                     MODE.COM        TREE.COM        MEM.EXE PRINT.EXE
	
	4	Log to the A drive by typing A:

        5	Kill the path by typing  PATH
		(Note that there is a semi-colon after the word PATH)
	
	6	Run MODE.COM.
	
	7	Run MEM.EXE.
	
	8	Label the disk with your name, address, and telephone number. 
	
	9 	Send disk(s), together with a letter describing
                all symptoms and screen captures, to:

		SYMANTEC CORP
		NAV LAB
		2500 BROADWAY, SUITE 200
		SANTA MONICA, CA 90404

Some Notes on the Use of This Service:

	1.	It generally takes one week for the lab to examine your disk
                and respond.

	2.	All disks become property of  Symantec and will be destroyed.

        3.      DO NOT write the words CONTAINS LIVE VIRUS on the mailer
                (trouble with the post office).

	4.	This is a free service provided to Norton AntiVirus customers.
	
	Note: 	The latest version of Norton AntiVirus is 3.0 and is
                available through Customer Service at 800-441-7234.
	
 






