home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The 640 MEG Shareware Studio 2
/
The 640 Meg Shareware Studio CD-ROM Volume II (Data Express)(1993).ISO
/
os2
/
ocln100.zip
/
OCLN100.DOC
< prev
next >
Wrap
Text File
|
1993-02-03
|
20KB
|
491 lines
OS2CLEAN-UP for OS/2 Version 9.13V100
Copyright (C) 1990-1993 by McAfee Associates.
All rights reserved.
Documentation by Aryeh Goretsky.
McAfee Associates (408) 988-3832 office
3350 Scott Blvd., Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
InterNet support@mcafee.COM
TABLE OF CONTENTS:
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What is OS2CLEAN?
- System Requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2
- Verifying the integrity of OS2CLEAN
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .3
- New features and viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3
- General description of OS2CLEAN
OPERATION and OPTIONS . . . . . . . . . . . . . . . . . . . . .5
- How to use OS2CLEAN, detailed explanation of switches
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .7
- Samples of frequently-used options
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .8
- How to register OS2CLEAN
TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .8
- Information to have ready when calling for tech support
Page 1
OS2CLEAN Version 9.13V100 Page 2
SYNOPSIS
OS2CLEAN-UP for OS/2 (OS2CLEAN) is a virus disinfection
program for IBM PC and compatible computers running IBM's OS/2
V2.00 (GA) or above, as well as any local area network the PC is
logged into. OS2CLEAN searches through the partition table,
boot sector, or files of a PC to remove any virus specified by
the user. In most instances, OS2CLEAN repairs infected areas
of the system and restoring them to their pre-infected state.
OS2CLEAN removes all viruses identified by the current version
of VIRUSCAN for OS/2 (OS2SCAN). OS2CLEAN can also remove
unknown (new) viruses from .COM and .EXE files, the partition
table, and boot sector using recovery information stored by
OS2SCAN [See the OS2SCAN documentation for more details].
OS2CLEAN runs on any PC with OS/2 Version 2.00 (GA) or
above installed on it.
AUTHENTICITY
OS2CLEAN performs a self-test when run. If OS2CLEAN has
been modified in any way, a warning will be displayed. However,
OS2CLEAN is still able to remove viruses. If OS2CLEAN reports
it has been damaged, a new, clean copy should be obtained.
OS2CLEAN is packaged with VALIDATE for OS/2 (OS2VAL), a
program to check the integrity of the OS2CLEAN.EXE file. The
OS2VAL.DOC file describes its usage.
The validation results for Version 9.13V100 should be:
FILE NAME: OS2CLEAN.EXE
SIZE: 290,528
DATE: 02-03-1993
FILE AUTHENTICATION
Check Method 1: E2C1
Check Method 2: 16B9
If your copy of OS2CLEAN.EXE differs, it may have been modified.
Always obtain OS2CLEAN from a known source. The latest version
of OS2CLEAN and validation data can be obtained from McAfee
Associates' bulletin board system at (408) 988-4004, from the
McAfee Virus Help Forum on CompuServe (GO MCAFEE), and by
anonymous ftp from the mcafee.COM site on the Internet
Beginning with Version 72, all McAfee Associates programs
are archived with PKWare's PKZIP Authentic File Verification.
If you do not see the "-AV" message after every file is unzipped
and receive the "Authentic Files Verified! # NWN405 Zip Source:
McAFEE ASSOCIATES" message when you unzip the files then do not
use them. If your version of PKUNZIP does not have verification
ability, this message may not be displayed. Please contact
McAfee Associates if you think the .ZIP file has been damaged.
OS2CLEAN Version 9.13V100 Page 3
WHAT'S NEW
Beginning with Version 9.13, we will start providing foreign
language support for VIRUSCAN, NETSCAN, and CLEAN-UP with an
external language file named MCAFEE.MSG. When the MCAFEE.MSG
file is present in the same directory as the OS2CLEAN.EXE file,
CLEAN will automatically use the messages from the MCAFEE.MSG
file instead of the default English (American) messages in the
program. In order to accomodate this change, the /FR (French)
and /SP (Spanish) language switches have been removed and two
new files, FRENCH.MSG and SPANISH.MSG have been included with
this release. If you wish to use a foreign language, rename the
language file to MCAFEE.MSG. Support for other languages will
be added in the future.
Version 100 adds detection of all the new viruses added in
the current release of VIRUSCAN, and adds new disinfectors for
the Little Girl2, Little Girl3, and Irish_3 virus.
Like its DOS counterpart, CLEAN-UP (for DOS), it removes
viruses from a PC or LAN. OS2CLEAN, however, recognizes
HPFS-partitioned drives and OS/2's extended filenames. This release
removes all viruses that the current version of CLEAN-UP (for DOS)
does.
Please refer to the enclosed VIRLIST.TXT file for a short
description of the new viruses. For more detailed descriptions,
please refer to Patricia Hoffman's virus summary listing (VSUM).
OVERVIEW
OS2CLEAN searches the system for viruses to remove. When
an infected file is found, OS2CLEAN isolates and removes the
virus and in most cases restores the infected file to normal
operation. If the file is infected with an uncommon virus,
OS2CLEAN will instead display a warning message asking whether
to overwrite and delete the infected file. Files erased in this
manner are not recoverable.
Before running OS2CLEAN, verify the infection with SCAN for
OS/2 (OS2SCAN) or NETSCAN for OS/2 (OS2NSCAN). OS2SCAN and
OS2NSCAN locate and identify viruses and provide the I.D.
code used by OS2CLEAN. The I.D. is displayed inside the square
brackets, "[" and "]." For example, the I.D. code for the
Jerusalem virus is displayed as "[Jeru]". This I.D. must
be used with OS2CLEAN to remove the virus. The square brackets
"[" and "]" MUST be included.
NOTE: When OS2CLEAN is run with the /GENERIC or /GRF options
to disinfect files or system areas based on recovery
information stored by VIRUSCAN for OS/2 or NETSCAN for
OS/2, no virus I.D. code is required.
Please refer to the OS2SCAN documentation for instructions
in adding recovery information to your system.
OS2CLEAN Version 9.13V100 Page 4
The common viruses that OS2CLEAN is able to remove while
repairing and restoring the infected programs or system areas
are:
555 644 696 730
748 855 1008 1024
1139 1241 1253 1339
1554 1575*+ 1992 2560
4096*+ Air Cop* Alabama+ Alameda
Antitelefonica Azusa Beeper Black Monday+
Bloody! Boys Cansu Cascade*+
Curse Creeper Dark Avenger*+ DataLock+
December 28+ Devil's Dance Dir-2 Disk Killer*
EDV* Empire* Enigma Fellowship+
Filler Fish+ Flash Flip*+
Form Generic Boot Generic MBR Ghost
Haifa Holocausto Invader*+ Jerusalem*+
Joshi KeyPress*+ Korea* Lazy
Lehigh Liberty+ Lisbon* Loa Duong
M128 Maltese Amoeba Mardi Bro.'s Michelangelo
Mosquito Multi-2 Murphy*+ Music Bug
Nomenclature Npox*+ Ontario-3+ Pakistani Brain*
Perfume Ping Pong* Plastique*+ Possessed
Print Screen-2* R-11+ SBC Slayer
Slow+ Stoned* Striker+ Sunday+
Sunday2+ SVC+ Tabulero Taiwan 3+
Taiwan 4+ Tequila Tokyo Topo
Traceback/3066 Troi Typo Boot V800
V-801 VACSINA*+ Vienna* Violator*+
WalkAbout Whale*+ Yankee Doodle*+ ZeroBug
*Denotes virus with more than one strain
+Denotes virus which attaches to overlays
AN IMPORTANT NOTE ABOUT .EXE FILES: Some viruses infecting .EXE
files may not be removed successfully if the .EXE loads itself
as an internal overlay. OS2CLEAN will truncate files infected
in this manner. If a file no longer runs after being cleaned,
replace it from the manufacturer's original disk or virus-free
backups.
AN IMPORTANT NOTE ABOUT BOOT SECTOR VIRUSES (e.g., FORM):
Removal of boot sector-infecting viruses like the FORM may not
work correctly on Dual Boot Systems. If you have a Dual Boot
system with a boot sector virus on it, boot OS/2 first, delete
the BOOT.DOS file from the C:\OS2 directory (or wherever it is
located), and then boot DOS to create a new, virus-free DOS boot
sector file. As a precaution, back up all critical data before
doing this.
OS2CLEAN Version 9.13V100 Page 5
OPERATION and OPTIONS
IMPORTANT NOTE: CLOSE ALL DOS SESSIONS BEFORE RUNNING OS2CLEAN.
THIS PREVENTS A VIRUS FROM REMAINING RESIDENT
IN MEMORY TO REINFECT FILES AFTER OS2CLEAN HAS
RUN.
After cleaning, shutdown and reboot the PC, then run
OS2SCAN to confirm the system has been successfully disinfected.
After cleaning the hard disk, copy the SCAN for OS/2 (or NETSCAN
for OS/2) and CLEAN-UP for OS/2 programs to it and and check all
floppy disks that have been in contact with the system.
OS2CLEAN displays the name of infected files or system areas,
the virus found, and reports a "successful" disinfection for
each virus removed. If a file has multiple infections, OS2CLEAN
will report the virus has been removed successfully for each
infection.
Valid options for OS2CLEAN are:
OS2CLEAN {drive(s)} [VIRUS I.D.] {options}
{drive(s)} - Indicates a drive or drives to be scanned
[VIRUS I.D.] - Virus I.D. code from OS2SCAN/NETSCAN used to
tell OS2CLEAN which virus to remove. The
square brackets "[" and "]" must be included.
{options} - Indicates which options to clean with
Options are:
/A - Check all files for viruses
/E .xxx .yyy - Clean overlay extensions .xxx .yyy
/GENERIC - Clean unknown viruses
(see below for specifics)
/GRF {filename} - Clean new virus using recovery data from
file {filename}
/MANY - Check multiple floppy disks in drive(s)
/NOEXPIRE - Do not display expiration notice
/NOPAUSE - Disable screen pause after 24 lines displayed
/REPORT {fname} - Create report file {fname} of cleaned files
OS2CLEAN Version 9.13V100 Page 6
/A - This options checks all files on the drive cleaned and also
examines a greater portion of the fiels. This will increase the
time required to scan disks, but increases OS2CLEAN's ability to
detect viruses. It is recommended this switch only be used if a
file-infecting virus is found. This option takes priority over
the /E option.
/E .xxx .yyy - This option allows an additional extension or
extensions to be cleaned. Extensions should include a period
"." and each extension must be separated by a space after the
/E. Up to three extensions may be added with the /E. For more
extensions, use the /A option.
/GENERIC - This option is used to clean files or system areas on
a PC that have been infected with a new (unknown) virus. For
/GENERIC to work, recovery information must have been created
prior to infection by VIRUSCAN for OS/2's /AG option. No virus
I.D. code is required when using this switch.
/GRF {filename}. This option is used to clean files or system
areas on a PC or LAN that have been infected by a new (unknown)
virus. For /GRF to work, a recovery data and validation code
file must have been created by VIRUSCAN for OS/2 or NETSCAN for
OS/2's /AF option. No virus I.D. code is required when using
this switch.
/MANY - This option is used to clean multiple diskettes placed
in a given drive. If the user has more than one floppy disk to
remove viruses from, the /MANY option allows the user to clean
disks without have to re-run OS2CLEAN multiplie times.
/NOEXPIRE - This option prevents OS2CLEAN from displaying a
warning message after 7 months warning that it may no longer be
current with respect to known viruses.
/NOPAUSE - This option disables the "More? (H = Help)" prompt
displayed when OS2CLEAN fills a screen with 24 lines of text.
This allows OS2CLEAN to be run on PC's or LAN's with severe
infections without requiring operator assistance.
/REPORT {filename} - This option saves the output of OS2CLEAN
to {filename} in ASCII text file format. If {filename} exists,
OS2CLEAN will overwritten with the current report.
OS2CLEAN Version 9.13V100 Page 7
EXAMPLES
The following examples show different option settings:
OS2CLEAN C: D: E: [JERU] /A
To remove the Jerusalem virus from drives C:, D:, and
E:, searching all files for the virus
OS2CLEAN A: [STONED]
To remove the Stoned virus from the disk in drive A:
OS2CLEAN C:\MORGAN [DAV] /A
To remove the Dark Avenger virus from subdirectory
MORGAN on drive C:, searching all files for the virus
OS2CLEAN B: [DOODLE] /REPORT C:YNKINFCT.TXT
To remove the Yankee Doodle virus from drive B: and
create a report named YNKINFCT.TXT on drive C:
OS2CLEAN C: /GENERIC
To remove an unknown virus from drive C: using
recovery data stored by OS2SCAN's /AG option.
OS2CLEAN D: /GRF A:\SCANCRC.CRC
To remove a unknown virus from drive D: using recovery
data stored by OS2SCAN or OS2NSCAN's /AF option.
OS2CLEAN Version 9.13V100 Page 8
REGISTRATION
A registration fee of US$35.00 is required for the use of
OS2CLEAN by individual home users. Registration entitles the
holder to unlimited free upgrades from McAfee Associates' BBS
or the Computer Virus Help Forum on CompuServe and technical
support for one year. When registering, a diskette containing
the latest version may be requested for an additional US$9.00.
Only one diskette mailing will be made.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, which must obtain a license for use. Contact McAfee
Associates directly or an Authorized Agent for more information.
TECH SUPPORT
For fast and accurate help, please have the following
information ready when you contact McAfee Associates:
- Program name and version number.
- Type and brand of computer, hard disk, plus any
peripherals.
- Version of DOS plus any TSRs or device drivers in use.
- Printouts of your AUTOEXEC.BAT and CONFIG.SYS files.
- A printout of what is in memory from the MEM command
(DOS 4 and above users only) or a similar utility.
- The exact problem you are having. Please be as
specific as possible. Having a printout of the
screen and/or being at your computer be will helpful.
McAfee Associates can be contacted by BBS, CompuServe, FAX, or
InterNet 24 hours a day, or by telephone at (408) 988-3832,
Monday through Friday, 7:00AM to 5:30PM Pacific Time.
McAfee Associates (408) 988-3832 office
3350 Scott Blvd. Bldg. 14 (408) 970-9727 fax
Santa Clara, CA 95054-3107 (408) 988-4004 BBS (25 lines)
U.S.A USR HST/v.32/v.42bis/MNP1-5
CompuServe GO MCAFEE
Internet support@mcafee.com
If you are overseas, there may be an Authorized McAfee Associates
Agent in your area. Please refer to the AGENTS.TXT file for a
listing of McAfee Associates Agents for support or sales.