home *** CD-ROM | disk | FTP | other *** search

---

/ Night Owl 6 / Night Owl's Shareware - PDSI-006 - Night Owl Corp (1990).iso / 030a / vchk203.zip / VIRUSCHK.LJ2

< prev

next >

Wrap

Text File  |  1991-07-16  |  30KB  |  299 lines

---

1. &l8c0e66F&aR&l0O
2.  
3. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T                                    *p1095XViruschk
4. *p+50Y(10U(s0p10h12v0s0b3T                                  *p1035XVersion 2.03
5. *p+50Y(10U(s0p10h12v0s0b3T                             SSgt Jon Freivald, USMC
6. *p+50Y(10U(s0p10h12v0s0b3T                                  *p1035XTurboC++ 1.0
7. *p+50Y(10U(s0p10h12v0s0b3T                    Copyright 1991, 1st Marine Corps District
8. *p+50Y(10U(s0p10h12v0s0b3T                              *p915XAll Rights Reserved.
9. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TLICENSING INFORMATION:
10. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk is distributed as freeware.  It may be distributed
11. *p+50Y(10U(s0p10h12v0s0b3T        freely as long as there is no fee charged for it or it's
12. *p+50Y(10U(s0p10h12v0s0b3T        distribution.  Viruschk must be distributed as a complete
13. *p+50Y(10U(s0p10h12v0s0b3T        package, containing all of the files contained in the file
14. *p+50Y(10U(s0p10h12v0s0b3T        readme.1st.  Viruschk may not be distributed as a feature with
15. *p+50Y(10U(s0p10h12v0s0b3T        any other software package without the prior written permission
16. *p+50Y(10U(s0p10h12v0s0b3T        of 1st Marine Corps District.  There is no fee for registration,
17. *p+50Y(10U(s0p10h12v0s0b3T        however, if you register as a user, you will be placed on
18. *p+50Y(10U(s0p10h12v0s0b3T        distribution for future updates.  Refer to the notes section for
19. *p+50Y(10U(s0p10h12v0s0b3T        further information on how to register.
20. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT IT IS:
21. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TThe use of McAfee's Viruscan (scan.exe) on all USMC systems is
22. *p+50Y(10U(s0p10h12v0s0b3T        mandated by CMC/CCI msg R 220032Z OCT 90 ZY3.(10U(s0p10h12v0s1b3T Viruschk(10U(s0p10h12v0s0b3T is a
23. *p+50Y(10U(s0p10h12v0s0b3T        "shell" or "watchdog" for McAfee's scan.exe. It also displays the
24. *p+33Y(10U(s0p10h12v0s0b3T                                                            (10U(s0p16.66h8.5v0s0b0T1
25. *p+17Y(10U(s0p16.66h8.5v0s0b0T             *p240X(10U(s0p10h12v0s0b3Twarning screen mandated by USMC security regulations*p1818X.  If a
26. *p+50Y(10U(s0p10h12v0s0b3T        virus condition is found, it will lock up the user's system and
27. *p+50Y(10U(s0p10h12v0s0b3T        with a loud tone and unmistakable screen, alert them to the
28. *p+50Y(10U(s0p10h12v0s0b3T        infected condition!  It is highly recommended that you also use
29. *p+50Y(10U(s0p10h12v0s0b3T        the Vshield program (also by McAfee) - especially if you use the
30. *p+50Y(10U(s0p10h12v0s0b3T        option to limit scanning to once a week.  Please refer to the
31. *p+50Y(10U(s0p10h12v0s0b3T        referenced message for further guidance regarding use of the
32. *p+50Y(10U(s0p10h12v0s0b3T        McAfee virus prevention software.  This documentation does not
33. *p+50Y(10U(s0p10h12v0s0b3T        cover all policy set forth in the message, nor does it intend to
34. *p+50Y(10U(s0p10h12v0s0b3T        be taken as a statement of policy.
35. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSYSTEM REQUIREMENTS:
36. *p+150Y(10U(s0p10h12v0s1b3T            (10U(s0p10h12v0s0b3To  IBM PC, PC/XT, PC/AT, PS/2 or 100% compatible computer
37. *p+100Y(10U(s0p10h12v0s0b3T            o  384K RAM
38. *p+100Y(10U(s0p10h12v0s0b3T            o  a hard disk with one or more DOS partitions
39. *p+114Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
40. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
41. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X1. For non USMC users, you can make this a welcome screen, display a corporate message, etc, or you can
42. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xeliminate it all together.  The content of the screen file is irrelevant to the operation of the program.
43. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294XThe file should only be one screen long, or it will scroll before the first part can be read.
44.  
45. (10U(s0p16.66h8.5v0s0b0T*p+255Y*p+79Y(10U(s0p16.66h8.5v0s0b0T                    (10U(s0p10h12v0s0b3To  DOS version 2.0 or higher
46. *p+100Y(10U(s0p10h12v0s0b3T            o  DOS version 3.0 or higher for the integrity self-check
47. *p+100Y(10U(s0p10h12v0s0b3T            o  McAfee & Associates Viruscan (scan.exe) version 7.2V77 or
48. *p+50Y(10U(s0p10h12v0s0b3T               higher.
49. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3THOW TO INSTALL IT:
50. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TTo install Viruschk, proceed as follows:
51. *p+100Y(10U(s0p10h12v0s0b3T        Make a directory on the c: drive named "security" (this is CMC
52. *p+50Y(10U(s0p10h12v0s0b3T        mandated and hard-coded into Viruschk).
53. *p+100Y(10U(s0p10h12v0s0b3T        Copy the following files into c:\security:
54. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Tviruschk.com
55. *p+100Y(10U(s0p10h12v0s1b3T        scan.exe(10U(s0p10h12v0s0b3T        *p727X(This should be the latest version supplied
56. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthrough official channels.  It(10U(s0p10h12v0s1b3T *MUST*(10U(s0p10h12v0s0b3T be version
57. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X7.2V77 or higher.)
58. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Twarning(10U(s0p10h12v0s0b3T         *p727X(This screen may be modified to suit your
59. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xorganization with any ANSI editor such as
60. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X"TheDraw", or you can substitute it with any
61. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XANSI/ASCII screen of your choice, as long as it
62. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xis named "warning".  If you are not a USMC user,
63. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xit may be omitted all together.)
64. *p+100Y(10U(s0p10h12v0s0b3T        Add the line "c:\security\viruschk" to the beginning of the
65. *p+50Y(10U(s0p10h12v0s0b3T        user's autoexec.bat file.  This line should normally be the first
66. *p+33Y(10U(s0p10h12v0s0b3T                                (10U(s0p16.66h8.5v0s0b0T2
67. *p+17Y(10U(s0p16.66h8.5v0s0b0T             *p240X(10U(s0p10h12v0s0b3Tline of the autoexec.bat *p1008X& should ALWAYS be before the user can
68. *p+50Y(10U(s0p10h12v0s0b3T        login to the network.
69. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT IT DOES:
70. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk first checks the DOS version being run on the machine.
71. *p+50Y(10U(s0p10h12v0s0b3T        If it is version 3.0 or higher, it performs an integrity check on
72. *p+50Y(10U(s0p10h12v0s0b3T        itself.  ANY modification (manual tampering, "pklite"
73. *p+50Y(10U(s0p10h12v0s0b3T        compression, a virus, etc) will cause the virus warning screen to
74. *p+50Y(10U(s0p10h12v0s0b3T        display and the system to lock up.  If the DOS is less than
75. *p+50Y(10U(s0p10h12v0s0b3T        version 3.0, a message is  displayed stating that the self-check
76. *p+50Y(10U(s0p10h12v0s0b3T        cannot be performed.
77. *p+138Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
78. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
79. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X2. If you use Zenith DOS with manual partition assignment, make sure that you place the asgnpart command
80. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294XBEFORE Viruschk or the additional partitions will not get scanned!
81. *p+76Y(10U(s0p16.66h8.5v0s0b0T                *p294XIf your system does not have an internal clock/calendar, the DOS date command should be in the
82. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xautoexec.bat prior to the viruschk line.
83. *p+171Y(10U(s0p16.66h8.5v0s0b0T                                                               *p1140X(10U(s0p10h12v0s0b3T- 2 -
84.  
85. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        It then checks the command line.  The following command line
86. *p+50Y(10U(s0p10h12v0s0b3T        options are valid:
87. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3Tdisplay(10U(s0p10h12v0s0b3T         *p727Xshows the "lockup" screen & plays a snippet of
88. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthe warning tones - no scan is performed and the
89. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xwarning screen is not displayed (this is
90. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xincluded for demo purposes only!)
91. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TMon(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Monday only
92. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TTue(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Tuesday only
93. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWed(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Wednesday only
94. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TThu(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Thursday only
95. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TFri(10U(s0p10h12v0s0b3T             *p727XExecutes scan.exe on Friday only
96. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSat(10U(s0p10h12v0s0b3T             *p727X* Executes scan.exe on Saturday only
97. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TSun(10U(s0p10h12v0s0b3T             *p727X* Executes scan.exe on Sunday only
98. *p+100Y(10U(s0p10h12v0s0b3T                        *p727X* = NOT ALLOWED ON USMC SYSTEMS - these options
99. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xare only included for those who wish to use this
100. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xprogram on their private systems.
101. *p+100Y(10U(s0p10h12v0s0b3T        If no command line (or one not listed above) argument is given,
102. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe will be executed every day.  The command line arguments
103. *p+50Y(10U(s0p10h12v0s0b3T        MUST be typed exactly as they are above (i.e., "mon" is not
104. *p+50Y(10U(s0p10h12v0s0b3T        equivalent to "Mon").
105. *p+100Y(10U(s0p10h12v0s0b3T        If scan.exe is to be executed, Viruschk will then build a table
106. *p+50Y(10U(s0p10h12v0s0b3T        of all valid hard drives for the system.  It will then execute
107. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe with the proper parameters to scan all the drives.  If
108. *p+50Y(10U(s0p10h12v0s0b3T        scan.exe is not to be executed that day, this step will be
109. *p+50Y(10U(s0p10h12v0s0b3T        skipped.
110. *p+100Y(10U(s0p10h12v0s0b3T        If scan.exe is to be executed, and this is the first time for
111. *p+50Y(10U(s0p10h12v0s0b3T        this particular day, scan will be executed with the "/NOBREAK"
112. *p+50Y(10U(s0p10h12v0s0b3T        parameter - this will force a complete scan at least once each
113. *p+50Y(10U(s0p10h12v0s0b3T        (selected) day.  If this is a subsequent run, the "/NOBREAK"
114. *p+50Y(10U(s0p10h12v0s0b3T        parameter will be omitted, allowing the user to press <Ctrl><C>
115. *p+50Y(10U(s0p10h12v0s0b3T        or <Ctrl><Break> to bypass the scanning process.  The first run
116. *p+50Y(10U(s0p10h12v0s0b3T        force is controlled by a control file.  This is a 4 byte file
117. *p+50Y(10U(s0p10h12v0s0b3T        named "c:\security\viruschk.lrd".  This file will be created the
118. *p+50Y(10U(s0p10h12v0s0b3T        first time the program is run and will be re-created
119. *p+50Y(10U(s0p10h12v0s0b3T        automatically if it is deleted.
120. *p+100Y(10U(s0p10h12v0s0b3T        The control file is updated to reflect the current date AFTER the
121. *p+50Y(10U(s0p10h12v0s0b3T        forced scan.  If the system is rebooted during the scan, the scan
122. *p+50Y(10U(s0p10h12v0s0b3T        will again be forced.  This will continue until the scan
123. *p+50Y(10U(s0p10h12v0s0b3T        completes and the control file is updated.
124. *p+255Y*p+20Y(10U(s0p10h12v0s0b3T                                      - 3 -
125.  
126. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        Viruschk will then display the file "warning" for a period of 30
127. *p+50Y(10U(s0p10h12v0s0b3T        seconds if it exists.  You will only get this far if one of the
128. *p+50Y(10U(s0p10h12v0s0b3T        following two conditions are met:
129. *p+100Y(10U(s0p10h12v0s0b3T                1.  scan.exe is not to be run that day
130. *p+50Y(10U(s0p10h12v0s0b3T                2.  scan.exe ran successfully and did not find any
131. *p+50Y(10U(s0p10h12v0s0b3T        viruses
132. *p+100Y(10U(s0p10h12v0s0b3T        After the 30 second delay, control will release back to DOS and
133. *p+50Y(10U(s0p10h12v0s0b3T        the user's system can continue running it's autoexec.bat file.
134. *p+50Y(10U(s0p10h12v0s0b3T        The user can bypass the delay by pressing a key.  A countdown
135. *p+50Y(10U(s0p10h12v0s0b3T        timer informs you of how much longer you have to wait if you
136. *p+50Y(10U(s0p10h12v0s0b3T        don't press a key.  The warning screen will display every day,
137. *p+50Y(10U(s0p10h12v0s0b3T        regardless of command line arguments (except "display" which is
138. *p+50Y(10U(s0p10h12v0s0b3T        not for general use anyway...).  If the file c:\security\warning
139. *p+50Y(10U(s0p10h12v0s0b3T        does not exist, nothing will be displayed, and there will be no
140. *p+50Y(10U(s0p10h12v0s0b3T        delay before the program exits.
141. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+240Y(10U(s0p10h12v0s0b3T                                      - 4 -
142.  
143. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TWHAT WILL TRIGGER IT:
144. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TOne of five conditions will cause viruschk to lock up the user's
145. *p+50Y(10U(s0p10h12v0s0b3T        system:
146. *p+100Y(10U(s0p10h12v0s0b3T                1. Viruschk.exe finds any type of modification has
147. *p+50Y(10U(s0p10h12v0s0b3T        occurred to itself (indicating either manual tampering or a
148. *p+50Y(10U(s0p10h12v0s0b3T        virus).
149. *p+50Y(10U(s0p10h12v0s0b3T                2. Scan.exe was not in the c:\security directory or could
150. *p+50Y(10U(s0p10h12v0s0b3T        not be executed.
151. *p+50Y(10U(s0p10h12v0s0b3T                3. Scan.exe found viruses present on the system.
152. *p+50Y(10U(s0p10h12v0s0b3T                4. Scan.exe exited with an error code.
153. *p+50Y(10U(s0p10h12v0s0b3T                5. Your version of scan.exe is not at least 7.2V77.
154. *p+100Y(10U(s0p10h12v0s0b3T        Given any of the 5 conditions, we do not want the user to be able
155. *p+50Y(10U(s0p10h12v0s0b3T        to proceed and use his system (possibly spreading a virus..!), so
156. *p+50Y(10U(s0p10h12v0s0b3T        viruschk sounds a warning tone on the PC's speaker & displays a
157. *p+50Y(10U(s0p10h12v0s0b3T        screen leaving the user no doubt about the fact that a virus has
158. *p+50Y(10U(s0p10h12v0s0b3T        been encountered (even though that is but one of five possible
159. *p+50Y(10U(s0p10h12v0s0b3T        exit codes).  The user's system will now be locked - the only
160. *p+50Y(10U(s0p10h12v0s0b3T        keystrokes that will have any effect is <Ctrl><Alt><Del> and (if
161. *p+50Y(10U(s0p10h12v0s0b3T        you have a Zenith system) <Ctrl><Alt><Ins> (so that you can boot
162. *p+50Y(10U(s0p10h12v0s0b3T        from a write protected floppy disk and remedy the problem).
163. *p+100Y(10U(s0p10h12v0s0b3T        For a demo of the warning screen type:
164. *p+100Y(10U(s0p10h12v0s0b3T                viruschk display
165. *p+100Y(10U(s0p10h12v0s0b3T        when display is on the command line, scan will not be executed,
166. *p+50Y(10U(s0p10h12v0s0b3T        nor will warning be displayed - this is for admin demo use only.
167. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+50Y(10U(s0p10h12v0s0b3T                                      - 5 -
168.  
169. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TRETURN CODES:
170. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s0b3TViruschk will set the DOS errorlevel upon exit.  You can use the
171. *p+50Y(10U(s0p10h12v0s0b3T        DOS batch command "if errorlevel" to check these codes and take
172. *p+50Y(10U(s0p10h12v0s0b3T        conditional action if desired.  The following is a list of the
173. *p+50Y(10U(s0p10h12v0s0b3T        codes & their significance:
174. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T0(10U(s0p10h12v0s0b3T               *p727XViruschk ran uninterrupted to completion of the
175. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdelay countdown or the "display" command line
176. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xoption was used.
177. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T1(10U(s0p10h12v0s0b3T               *p727XA keystroke was pressed to bypass the delay.
178. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2(10U(s0p10h12v0s0b3T               *p727XThe file c:\security\warning was not found
179. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(therefore no display or delay).
180. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T3(10U(s0p10h12v0s0b3T               *p727XWarning was present, but the program was unable
181. *p+33Y(10U(s0p10h12v0s0b3T                                     *p1117X(10U(s0p16.66h8.5v0s0b0T3
182. *p+17Y(10U(s0p16.66h8.5v0s0b0T                                        *p727X(10U(s0p10h12v0s0b3Tto display it*p1135X.
183. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T100(10U(s0p10h12v0s0b3T             *p727XYou errantly obtained a copy of the program that
184. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdoes not have the anti-virus information
185. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Ximbedded in it.  This copy should not have been
186. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdistributed and will not run with DOS 3.0 or
187. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xhigher.
188. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T255(10U(s0p10h12v0s0b3T             *p727XThe DOS version being run is less than version
189. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X2.0.  Viruschk requires at least version 2.0 to
190. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xrun and at least 3.0 to perform it's self-check.
191. *p+150Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TCOMMON PROBLEMS/REMEDIES:
192. *p+150Y(10U(s0p10h12v0s1b3T           (10U(s0p10h12v0s0b3T1.  Scan.exe cannot execute - Viruschk locks up system -
193. *p+50Y(10U(s0p10h12v0s0b3T               scan.exe will execute when invoked manually.
194. *p+100Y(10U(s0p10h12v0s0b3T                  a.  Memory - scan.exe requires 256K of RAM.  Adding the
195. *p+50Y(10U(s0p10h12v0s0b3T                      overhead of Viruschk brings system requirements up
196. *p+50Y(10U(s0p10h12v0s0b3T                      to 384K. It doesn't actually require that much, but
197. *p+50Y(10U(s0p10h12v0s0b3T                      that is the next step up from 256K.
198. *p+100Y(10U(s0p10h12v0s0b3T                  b.  Location - scan.exe MUST be located in C:\SECURITY.
199. *p+50Y(10U(s0p10h12v0s0b3T                      Because this location was mandated by CMC, it has
200. *p+50Y(10U(s0p10h12v0s0b3T                      been hard-coded into Viruschk.  If it cannot
201. *p+50Y(10U(s0p10h12v0s0b3T                      execute the program c:\security\scan.exe, it is
202. *p+50Y(10U(s0p10h12v0s0b3T                      considered an error & the lock up is initiated on
203. *p+50Y(10U(s0p10h12v0s0b3T                      purpose.  This prevents a virus from planting a
204. *p+50Y(10U(s0p10h12v0s0b3T                      trojan "scan" elsewhere in your path and having it
205. *p+50Y(10U(s0p10h12v0s0b3T                      executed by Viruschk.
206. *p+102Y(10U(s0p10h12v0s0b3T        (10U(s0p16.66h8.5v0s0b0T____________________________________________________________________________________________________________
207. (10U(s0p16.66h8.5v0s0b0T                                                                                                                        *p2172X_
208. *p+64Y(10U(s0p16.66h8.5v0s0b0T             *p240X3. This condition should **p710XN*p730XE*p750XV*p770XE*p790XR*p810X* *p848Xhappen!  If it does, please contact me because I'm interested in knowing
209. (10U(s0p16.66h8.5v0s0b0T                                      *p692X**p712XN*p732XE*p752XV*p772XE*p792XR*p812X*
210. *p+38Y(10U(s0p16.66h8.5v0s0b0T                *p294Xif this can actually happen.
211. *p+171Y(10U(s0p16.66h8.5v0s0b0T                                                               *p1140X(10U(s0p10h12v0s0b3T- 6 -
212.  
213. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T                  c.  Version - starting with Viruschk version 2.01c,
214. *p+50Y(10U(s0p10h12v0s0b3T                      Viruscan (scan.exe) 7.2V77 is the minimum version
215. *p+50Y(10U(s0p10h12v0s0b3T                      required.
216. *p+100Y(10U(s0p10h12v0s0b3T           2.  My warning screen comes out looking like a bunch of
217. *p+50Y(10U(s0p10h12v0s0b3T               jumbled garbage.
218. *p+100Y(10U(s0p10h12v0s0b3T                  a.  Most likely your screen was done in ANSI graphics
219. *p+50Y(10U(s0p10h12v0s0b3T                      and you do not have ansi.sys loaded.  Insure that
220. *p+50Y(10U(s0p10h12v0s0b3T                      your config.sys file contains a line something to
221. *p+50Y(10U(s0p10h12v0s0b3T                      the effect of "device=c:\dos\ansi.sys".  If it does
222. *p+50Y(10U(s0p10h12v0s0b3T                      not, add the line (make sure you give the correct
223. *p+50Y(10U(s0p10h12v0s0b3T                      path to ansi.sys), then reboot your system.
224. *p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+255Y*p+185Y(10U(s0p10h12v0s0b3T                                      - 7 -
225.  
226. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TNOTES:
227. *p+150Y(10U(s0p10h12v0s1b3T                (10U(s0p10h12v0s0b3TThe author can be contacted to register or for support in
228. *p+50Y(10U(s0p10h12v0s0b3T        the following ways:
229. *p+100Y(10U(s0p10h12v0s0b3T        Commanding Officer
230. *p+50Y(10U(s0p10h12v0s0b3T        Headquarters, 1st Marine Corps District (ISMO)
231. *p+50Y(10U(s0p10h12v0s0b3T        605 Stewart Avenue
232. *p+50Y(10U(s0p10h12v0s0b3T        Garden City, NY 11530
233. *p+50Y(10U(s0p10h12v0s0b3T                ATTN: SSgt Freivald
234. *p+100Y(10U(s0p10h12v0s0b3T        Commercial phone - (516) 228-5635
235. *p+50Y(10U(s0p10h12v0s0b3T        Autovon phone - 994-5635
236. *p+50Y(10U(s0p10h12v0s0b3T        ELMS/MCDN - bk1md4:gisnad05
237. *p+50Y(10U(s0p10h12v0s0b3T        Compuserve - 70274,666
238. *p+50Y(10U(s0p10h12v0s0b3T        Internet - 70274.666@compuserve.com
239. *p+50Y(10U(s0p10h12v0s0b3T        Prodigy - ktfp55a
240. *p+50Y(10U(s0p10h12v0s0b3T        BBS - (516) 483-5841 (8,N,1 - 300-2400,9600 HST)
241. *p+100Y(10U(s0p10h12v0s0b3T                I wrote this program to take care of two CMC mandates for
242. *p+50Y(10U(s0p10h12v0s0b3T        the users of our network as transparently as possible.  It has
243. *p+50Y(10U(s0p10h12v0s0b3T        also been implemented on all of our remote/stand-alone systems.
244. *p+50Y(10U(s0p10h12v0s0b3T        Those mandates are the access warning screen on system startup
245. *p+50Y(10U(s0p10h12v0s0b3T        and the scanning of all hard drives at least once a week.
246. *p+100Y(10U(s0p10h12v0s0b3T                Please contact me ASAP if you have any problems with this
247. *p+50Y(10U(s0p10h12v0s0b3T        program.  We have tested it on over 90 systems here at 1st
248. *p+50Y(10U(s0p10h12v0s0b3T        District, but our configurations are pretty standard, so I can't
249. *p+50Y(10U(s0p10h12v0s0b3T        GUARANTEE that it will run properly on ALL systems (although I
250. *p+50Y(10U(s0p10h12v0s0b3T        believe it will).
251. *p+100Y(10U(s0p10h12v0s0b3T                I am also open to comments and suggestions for
252. *p+50Y(10U(s0p10h12v0s0b3T        improvements.  Having reached this stage, updates are not very
253. *p+50Y(10U(s0p10h12v0s0b3T        high on the priority list, but I will definitely entertain them.
254. *p+50Y(10U(s0p10h12v0s0b3T        I may also be willing to produce custom versions for specific
255. *p+50Y(10U(s0p10h12v0s0b3T        requirements.  This will depend on what they are (the amount of
256. *p+50Y(10U(s0p10h12v0s0b3T        work involved), requested delivery deadlines, and my current
257. *p+50Y(10U(s0p10h12v0s0b3T        workload here at 1st District.
258. *p+100Y(10U(s0p10h12v0s0b3T                If you would like to be placed on distribution for any
259. *p+50Y(10U(s0p10h12v0s0b3T        future updates, simply drop me a message (either US Mail or
260. *p+50Y(10U(s0p10h12v0s0b3T        Electronic Mail) with your name, unit, address (E-Mail!?), etc...
261. *p+50Y(10U(s0p10h12v0s0b3T        Be sure to mention Viruschk, as I maintain distribution lists for
262. *p+50Y(10U(s0p10h12v0s0b3T        a number of programs & want to be sure to get you on the right
263. *p+50Y(10U(s0p10h12v0s0b3T        list..!  Also, please mention the version that you currently
264. *p+50Y(10U(s0p10h12v0s0b3T        have.
265. *p+255Y*p+255Y*p+15Y(10U(s0p10h12v0s0b3T                                      - 8 -
266.  
267. (10U(s0p10h12v0s0b3T*p+255Y*p+79Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3TREVISION HISTORY:
268. *p+150Y(10U(s0p10h12v0s1b3T        (10U(s0p10h12v0s1b3T2.03(10U(s0p10h12v0s0b3T            *p727XFixed a bug that would cause a divide error with
269. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xprogram termination if a RAM Drive or hard disk
270. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xpartition was smaller than one meg or had less
271. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xthan one meg free.
272. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.02(10U(s0p10h12v0s0b3T            *p727XAdded the feature of "/NOBREAK" being passed to
273. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xscan.exe only on the first run of any given day.
274. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XThis added the requirement for a 4 byte control
275. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xfile, which is named "c:\security\viruschk.lrd"
276. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(lrd stands for "last run date").
277. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01c(10U(s0p10h12v0s0b3T           *p727XUpdated the code to invoke scan.exe with the
278. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X"/M", "/NOPAUSE" and "/NOBREAK" options.  This
279. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xupdate requires the use of Viruscan (scan.exe)
280. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xversion 7.2V77 or higher.
281. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01b(10U(s0p10h12v0s0b3T           *p727XAdded (actually just made consistent &
282. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xdocumented) DOS errorlevel exits.
283. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01a(10U(s0p10h12v0s0b3T           *p727XCaptured the keystroke if the delay was bypassed
284. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xto prevent inadvertent input to the next program
285. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xrun.
286. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.01(10U(s0p10h12v0s0b3T            *p727XAdded drive information display, changed 5
287. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xsecond delay to a 30 second delay bypassable
288. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xwith a keystroke, and made the warning screen
289. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xoptional.
290. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T2.0(10U(s0p10h12v0s0b3T             *p727XAdded integrity (virus) self-check, system
291. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xinterrogation for drive table and option to run
292. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xon a specific day of the week.  Converted from
293. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X.exe to .com format.  Documentation written.
294. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XFirst general distribution.
295. *p+100Y(10U(s0p10h12v0s0b3T        (10U(s0p10h12v0s1b3T1.0(10U(s0p10h12v0s0b3T             *p727XFirst release, not distributed beyond First
296. *p+50Y(10U(s0p10h12v0s0b3T                        *p727XDistrict users.  Would only scan drive c:, had a
297. *p+50Y(10U(s0p10h12v0s0b3T                        *p727Xfixed 5 second delay for the warning screen
298. *p+50Y(10U(s0p10h12v0s0b3T                        *p727X(which was required), and ran every day.
299. *p+255Y*p+255Y*p+255Y*p+60Y(10U(s0p10h12v0s0b3T                                      - 9 -