Help for Anti-Virus Copyright 1992 by Central Point Software Inc. about action activity against anti-Stealth anti-Virus appears automatically available bottom button cHKLIST.MS changed changes change checklist checksums checksum choose choosing cleaned clean click close command confirm continue created create current database delete detected detect dialog directories directory displayed displays drive during error executable file's files floppy found function glossary highlighted highlight hyperlinks hyperlink infected infection information integrity letter memory message microsoft mouse operation options option original other panel pressing press printer programs program report return scanned scans sector selected select shows signature system there topics unknown update using verify viruses virus while window without Index Topics GoBack Print FZPSPT Sorry, ;is not for gtopic. Please ESC to gscreen or TF4 to view a ifor Index PZGetting You can get 7anywhere vin a The *depends on what you were doing qyou accessed ;. If you were in a &box, ;tells you Scrolling If a ;page contains dthan can fit in the tat once, use the PGUP and PGDN UP and DOWN arrow D) to scroll din the t. If you L, you can use the scroll bar at the right. The end of the indicated by a blue horizontal line. vin most ts, you can access ts by >. A a word or phrase eis connected ( gconnection is invisible to the user) to eprovides the chosen ?. To ?, use the TAB or cursor move the =er among >(END takes you to the last and HOME takes you to the first), then TENTER. If you L, just point and +the associated eword or phrase on wscreen. f, you can F5 to Yto the previously viewed t, or TF3 to 1the cand Yto the application. Related >located at the left of some ts take you to a related topic of the ;. For example, the related topic in is "Special display a Dfor General >located at the right of some ts take you to a Kgeneral topic of the Control PZThe cControl H is TAlt+SPACE or Alt+F4 containing copyright specific to the W. To Yto the box or TESC. &box which asks you to eyou 1the W. Double- box to bypass the cControl Hand Sample gis a sample eillustrates how >can be used to move you quickly throughout a word or phrase transports you to an eprovides topic. To Yto the were just viewing, ?ed word " Y". In case, you can also the general topic (located at the right of t), " ;", to Yto the previously viewed Basic Skills &Boxes PZYou can leither pull-down Hs or the at the of the screen. lthe keyboard: 1. TF10 to activate the Horizontal HBar. 2. TALT and the Eof the Tthe first Eof the or use the arrow =the pand TENTER. If the +a sub 7it in the same way as noted above. lthe Point to the main N, etc.), then Tand hold the left , drag the pointer to the pon the H, and release the . If you wmind and don't pto make a _ion, drag the pointer outside the Hand release. 7the IBar: Tthe 8key associated vthe (F1, F2, etc.) Use the - Basic Skills &Boxes &boxes allow you to enter ethe Wneeds before continuing. fare six types of &box Lets you _one of several Sthe ing the vthe _ing any one Oturns off all in the same group. Checkbox Lets you toggle an independent on or off by Sthe ing it the [..] Lets you enter d, such as a name or dto search for. Type the dand TTAB to move to the next Oor ENTER to proceed &box. [-A-] Scrolling Lets you _an item [-B-] =ing it and SENTER or ing it vthe Carries out an s the &box. TTAB or SHIFT-TAB to cycle through the s, then the Eof the TENTER to . EXIT and CANCEL terminate the rCONTINUE goes to the next step of the Arrow You can the up or down arrow the increase or decrease the adjacent value by one. For example, you might adjust an alarm lthe arrow To leave a &box, -usually OK, CONTINUE, or the name of the To leave a &box and cancel the the EXIT or CANCEL TESC, or use the box in the top-left corner. 7 Basic Skills Basic Skills . Index Index A - B C - D Check All %and Disable Alarm Sound ,Line E - H I - R Last Pause UReady Prompt S - T _New U - Z $and PZ F1 ;gives ;on the &box. ,lets you #removes lthe 7the Line. 1quits Ys to DOS. %looks for `the in the MSAV can fixes the damage done to o A ecopies itself to the a computer's hard or nreplace the vtheir own code so ethe ois always loaded into Gbefore anything else. Once G, the ocan spread to If the Ois on, 4contains a !of records in the (, including 2size, attributes, ", and called . If a 4already exists for the (, any added to the (are added to the A value derived 7the 2size, attributes, ", and 4infectors The most common type of 4infectors add their ocode to 3(.COM, .EXE, .SYS, etc.). Once the ois executed, it spreads to Immunize Protect adding a small amount of code to them. Once immunized, a 4has its own anti- capabilities allowing it to notify you of any emay occur. If a the immunized 4can itself, to its Pstate. Trojan horse A type of eis disguised as a legitimate W. Trojan horses are much apt to destroy 3or damage )s than Variant ly related form of an Although the variant is similar, its code and aare different enough 7the strain to need a unique ing routine. Wdesigned to replicate and spread on its own. VSafe G-resident utility emonitors cfor suspicious . If it such , VSafe +a warning giving you the opportunity to M, restart the c, or cancel the VSafe Ncan be set by MSAV.EXE. (MSAV.EXE) protects software parasites in two ways. If chas already become you can use %and over 1000 different can also %and remove a suspect 4--an ehas in some way and which may be @by an [the entire work ,for n. 100% A progress percentage of You can interrupt the 100% SESC, by SF3, or by ing F3. If a sounds an alarm and 6and a suggested solution. qthe entire ,has Z, the $and PSPT %and work 100% nand removes any nit finds. A progress `the percentage of 'and 100% Z. You can interrupt the \at any SESC. If a ks the Last Taken qthe entire ,has Z, the $and 6and PSPT _New allows you to qyou , the ,line is ,icon vthe arrow D, then TENTER, OR Tthe E, OR ,icon. The Barea at the of the screen `the work Setting allows you to configure MSAV's Check All Disable Alarm Sound Backup Prompt Oalerts you to 3based on the by the alert provides wbest defense new, ^along vthe uses a special, low-level ochecking routine to enhance the %ion of the Stealth family of PSPT ^, a 4called (as it is 4contains a B, called on the (including 2size, attributes, ", and If a 4already exists for the adds Bto the 4for any added to the The default for Ois on. ^along (on a )as it Ois useful for creating 9) of )s before write-protecting the Once the , write-protect the )and turn Ooff. Subsequent [of the scompare their snot attempt to kthe . If Ois on \ning a write-protected 5, a *indicating cannot write to the Disable Alarm Sound PZIf you do not pa sound played qa warning O. The sound is useful for getting attention, but not required qyou're PSPT Backup ^, a backup is made of any obefore the . The backup sbe renamed vthe extension .VIR. Ocan be dangerous, however, because it means a 4remains on ). You should only use Oif, for example, the wonly copy of a Wand you're so desperate eyou'd rather use an Wthan not :it at all. 4after any is taken in named MSAV.RPT, is an ASCII 4located in the root of the ^work ,. Here is a sample osearch Xfor ": mm/dd/yy, hhh:mm:ss. Total FOUND:# Total n REMOVED:# Total CHECKED:# Total FOUND:# Total REMOVED:# END OF REPORT. Prompt ^, a &box is qever an %ion. fyou can repair urepairing the 4, or ^, the Mgoes to the end bping to give you choices in a &box. The default for Ois on. protects looking for any eoccur to 3. Stealth n, however, can evade gprotection method by la special technique which allows them to infect uoutwardly changing them. caused by jStealth Oin addition to the sthen use a low-level verification technique %s the to Stealth- The default for Ois off because fis a small performance penalty Check All ^, all sbe checked for qturned off, only sbe checked. 3end vthe extensions EXE, COM, OVL, OVR, SYS, BIN, APP, or Ys to the DOS prompt or whatever Wlaunched it. qyou are asked to eyou 1the _the Save Configuration Oto save any made to the work gsession. $and `the results of the %and \. The table `how many )s and 3of various types were checked, how many were n, and how many were of their At the of the table, `how long the checking and ing took. OK to &box and Yto the &box asks you to eyou Wand if so, whether to save the configuration settings. 1to leave the Wor Cancel to remain in Check All &box after you the Check All 7the &box asks you to eyou ). These 3store (see If you #the 3to save )space, make sure you also turn off the in the H. If you don't, the sbe re- . For maximum confidence, #the periodically. Pause PZYou can interrupt rit is \ning SESC. bto end the to finish the Fatal &box happens upon an /serious enough ethe Wcannot &box 1ing , if it gsession. removes the o, but it's always a good idea to re wPC after finding ing a o, to make sure the ois eradicated not just 7the ), but &box indicates (see 9) has c. We strongly recommend you to remove the oand prevent further to ignore the oand \ning the remaining \and Yto the JAnti- oAlabama was 6in: APPNAME.EXE to remove the 7the restore it to its Pcondition, so cwon't be to ignore the oand \ning the remaining bthe \and Yto the #the UReady +the UReady &box to make sure the Uis ready before proceeding. ,Line PZThe ,line indicates the ,icons in the ,icon <. To ,, hold down CTRL Sthe E, or ,icon. The sbe the one Zand PZThe Rindicates the last M, if any. If you pto find particular c, you can open the Last PZThe Last Rtells you what was most recently taken #d, renamed, verified, immunized, or disimmunized), and the occurred. PSPT PZAfter performs an , a summary of is recorded in the log. The log holds a maximum of 200 entries. glimit is r .ed, the oldest entry ha new is recorded. PZThe Fof all the nrecognized . The Pname for the in the first column Qnames for the o(if any) appear indented underneath it. The number of variants the in the far right column. Kdetailed Bon a particular =it in Fand Info or Y. You can search the Ffor a particular oby entering the oname in the blank field. =the ecomes st to matching wentry. You can then get detailed Bon the Info or You can also print the entire Fif you wish. oCharacteristics PZThe oCharacteristics tprovides the following Size 3it attacks Gresident? Side Effects Wrong DOS Version PZThe version of DOS you are lis not supported by JAnti- requires DOS 3.3 and later. UNot Ready cannot access U. Make sure Uis turned on, loaded vpaper, and connected to computer. fis not enough to complete the . Try removing TSR )-related /has occurred. ohas $but could not be removed 7the Please contact getting an JAnti- alerts you 2size or 4: APPNAME.EXE has . Since Attribute: generally don't 23:09:14 09:07:18 gcould 03/27/90 02/27/91 indicate Size 139793 139743 by an FF4C FDF2 kmarks the in the !as permanent Is are not -subsequent Oif you know why 4was #removes the 4. Unless you know why the ,you should #it and re-install 7the resumes the uupdating the data base. bcancels the uupdating the mFailed alerts you 4: APPNAME.EXE has . Since generally don't Attribute: gcould 23:09:14 09:07:18 indicate 03/27/90 02/27/91 by an Size 139793 139743 FDF2 FDF2 kmarks the in the Repair !as permanent Is are not subsequent Oif you know why the Repair resets the "and hto their 7) values. Oif you know why the resumes the uupdating the data base. bcancels the uupdating the GFor Exceptions fis insufficient Gto add an exception to the F. Try freeing Gby removing TSR PZThe log cannot be *. Check wMSAV see if the 4was GFor Log fis insufficient Gto display the log. Try freeing Gby removing TSR Wrong PZThe ayou :entered is incorrect. data you :entered is correct. Contact Jif the problem persists. PZYou are attempting to 4. Deleting cause serious problems including not being able to if you a new o. The data describes the a"--the unique set of hexadecimal characters edistinguishes it Vor pieces of code. &box ohas done so much damage to eit cannot be recovered. Because vital Bhas destroyed, is unable to restore the 4to its Pcondition. #the 7the \is completed, restore the wmost recent backup, and run again to \for &box qyou :entered a new in the Fto allow to recognize a new gdoesn't enable or remove the new o, however. +the &box to ethe new VIRSIGS 4you put in wMSAV 6and the Fwas