home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Magnum One
/
Magnum One (Mid-American Digital) (Disc Manufacturing).iso
/
d23
/
clean84.arc
/
CLEAN84.DOC
< prev
next >
Wrap
Text File
|
1991-10-12
|
15KB
|
342 lines
CLEAN-UP Version 7.9V84
Copyright (C) 1990, 1991 by McAfee Associates.
All rights reserved.
Documentation by Aryeh Goretsky.
McAfee Associates (408) 988-3832 office
4423 Cheeney Street (408) 970-9727 fax
Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps
U.S.A (408) 988-5138 BBS HST 9600
(408) 988-5190 BBS v32 9600
CompuServe GO VIRUSFORUM
InterNet mcafee@netcom.com
TABLE OF CONTENTS:
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What CLEAN-UP is, system requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2
- Verifying the integrity of CLEAN-UP
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .3
- Features, new viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3
- Detailed description of CLEAN-UP
OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . .4
- How to use CLEAN-UP
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .6
- Samples of frequently-used options
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .6
- How to register CLEAN-UP
TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .7
- Information you should have ready when calling
Page 1
CLEAN-UP Version 7.9V84 Page 2
SYNOPSIS
CLEAN-UP (CLEAN) is a virus disinfection program for IBM PC
and compatible computers. CLEAN-UP will search though the
partition table, boot sector, or files of a PC and remove a virus
specified by the user. In most instances CLEAN-UP is able to repair
the infected area of the system and restore it to normal usage.
CLEAN-UP works on all viruses identified by the current version of
the VIRUSCAN (SCAN) program.
CLEAN-UP runs on any PC with 256Kb and DOS 2.00 or above.
AUTHENTICITY
CLEAN-UP runs a self-test when executed. If CLEAN has been
modified in any way, a warning will be displayed. The program will
still continue to remove viruses, though. If CLEAN reports that
it has been damaged, is recommended that a new, clean copy be
obtained.
CLEAN-UP is packaged with the VALIDATE program to ensure the
integrity of the CLEAN.EXE file. The VALIDATE.DOC instructions
tell how to use the VALIDATE program. The VALIDATE program
distributed with CLEAN-UP may be used to check all further versions
of CLEAN.
The validation results for Version 7.9V84 should be:
FILE NAME: CLEAN.EXE
SIZE: 68,283
DATE: 10-04-1991
FILE AUTHENTICATION
Check Method 1: 35DE
Check Method 2: 0AAC
If your copy of CLEAN.EXE differs, it may have been modified.
Always obtain your copy of CLEAN-UP from a known source. The
latest version of CLEAN-UP and validation data for SCAN.EXE can be
obtained off of McAfee Associates' bulletin board system at (408)
988-4004 or from our Computer Virus Help Forum on CompuServe.
Beginning with Version 72, all McAfee Associates programs for
download are archived with PKWare's PKZIP Authentic File
Verification. If you do not see the "-AV" message after every file
is unzipped and receive the message "Authentic Files Verified!
# NWN405 Zip Source: McAFEE ASSOCIATES" when you unzip the files
then do not run them. If your version of PKUNZIP does not have
verification ability, then this message may not be displayed.
Please contact McAfee Associates if your .ZIP file has been
tampered with.
CLEAN-UP Version 7.9V84 Page 3
WHAT'S NEW
CLEAN-UP version 84 has been re-written remove FAT table viruses
like the new DIR2/FAT virus.
CLEAN-UP also adds a new option to recover disks
formatted under DOS 4.0 and above that have been damaged by a boot
sector or partition table infecting virus. When the /MAINT option
is run, CLEAN-UP will fix the boot area of damaged disks.
Disinfectors have been added for the 748 [748], 2100 [2100],
Anti-Telefonica [A-Vir], Curse [Curse], December 28 [D28],
Miky [Miky], Mosquito [Mosq], R11 [R11], Sunday-2 [Su2],
and Tokyo [Tok] viruses.
Please refer to the enclosed VIRLIST.TXT file for a short
description of the new viruses. For a more complete description,
please refer to Patricia Hoffman's VSUM listing.
OVERVIEW
CLEAN-UP searches the system looking for the virus you wish
to remove. When an infected file is found, CLEAN-UP isolates and
removes the virus, and in most cases, repairs the infected file and
restores it to normal operation. If the file is infected with a
less common virus, CLEAN-UP will then display a warning message and
prompt the user, asking whether to overwrite and delete the
infected file. Files erased in such a manner are non-recoverable.
Verify the suspect virus infection with the VIRUSCAN program
before running CLEAN-UP. VIRUSCAN will locate and identify the
virus and provide the I.D. code needed to remove it. The I.D. is
displayed inside the square brackets, "[" and "]." For example,
the I.D. code for the Jerusalem virus is displayed as
"[Jeru]". This I.D. must be used with CLEAN-UP to remove the
virus. The square brackets "[" and "]" MUST be included.
CLEAN-UP Version 7.9V84 Page 4
The common viruses that CLEAN-UP is able to remove
successfully and repair and restore the damaged programs are:
555 651 748 1260
1575/1591*+ 170x* 2100 4096*+
Antitelefonica Air Cop* Alabama+ Alameda
Ashar* Azusa Beeper Black Monday+
Bloody! Curse Dark Avenger*+ DataLock+
December 28+ Disk Killer* EDV* Empire*
Fellowship+ Filler Fish+ Flip*+
Form Ghost Invader*+ Jerusalem*+
Joshi KeyPress*+ Korea* Lazy
Liberty+ Lisbon* Loa Duong Mardi Brothers
Michelangelo Miky Murphy*+ Music Bug
New Jerusalem+ Nomenclature Pakistani Brain*PayDay+
Ping Pong* Plastique*+ Print Screen-2* R-11+
RPKS Slow+ Stoned* Striker+
SunDay+ Sunday 2+ Suriv03+ Taiwan 3+
Taiwan 4+ Tequila Tokyo Typo Boot
V800 V-801 VACSINA*+ Vienna*
Violator*+ Whale*+ Yankee Doodle*+ ZeroBug
DIR2/FAT
*Denotes virus with more than one strain
+Denotes virus which attaches to overlays
AN IMPORTANT NOTE ABOUT .EXE FILES: Some viruses which infect .EXE
files can not be removed successfully in all cases. This usually
occurs when the .EXE file loads internal overlays. Instead of
attaching to the end of the .EXE file, the virus may attach to the
beginning of the overlay area, and program instructions are
overwritten. CLEAN-UP will truncate files infected in this manner.
If a file no longer runs after being cleaned, replace it from the
manufacturer's original disk.
AN IMPORTANT NOTE ABOUT THE STONED VIRUS: Removing the Stoned
virus can cause loss of the partition table on systems with
non-standard formatted hard disks. As a precaution, backup all
critical data before running CLEAN-UP. Loss of the partition table
can result in the LOSS OF ALL DATA ON THE DISK.
OPERATION:
IMPORTANT NOTE: POWER DOWN YOUR SYSTEM AND BOOT FROM A CLEAN
SYSTEM DISK BEFORE BEGINNING. RUN THE CLEAN-UP PROGRAM FROM A
WRITE-PROTECTED DISK TO PREVENT INFECTION OF THE PROGRAM.
Power down the infected system and boot from a clean,
write-protected system diskette. This step will insure that the
virus is not in control of the computer and will prevent
reinfection. After cleaning, power down the system again, reboot
from the system disk, and run the VIRUSCAN program to make sure the
system has been successfully disinfected. After cleaning the hard
disk, run the VIRUSCAN program on any floppies that may have been
inserted into the infected system to determine if they have been
infected.
CLEAN-UP will display the name of the infected file, the virus
found in it, and report a "successful" disinfection when the virus
is removed. If a file has been infected multiple times by a virus
(possible if the virus does not check to see if it has already
attached to a file) then CLEAN-UP will report that the virus has
been removed successfully for each infection.
CLEAN-UP Version 7.9V84 Page 5
To run CLEAN-UP type:
CLEAN d1: ... d10: [virus ID] /A /CHKHI /E .xxx /FR /MAINT /MANY
/M /REPORT d:filename /NOPAUSE
Options are:
/A - Examine all files for viruses
/E .xxx .yyy .zzz - Clean overlay extensions .xxx .yyy .zzz
/FR - Display messages in French
/MAINT - Clean DOS 4.0+ damaged boot sector
/MANY - Check and disinfect multiple floppies
/NOPAUSE - Disable screen prompting
/REPORT d:filename - Create report of cleaned files
d1: ... d10: - indicate drives to be cleaned
[virus ID] - Virus identification code - provided by the
VIRUSCAN program when it detects a virus.
For a complete list of codes, see the
accompanying VIRLIST.TXT file
NOTE: Brackets [ ] are required.
The /A option will cause CLEAN to go through all files on
diskette. This should be used if an overlay-infecting virus is
detected.
The /E option allows the user to specify an extension or set
of extensions to clean. Extensions must be separated by a space
after the /E and between each other. Up to three extensions may
be added with the /E. For more extensions, use the /A option.
The /FR option tells CLEAN-UP to display all messages in
French instead of English.
The /MAINT option is used to clean hard disks partitioned with
DOS 4.0 or above that have been damaged by a boot sector or partition
table infecting virus. Attempts to access disks damaged in such a
manner result in an "invalid media" message being displayed. The
/MAINT option will only clean the partition table and boot sector,
not the files.
The /MANY option is used to clean multiple floppy diskettes.
If the user has more than one floppy disk to check for viruses, the
/MANY option will allows the user to check them without having to
run CLEAN multiple times.
The /NOPAUSE option disables the "More..." prompt that appears
when CLEAN fills a screen with data. This allows CLEAN-UP to run
on a machine with multiple infections without requiring operator
intervention when the screen fills up with messages from the CLEAN
program.
The /REPORT option is used to generate a listing of
disinfected files. The resulting list can be saved to disk as an
ASCII text file. To use the report option, specify /REPORT on the
command line, followed by the device and filename.
CLEAN-UP Version 7.9V84 Page 6
EXAMPLES
The following examples are shown as they would be typed in on
the command line.
CLEAN C: D: E: [JERU] /A
To disinfect drives C:, D:, and E: of the Jerusalem
virus, searching all files for the virus in the process
CLEAN A: [STONED]
To disinfect floppy in drive A: of the Stoned virus
CLEAN C:\MORGAN [DAV] /A
To disinfect subdirectory MORGAN on drive C: of the Dark
Avenger, searching all files for the virus in the process
CLEAN B: [DOODLE] /REPORT C:YNKINFCT.TXT
To disinfect floppy in drive B: of the Yankee Doodle
virus, searching all files in the process, and creating
a report of disinfected files named YNKINFCT.TXT on drive
C:
REGISTRATION
A registration fee of $35.00US is required for the use of
CLEAN-UP by individual home users. Registration is for one year
and entitles the holder to unlimited free upgrades off of McAfee
Associates BBS or CompuServe Computer Virus Help Forum. When
registering, a diskette containing the latest version may be
requested. Add $9.00US for diskette mailings. Only one diskette
mailing will be made.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, who must obtain a license for use. Contact McAfee
Associates for more information.
Outside of the United States, registration and support may be
obtained from the Agents listed in the accompanying AGENTS.TXT
file.
CLEAN-UP Version 7.9V84 Page 7
TECH SUPPORT
In order to facilitate speedy and accurate support, please
have the following information ready when you contact McAfee
Associates:
- Program name and version number.
- Type and brand of computer, hard disk, plus any
peripherals.
- Version of DOS you are running, plus any TSRs or device
drivers in use.
- Printouts of your AUTOEXEC.BAT and CONFIG.SYS files.
- The exact problem you are having. Please be specific as
possible. Having a print out of the screen and/or being
at your computer will help also.
McAfee Associates can be contacted by CompuServe Forum, BBS or fax
twenty-four hours a day, or call our business office at (408) 988-3832,
Monday through Friday, 8:30AM to 6:00PM Pacific Standard Time.
McAfee Associates (408) 988-3832 office
4423 Cheeney Street (408) 970-9727 fax
Santa Clara, CA 95054 (408) 988-4004 BBS 2400 bps
U.S.A (408) 988-5138 BBS HST 9600
(408) 988-5190 BBS v32 9600
CompuServe GO VIRUSFORUM
InterNet mcafee@netcom.com