home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-12
/
antivir1.exe
/
ANTIVIR.DOC
< prev
next >
Wrap
Text File
|
1992-03-04
|
16KB
|
330 lines
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
ANTI-VIRUS COLLECTION
(c)1992 John A. Qualtrough
Q-Ware Las Cruces, NM All Rights Reserved
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
This collection of anti-virus programs was written to help protect your PC or
compatible from the 1,100+ viruses currently known to exist. These programs
are also intended to protect your system from viruses which are as yet unknown
or undiscovered. This archive includes the following anti-virus programs:
SYSPRO.COM TSR protection for hard disk system areas and files.
SYSCHK.EXE Verifies / restores hard disk system areas.
BOOTCHK.EXE Scan/Neutralizes "Time Bomb" viruses in boot sectors.
SECURE.EXE Protects executable files from infection.
The author assumes no responsiblity for loss or damages cause directly or
indirectly from the use or misuse of these programs. ANTIVIR was written in
the spirit of fighting those few virus authors who cause so much harm. I
hope you find this to be a useful weapon in the battle against them.
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
SYSPRO.COM (SYStem PROtector)
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
SYSPRO is a memory resident (TSR) program which monitors "suspicious"
activity that could be attributed to some viruses. SYSPRO will prevent a virus
from infecting your DOS system files: COMMAND.COM, IO.SYS, MSDOS.SYS, IBMBIO.COM
, IBMDOS.COM and SYSPRO.COM. Before installing SYSPRO, you should make your
system files, COMMAND.COM, and SYSPRO.COM Read-Only using the standard DOS
ATTRIB command or any number of attribute alteration utilities. After this,
SYSPRO will protect these files from being infected by a virus. SYSPRO will
also monitor requests for direct writes to your fixed disk boot sector and
partition table. If such a request is made, you will be warned and asked
whether to allow the operation. Some programs like FORMAT etc. do perform
direct writes to these areas. Most programs should not. You may answer "Y"
for yes, or "N" for no to allow or disallow the write operation. If you are
running an unknown or untested program, it is always safe to answer no, or
re-boot to prevent possible erasure of system areas. SYSPRO is installed by
simply typing SYSPRO It may be placed in the AUTOEXEC.BAT file so that your
system is constantly protected after booting, or installed before running
untested programs. SYSPRO requires approximately 400-bytes of RAM when
installed and will remain active until the system is re-booted.
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
SYSCHK.EXE [Release 3.10]
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
SYSCHK was designed to verify your hard disk boot sector and track-0 to
prevent a virus (even unknown types) from infecting these areas undetected.
This is done by comparing these system areas with a saved Hard Disk Info (HDI)
file. ANY change in the system areas (even a single bit) will be detected by
SYSCHK and brought to your attention.
SYSCHK requires one command line parameter: SYSCHK drive:
Example:
SYSCHK B: (save HDI file on B:)
SYSCHK C:\UTIL\ (save HDI file in C:\UTIL\ directory)
This will tell SYSCHK where to locate the Hard Disk Info (HDI) file which is
created the first time SYSCHK is run. The HDI file is created using a
different name on each different PC. This is to prevent a virus author from
creating a virus which infects the SYSCHK verification file. This file will
also be HIDDEN and READ/ONLY when created to aid in virus protection.
During subsequent runs, SYSCHK will read this file and compare its contents
with the Boot Sector and Track-0 of your unit-0 fixed disk. If a difference is
detected, a warning will be displayed to alert you to a possible virus or
system problem. At this time, you will be asked if you wish to restore these
areas from the HDI file. Answering [Y]es, will allow SYSCHK to re-write the
Boot and Track-0 to original. After a restore, SYSCHK will automatically
perform a cold-boot to remove any viruses which may have been memory resident
(TSR). If no errors are detected, a verification will be displayed before
SYSCHK returns to DOS.
NOTES:
BEFORE running SYSCHK for the first time, you should run a good virus
scanner to verify that your boot sector and track-0 are not infected. In this
way, you can be fairly certain that the file SYSCHK creates will be virus free
for future verifies.
Users with dual floppy/hard disk systems may leave a floppy with the HDI file
in drive B:. At boot-up, SYSCHK can verify your system areas automatically by
placing the following line in your AUTOEXEC.BAT file: SYSCHK B:
Due to buffer space constraints, SYSCHK will only save up to 26 sectors of
track-0. This is generally no problem since most drives use standard 17
sector format.
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
BOOTCHK.EXE [Release 1.10]
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
BOOTCHK is a virus scanner which looks for "Time Bomb" type viruses on the
boot sectors of floppy diskettes, and also the partition table of hard disks.
BOOTCHK will detect most viruses which wait for a specific date to do damage.
An example of this is the Michelangelo virus which waits for March 6th to
destroy the data on your hard disk(s). To run BOOTCHK type: BOOTCHK [drive]
The optional drive parameter tells BOOTCHK which drive to scan (A:-F:). If
this parameter is omitted, BOOTCHK will prompt you for the drive to scan.
If a "Time Bomb" virus signature is detected, you will be notified and the
probable "detonation" or damage date will be displayed. If BOOTCHK does
locate such a virus you will be offered the option to neutralize it only if
the virus is on a floppy diskette.
W A R N I N G about neutralizing an infected diskette:
If you answer yes, the virus will be neutralized. However, the
boot sector will no longer allow you to boot from that diskette.
After a neutralize operation, you should restore the boot sector
from a known clean diskette.
If you do not neutralize the virus, you should not use this diskette until a
virus disinfectant program is run to remove the virus.
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
SECURE.EXE [Release 2.21]
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Purpose for SECURE:
SECURE is a fast anti-virus file security system for programs, device drivers,
and overlays. SECURE will locate a virus (even an unknown type) which infects
any of the kinds of files protected by SECURE. Many popular virus checking
programs function by trying to identify known virus "signatures" in your
existing files. The problem is that new virii are discovered constantly, and
to protect from them you need to update your scanning program frequently.
This is not the case with SECURE. SECURE will detect and flag any protected
program which has been invaded by a virus. Virus protection is a must in the
world of widespread tele-networking and BBS use. In order for SECURE to begin
protecting your system, you must first SECURE your files. To do this follow
the instructions in the OPERATION section below. But first, ....
──────────────────────────────────────────────────────────────────────────────
──────────────── READ THIS SECTION BEFORE USING SECURE !! ────────────────
──────────────────────────────────────────────────────────────────────────────
SECURE works with COM, EXE, SYS, and OVR files only. It will not SECURE
files that do not have one of these extensions. Also, SECURE will add 7
bytes to the length of these files as a special security code is encrypted
within the files. For ANY files which are self-modifying SECURE will not
work properly. SECURE has been tested with a wide variety of files
including DOS 3.30 & 5.00 system files, and many commercially available
programs. This does not however mean that SECURE will work with all
program files. To be safe, back up ALL files which you intend to SECURE
BEFORE securing them. Then, if one or more are found to be incompatible,
you may restore those files which were affected.
──────────────────────────────────────────────────────────────────────────────
OPERATION:
SECURE along with three command line options can Install security, Test the
integrity of secured files, Reset security codes, or extract security from
previously secured files. The following section describes the operation of
SECURE and the command line options:
To secure a file or files with SECURE, use the /I option and type:
C:\>SECURE filespec /I
"filespec" indicates which file or files you wish to SECURE (DOS wildcards
such as * and ? are legal.) The '/I' option tells SECURE to install security
on these files (only needs to be done once per file).
Example:
C:\DOS\>SECURE *.COM /I
The above example will secure all COM files in the C:\DOS subdirectory.
Example:
C:\UTIL\>SECURE *.* /I
Secure all COM, EXE, SYS, and OVR files in the C:\UTIL subdirectory.
During the "/I" SECURE pass, SECURE will integrate the 7-byte security
signature within each secured file. After completion, these files are
protected and can be tested at anytime later by using SECURE without the
'/I' command line option.
Example:
C:\DOS\>SECURE *.COM
The above example will test security on COM files in the C:\DOS subdirectory.
(Note: SECURE scans files at approximately 150K bytes per second)
Example:
C:\UTIL\>SECURE *.*
Test security of COM, EXE, SYS, and OVR files in the C:\UTIL subdirectory.
──────────────────────────────────────────────────────────────────────────────
SPOTTING INFECTED FILES:
If a file is found to be infected, or otherwise fails the security scan,
SECURE will display this message on your screen:
"W A R N I N G ... File No Longer SECURE !"
Unless you are absolutely certain that this file has not been infected, delete
the infected file and replace it with a known virus-free copy. If you are
sure that the file is not infected, you may reset the security by adding the
"/R" option when running SECURE.
Example:
C:\BIN\>SECURE MYPROG.EXE /R
This will reset the security of a file which has failed a security scan so
that subsequent scans will pass.
A different warning will be displayed if you run SECURE on files for the first
time without using the /I (Install) option. SECURE will display:
W A R N I N G ... File Altered or Not Secured With '/I' Option!
This warning either means that you never installed the file with "SECURE /I",
or a virus has altered the file and destroyed the SECURE signature within the
file. If you are sure that the file was not installed, you may install it
with the /I option for future protection. If the file had been installed,
then it could be infected and should be replaced with a "clean" copy.
──────────────────────────────────────────────────────────────────────────────
REMOVING SECURITY:
In the event that you do use SECURE and then at some point decide you wish
to quit using it, you may extract the security code. Extraction will return
protected files to thier original state. This is done with the '/X' command
line option.
Example:
C:\DOS\>SECURE *.*/X
Extract security code from all secured files in the current subdirectory.
──────────────────────────────────────────────────────────────────────────────
BATCH FILE USE:
One of the most useful places for a SECURE check is in your AUTOEXEC.BAT
file so that selected files may be scanned each time you boot your PC. The
following is an example use of SECURE in the AUTOEXEC.BAT file:
@ECHO OFF
C:
CD\
SECURE COMMAND.COM
IF ERRORLEVEL 1 PAUSE
C:
CD\DOS
SECURE *.COM
IF ERRORLEVEL 1 PAUSE
CD\UTIL
SECURE *.*
IF ERRORLEVEL 1 PAUSE
.
.
.
This sample shows SECURE being used to verify COMMAND.COM, all .COM files in
the C:\DOS directory, and all compatible files in the C:\UTIL directory. If
an infection is detected, SECURE generates a DOS ERRORLEVEL 1. In the sample,
DOS will execute a PAUSE, so that you may make note of the files which failed
the SECURE pass. If no files fail, processing will continue normally.
──────────────────────────────────────────────────────────────────────────────
AUTHORS NOTES and COMMENTS:
From my point of view, the most likely files to be infected by a virus are
your DOS .COM files (COMMAND.COM, FORMAT.COM, etc.). A reason for this is
that COM files are easier to infect than EXE files. Also, virus authors
have easy access to the DOS files to study which are best and easiest to
infect. For this reason, I believe that at the least, you should use SECURE
to protect these files and probably the DOS .EXE and .SYS files as well.
Another point about SECURE is this: Be SURE to only add security on files
which are virus free. If you secure a file which is already infected, it
will not be found by SECURE. For this reason, programs like SCAN by McAfee
and similar "virus signature" hunters have a definte place in virus protection
Be sure and keep your scan programs updated regularly and run SECURE checks
often to help spot a virus before it does its dirty work. After all, with
the enhanced speed and safety of SECURE, it's better safe than sorry ....
──────────────────────────────────────────────────────────────────────────────
SYSTEM REQUIREMENTS:
DOS 3.x (or later) and 256K or more RAM is recommended.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
ANTIVIR is distributed as Shareware NOT Freeware. If you like these programs
and find them useful, you are asked to pay about $10.00 for a registered copy.
With registration, you will receive any pending updates and a disk with many
other utilities to make your PC a more useful tool.
Commercial customers must contact me for site licensing arrangements.
Send Check, Money Order, or Cold Hard Cash to:
John A. Qualtrough
315 Linda Vista Rd.
Las Cruces, NM 88005
Questions or comments may be left on:
Waterfront West Wildcat! BBS
300 - 9600 BPS, 24Hrs
(505) - 523 - 4528
Leave [M]essage for John Qualtrough
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀