Night Owl 6

home *** CD-ROM | disk | FTP | other *** search

/ Night Owl 6 / Night Owl's Shareware - PDSI-006 - Night Owl Corp (1990).iso / 030a / virx20.zip / README.VRX < prev next >

Wrap

Text File | 1992-02-07 | 13KB | 234 lines

Using the VIRx Virus Detection Program -------------------------------------- Please be sure to examine the license and distribution agreement at the end of this document before using the included program, VIRx. VIRx is a program designed to make scanning for viruses as easy and painless as possible. It's a fast, comprehensive solution to a serious problem: the potential for viral infection affecting your normal usage of your computer. By using VIRx and the commercially available Virex package you will be fully protected from virus infection. You should use VIRx in the following way: when you first install VIRx, you should do a "long" scan (described below), and should scan any new program you obtain. On a regular basis, you may wish to scan the entire hard disk again, just to double check. The speed at which VIRx operates makes scanning for viral infections on your hard disk very quick: use VIRx regularly. ***IMPORTANT*** This program should not be run except from a locked or write-protected floppy. Otherwise, if run in an infected environment, it can get infected itself, possibly carrying the virus to new files and/or machines. If you downloaded VIRx you should copy the VIRX.EXE to a clean floppy and should then write-protect or lock that floppy from further write access. If VIRx finds a virus, it will only allow you to delete the infected file. In order to disinfect (ie.- recover the original uninfected files) you will need to use VPCScan, only available in the commercial product, Virex. We are particularly interested in obtaining samples of infected files, and have found that our users are a valuable asset in dealing with new viruses. Samples sent to Microcom will be examined by our tech support team, but we can not guarantee their return or an individual acknowledgment we received them. Registered users of Virex are entitled to full technical support. -------------------------------Features-------------------------------- 1. VIRx is network compatible. Scan your network drives just as you would normal drives. If you are not allowed read access to a particular file VIRx will report that it cannot read that file, and tell you that sub-directory is "Uncertain", because the file you could not read might be infected with a virus. If you find a boot sector or partition table virus on a network drive, we would like to hear about it. In any case, be sure you are adequately backed up before disinfecting: networks can be tricky when being disinfected. 2. VIRx can detect viruses in .EXE files which were compressed with either PKLite or LZEXE. The use of executable file pre-compressors is becoming quite popular. These utilities take an .EXE program file and make its disk image much smaller by using data compression. The resulting file is run just like before, by typing its name. The end user normally would not notice any difference. Unfortunately, if a virus infected program is compressed in this way, it can not be detected by some other virus scanners in the resulting executable file -- even though it still contained a live, and potentially dangerous, virus. è VIRx has been updated to detect these compressed executable files, and will check them thoroughly for viruses. We support both the LZEXE and PKLite precompression schemes, a first in the industry! { Please note, however, that we do NOT examine files inside archives with the current version. } 3. VIRx scans all subdirectories beginning with the current directory of a specified drive. Typing `VIRx A:\' scans the entire A: drive, including and subdirectories on that drive's disk. Typing `VIRx C:' scans the default directory of the C: drive and its subdirectories. To scan the entire C: drive, type "VIRx C:\". To determine the current default directory of a drive, type `CD d:', where `d' is the specific drive letter. You can target any group of files for scanning using standard DOS wildcarding. 4. Command line switches: (separate switches with a space) a. The -O option, for "Only", tells VIRx to scan only the specified or default directory, do not include any of its subdirectories in the scan. b. The -L option, for "Long" scan, scans the entire contents of a file, byte by byte. Normally, VIRx uses a proprietary algorithm to determine where to look for viruses in the suspect file. This helps VIRx, in part, to achieve its amazing scanning speed when combined with other of its proprietary scanning techniques. Using the -L option causes the "smart" search to be turned off and VIRx will examine the file more closely, causing an increase in the time it takes to scan the file. For this reason, it is recommended that the -L option be used only on new files, the first time your hard disk is scanned, or if there is particular reason to suspect an undiscovered virus. We know of no virus that is detected with the "long" option turned on that is not also detected by our Smart Scan. c. The -A option, for "All files", tells VIRx to scan all types of files, not only files that end with known executable extensions. VIRx will, by default, only scan files with certain known executable extensions, such as .COM and .EXE. If you scan a directory that does not contain any executable files VIRx will return the message: "0 files scanned", meaning that it found no executable files. True data files cannot be infected with viruses, as viruses must be executed to be activated. We provide this option in case you have executable files whose extensions are not in our internal list of defaults. d. The -M option, for "Memory", tells VIRx to NOT search the system memory for signs of virus code. By default, VIRx will scan memory for all viruses. Viruses in memory can be very malicious, causing each file opened to be infected -- even if they are opened by VIRx to check them for viruses! If we find a virus in memory that would infect files as we open them for scanning, we halt the scan to prevent the virus from being spread. To confirm a reported virus in memory, you should: 1. Turn off your machine. 2. Obtain a virus-free floppy with the same version of DOS as you are using on your hard disk. This disk should be write- protected. 3. Insert that disk in your A: floppy drive. 4. Turn the machine back on booting from the clean floppy. 5. Repeat the scan immediately from our original locked or write-protected floppy. (If you originally downloaded VIRx, you should use the copy you made as discussed above -- you should always run VIRx from a locked or write-protected floppy.) e. The -C option forces monochrome mode. Some computers with LCD displays, including some Toshiba and IBM portables and Leading Edge monochrome systems, are unable to display the VIRx screens because these machines perform color monitor emulation. Running VIRx with the -C option will assure readability. g. The -R option lets you set the name for the file used to log the results of a scan. When you specify that you want the results of a scan recorded on your disk, the default operation of VIRx is to write these results into a file called "C:\VIRx.LOG". If you'd prefer these results to be written to a different file, you can specify that file using the -R option. Specify the full path of the file you'd like the results to be written to as: -RC:\MYLOG.LOG h. The -S option, for "Skip Self", will tell VIRx to save a few seconds by not scanning itself. This option is included to save time for people running a known clean copy of the software from a locked floppy, over and over, perhaps as part of a batch process. It's not for ordinary use - save yourself a lot of time tomorrow by spending the extra few seconds to scan VIRx to make sure you're running a clean copy of the program. i. The -X option, for "extra memory", causes VIRx to scan memory past the normal 640K DOS limit, to just under 1 Meg. On machines with RAM mapped into this address range, it is possible for certain viruses to load into this area, for example - the E.D.V. virus. Note that the use of disk caching software loaded into this area can result in false positives in memory. j. The -F option, for "single Floppy", allows a single floppy to be scanned without the user being prompted to insert a new floppy after the scan is completed. Particularly useful in batch mode. 5. Batch mode options are now available through the -B? switch. These options allow VIRx to be run without operator intervention and are included for the convenience of system administrators. a. -BI tells VIRx that you don't want the scan Interrupted when a virus is found. Instead, VIRx will note the find in the log file and continue scanning from there. b. -BM asks VIRx to Modify the extension of any file found to contain a virus, so you will not accidentally run the file before cleaning it up. The infected file's extension will be changed to .VIR and the scan will continue. The results will be stored in the log file. In case of name collisions, the new extension will be .VI1, .VI2, etc. c. -BR tells VIRx to Remove any file found to be infected with a virus. This means the file or files are actually erased from the disk, though they are not overwritten and so could possibly be recovered with an undelete utility. Although we are not aware of any file being flagged as containing a virus which does not actually contain one, there is always a possibility that such a false positive may occur. Using this switch would cause even such false positives, rare as they may be, to be erased too. The danger of false positives being erased is greatly increased if you use -BR with the -A switch described above, so this combination is not recommended. d. -BD Disinfects any infected file for which we have a disinfector. If there is no disinfector available for the virus discovered this switch acts like -BI, recording the find and continuing. There are no disinfectors in the VIRx freely distributable version of VPCScan; disinfectors are only available in the commercial Virex package. 6. VIRx can be updated in the field to detect currently unknown viruses. If this becomes necessary, Microcom will provide the necessary information to registered users of Virex and can forward the required update information through the normal channels of online communication. The latest version of VIRx and external signature files can be downloaded from Microcom's BBS. Settings are 8 bits, No Parity, 1 Stop bit, at speeds up to 14,400 baud. The number is (919)419-1602. The list of viruses which Virex can detect and repair is constantly updated. VIRx's '-#' option allows you to obtain a listing of all the viruses which Virex is currently capable of detecting and repairing. Repair capability is indicated by the term "Disinfector" in parentheses next to the virus name. This list may be output to the printer using DOS redirection (VIRx -# > PRN:). No scan will actually take place if you use the '-#' option on the VIRx command line. Licensing and Distribution Information -------------------------------------- This program Copyright (C) 1990-92 Ross M. Greenberg, All rights reserved. The related documentation Copyright (C) 1990-92 Microcom Systems, Inc. and Ross M. Greenberg, All rights reserved. This software is a fully functioning demonstration of a commercially available package and is not a shareware program. VIRx may be distributed freely, but may not be sold or bundled with other products without the written permission of Microcom Inc. and Ross M. Greenberg. Business and corporate users: your license is for a 30 day evaluation period only, after which you require a site license for continued use. Contact Microcom for further site license info. THIS SOFTWARE IS DISTRIBUTED AS IS; THERE ARE NO WARRANTIES OR GUARANTEES THAT IT WILL SUIT YOUR NEEDS AND NEITHER MICROCOM SYSTEMS, INC. NOR ROSS M. GREENBERG SHALL BE RESPONSIBLE IN ANY WAY FOR YOUR USAGE OF THIS PROGRAM NOR FOR ANY POSSIBLE CONSEQUENTIAL DAMAGES THAT MAY ARISE FROM THAT USAGE. Although no support should be required for the use of this program, please be aware that only the complete version of the Virex program is supported.