Media Share 8

home *** CD-ROM | disk | FTP | other *** search

/ Media Share 8 / MEDIASHARE_08.ISO / install / mcafee / clean111 / clean111.doc < prev next >

Wrap

Text File | 1994-01-14 | 21KB | 551 lines

CLEAN-UP Version 9.21V111 Copyright (C) 1990 - 1994 by McAfee Associates All rights reserved. Documentation by Aryeh Goretsky. McAfee Associates, Inc. (408) 988-3832 office 2710 Walsh Avenue, Suite 200 (408) 970-9727 fax Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines) U.S.A USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE InterNet support@mcafee.COM America Online MCAFEE TABLE OF CONTENTS: SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2 - What is CLEAN-UP? - System Requirements AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2 - Verifying the integrity of CLEAN-UP WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .3 - New features and viruses added in this release OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3 - General description of CLEAN-UP OPERATION and OPTIONS . . . . . . . . . . . . . . . . . . . . .5 - How to use CLEAN-UP, detailed explanation of switches EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .7 - Samples of frequently-used options REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .8 - How to register CLEAN-UP TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .8 - Information to have ready when calling for tech support APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . .9 - Foreign language support for CLEAN-UP Page 1 CLEAN-UP Version 9.21V111 Page 2 SYNOPSIS CLEAN-UP (CLEAN) is a virus disinfection program for IBM PC and compatible computers. CLEAN searches through the partition table, boot sector, or files of a PC to remove viruses specified by the user. In most instances, CLEAN repairs infected areas of the system, restoring them to their pre-infected state. CLEAN removes all viruses identified by the current version of VIRUSCAN. CLEAN can also remove new or unknown viruses using recovery information stored by SCAN [See VIRUSCAN's documentation for details]. CLEAN runs on any PC with 480Kb and DOS 2.00 or above. AUTHENTICITY CLEAN performs a self-test when run. If CLEAN has been modified in any way, a warning will be displayed. However, CLEAN is still able to remove viruses. If CLEAN reports it has been damaged, a new, undamaged copy should be obtained. CLEAN is packaged with VALIDATE, a program to check the integrity of CLEAN.EXE. The VALIDATE.DOC file explains its usage. The VALIDATE program distributed with CLEAN may be used to check new versions for tampering or damage. The validation results for Version 111 should be: FILENAME: SIZE: DATE: CHECK METHOD: CLEAN.EXE 192,959 1-14-94 M1: 1969 M2: 0E47 If your copy of CLEAN.EXE differs, it may have been modified. Always obtain CLEAN from a known source. The latest version of CLEAN and validation data can be obtained from McAfee Associates' BBS at (408) 988-4004, from the McAfee Virus Help Forum on CompuServe (GO MCAFEE), by anonymous ftp from the mcafee.COM site on the Internet, and from the McAfee area on America Online. All of McAfee Associates' programs are archived with Version 2.04g of PKWare's PKZIP Authentic File Verification. When unzipped with Version 2.04g of PKWare's PKUNZIP program, an "-AV" will be displayed after each file is unzipped and an "Authentic files Verified! # FZW807 McAFEE ASSOCIATES" will appear once all files are unzipped. NOTE: If you do not receive the Authentic File Verification messages, you may be using a different version of PKUNZIP, such as V1.10 or 1.93A. Use PKUNZIP Version 2.04g to unzip files if you wish to have Authenticity Verification displayed as files are unzipped. CLEAN-UP Version 9.21V111 Page 3 WHAT'S NEW Version 111 replaces Version 109. Version 110 was only used for beta-testing. This release adds disinfection of six viruses: the 592, Ganeu, Khobar, Spanish Holidays, Thriller, Unbx, and Volkov viruses. Beginning with Version 111, all files are now archived with PKZIP Version 2.04g. CLEAN displays messages in English (default); refer to APPENDIX C for information on displaying messages in other languages. Please refer to the enclosed VIRLIST.TXT file for a short description of the new viruses. For more detailed descriptions, please refer to Patricia Hoffman's virus summary listing (VSUM). OVERVIEW CLEAN searches the system for viruses to remove. When an infected file is found, CLEAN isolates and removes the virus and in most cases repairs the infected file and restores it to normal operation. If the file is infected with an uncommon virus, CLEAN displays a warning message asking whether to overwrite and delete the infected file. Erased files are non- recoverable. Before running CLEAN, verify the infection with VIRUSCAN. SCAN will locate and identify the virus and provide the I.D. code used by CLEAN. The I.D. is displayed inside the square brackets, "[" and "]." For example, the I.D. code for the Jerusalem virus is displayed as "[Jeru]". This I.D. must be used with CLEAN to remove the virus. The square brackets "[" and "]" MUST be included. If SCAN finds an unknown virus in a file that has had validation or recovery data stored for it, it will warn that an infection has occurred. It will not, however, display an I.D. code. NOTE: When CLEAN is run with the /GENERIC or /GRF options to disinfect files or system areas based on recovery information stored by SCAN, no I.D. code should be used. Please refer to the VIRUSCAN documentation for instructions in adding recovery information to your system. CLEAN-UP Version 9.21V111 Page 4 Listed below are the viruses that CLEAN-UP is capable of repairing and restoring the infected programs or system areas: 555 592 644 696 730 748 855 1008 1024 1139 1241 1253 1339 1554 1575*+ 1757 1992 2014 2560 2878 2936 4096*+ Air Cop* Alabama+ Alameda Antitelefonica Athens Azusa Barrotes Barrotes 2 Beeper Black Monday+ Bloody! Boat Boys Bubonic Cansu Cartuja Cascade*+ Chemnitz Chile Mediera Chinese Blood Coahuila Creeper Curse Dark Avenger*+ DataLock+ December 28+ Devil's Dance Dir-2 Disk Killer* Dodo2 EDV* Empire* Enigma EXEBug1 EXEBug2 Fellowship+ Filler Fish+ Flash Flip*+ Form Ganeu Generic Boot Generic MBR Ghost Green Caterpillar Haifa Holocausto Invader*+ Invisible Man Irish_3 James Bond Jerusalem*+ Joshi KeyPress*+ Khobar Korea* Lazy Lehigh Liberty+ Lisbon* Little Girl2 Little Girl3 Loa Duong Loren M128 Maltese Amoeba Mardi Bro.'s Math Test Michelangelo Monkey Mosquito Multi-2 Murphy*+ Music Bug Nomenclature Pakistani Brain*Paradise Pegg Perfume Ping Pong* Plastique*+ Possessed Print Screen-2* R-11+ SBC Slayer Slow+ Spanish Holiday Stoned* Striker+ Sunday+ Sunday2+ SVC+ Taiwan 3+ Taiwan 4+ Tecla Tequila Thriller Tokyo Topo Traceback/3066 Troi Tuesday Typo Boot Unbx V800 V-801 VACSINA*+ Vienna* Violator*+ VirDem Viva Mexico Volkov XTAC Whale*+ Yankee Doodle*+ ZeroBug *Denotes virus with more than one strain +Denotes virus which attaches to overlays AN IMPORTANT NOTE ABOUT .EXE FILES: Some viruses damage .EXE files when they infect them if the .EXE file loads overlays internally. CLEAN will truncate sich files when cleaning them. If a file no longer runs after being cleaned, replace it from the original disk or virus-free backups. AN IMPORTANT NOTE ABOUT PARTITION TABLE VIRUSES (e.g., Stoned): Removing a partition table virus such as the Stoned virus can cause loss of the partition table on systems partitioned with third-party disk partition programs. As a precaution, back up all critical data before running CLEAN. Loss of the partition table can result in the LOSS OF ALL DATA ON THE DISK. CLEAN-UP Version 9.21V111 Page 5 OPERATION and OPTIONS IMPORTANT NOTE: TURN OFF YOUR PC AND BOOT FROM A CLEAN DOS SYSTEM-BOOTABLE DISK BEFORE BEGINNING. RUN CLEAN FROM A WRITE-PROTECTED DISK TO PREVENT INFECTION OF THE CLEAN.EXE PROGRAM FILE. Power down the infected system and boot from a clean, write-protected system-bootable diskette. This insures that the virus is not in system memory and prevents reinfection. After cleaning, power down the PC, boot from the system disk, and run VIRUSCAN to ensure the system has been successfully disinfected. After cleaning the hard disk, copy the SCAN and CLEAN programs on to it and check all floppy disks that have been in contact with the system. CLEAN displays the name of infected files or system areas, the virus found, and reports a "successful" disinfection for each virus removed. If a file has multiple infections, CLEAN will report the virus has been removed successfully for each infection. Select valid options for CLEAN-UP from the list below: CLEAN {drive(s)} [virus I.D.] {options} ^ | `---- NOTE: The square brackets "[" and "]" are required around the I.D. code. Options are: {drives} - indicate drive(s) to be cleaned [virus I.D.] - Virus identification code provided by SCAN when a virus is detected (See the VIRLIST.TXT file for a complete list.) /A - Check all files for viruses /AD{x} - Clean all drives {L = Local, N = Network} /GENERIC - Clean unknown viruses (see below for specifics) /GRF {filename} - Clean unknown viruses using recovery data file {filename} /MANY - Check multiple disks for viruses /NOEXPIRE - Do not display expiration notice /NOPAUSE - Disable screen prompting /REPORT {fname} - Create report file {fname} CLEAN-UP Version 9.21V111 Page 6 /A - This option checks all files on the drive(s) scanned and also examines a greater portion of files. This substantially increases the amount of time required to check disks and also increases CLEAN's ability to detect viruses infecting overlay files. It is recommended this switch only be used when an overlay-infecting virus is found. /AD{x} - This option cleans all drives of viruses. If /ADL is used, all local drives are checked, including compressed drives and CD-ROM's. If /ADN is used, all networked drives are checked. To clean local and network drives, use /AD by itself. /GENERIC - This option is used to clean files or system areas that have been infected with a new (unknown) virus. For /GENERIC to work, recovery information must have been stored prior to infection by VIRUSCAN's /AG option. No virus I.D. code is required when using the /GENERIC switch. /GRF {filename} - This option is used to clean files or system areas that have been infected by a new (unknown) virus. For /GRF to work, recovery data and validation codes must have been saved by VIRUSCAN's /AF option to {filename}. No virus I.D. code is required when using the /GRF switch. /MANY - This option is used to clean multiple disks placed in the same drive. If you have more than one floppy disk to check for viruses, the /MANY option allows you to check them without running CLEAN multiple times. /NOEXPIRE - This option disables a warning message that CLEAN displays after seven months warning that it may no longer be current with respect to known viruses. /NOPAUSE - This option disables the "More? (H = Help)" prompt displayed when CLEAN fills up a screen with 24 lines of text. This allows CLEAN to be run on PC's with severe infections without user assistance. /REPORT {filename} - This option saves the output of CLEAN to {filename} in ASCII text format. If {filename} exists, CLEAN will erase it and create a new report CLEAN-UP Version 9.21V111 Page 7 EXAMPLES The following examples show different option settings: CLEAN C: D: E: [JERU] /A To remove the Jerusalem virus from drives C:, D:, and E:, searching all files for the virus CLEAN A: [STONED] To remove the Stoned virus from the disk in drive A: CLEAN C:\MORGAN [DAV] /A To remove the Dark Avenger virus from subdirectory MORGAN on drive C:, searching all files for the virus CLEAN B: [DOODLE] /REPORT C:YNKINFCT.TXT To remove the Yankee Doodle virus from drive B: and create a report named YNKINFCT.TXT on drive C: CLEAN C: /GENERIC To remove an unknown virus from drive C: using recovery data stored by SCAN's /AG option. CLEAN C: D: /GRF A:\SCANCRC.CRC To remove an unknown virus from drives C: and D: using recovery data stored by SCAN's /AF option. CLEAN-UP Version 9.21V111 Page 8 REGISTRATION A registration fee of US$35.00 is required for the use of CLEAN-UP by individual home users. Registration entitles the holder to unlimited free upgrades from McAfee Associates' BBS, CompuServe Forum, and Internet node as well as technical support for one year. When registering, a diskette containing the latest version may be requested for an additional US$9.00. Only one diskette mailing will be made. Registration is for home users only and does not apply to businesses, corporations, organizations, government agencies, or schools, which must obtain a license for use. Contact McAfee Associates directly or an Authorized Agent for more information. TECH SUPPORT For fast and accurate help, please have the following information ready when you contact McAfee Associates: · Program name and version number. · Type and brand of computer, hard disk, plus any peripherals. · Version of DOS plus any TSRs or device drivers in use. · Printouts of your AUTOEXEC.BAT and CONFIG.SYS files. · A printout of what is in memory from the MEM command (DOS 4 and above users only) or a similar utility. · The exact problem you are having. Please be as specific as possible. Having a printout of the screen and/or being at your computer will be helpful. McAfee Associates can be contacted by BBS, CompuServe, FAX, or InterNet 24 hours a day, or by telephone at (408) 988-3832, Monday through Friday, 7:00AM to 5:30PM Pacific Time. McAfee Associates, Inc. (408) 988-3832 office 2710 Walsh Avenue, Suite 200 (408) 970-9727 fax Santa Clara, CA 95051-0963 (408) 988-4004 BBS (25 lines) U.S.A USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE Internet support@mcafee.com America Online MCAFEE If you are overseas, there may be an Authorized McAfee Associates Agent in your area. Please refer to the AGENTS.TXT file for a listing of McAfee Associates Agents for support or sales. CLEAN-UP Version 9.21V111 Page 9 APPENDIX A: CLEAN-UP'S FOREIGN LANGUAGE SUPPORT CLEAN-UP can display messages in a foreign language by reading in a replacement set of messages from an external file named MCAFEE.MSG. When the MCAFEE.MSG file is placed in the same directory as the CLEAN.EXE file, CLEAN will display messages from the foreign language module instead of displaying messages in English (American). Currently, French and Spanish message files come bundled with CLEAN-UP, FRENCH.MSG and SPANISH.MSG. To use a foreign language module, rename it to MCAFEE.MSG and place it in the same directory as the CLEAN.EXE file. When CLEAN-UP is run, it will check for the MCAFEE.MSG file and use it, if found. NOTE: Using a foreign language module increases CLEAN-UP's memory requirements by the size of the foreign language file (typically 15 to 25Kb). Support for other languages such as Chinese, Dutch, Finnish, French (Canadian), German, Hungarian, Norwegian, Portuguese, Russian, Spanish (European), Swahili, Swedish and Bulgarian is available. Contact your local McAfee Associates Authorized Agent or McAfee Associates directly for availability.