home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Night Owl 6
/
Night Owl's Shareware - PDSI-006 - Night Owl Corp (1990).iso
/
030a
/
virx20.zip
/
README.VRX
< prev
next >
Wrap
Text File
|
1992-02-07
|
13KB
|
234 lines
Using the VIRx Virus Detection Program
--------------------------------------
Please be sure to examine the license and distribution agreement at the
end of this document before using the included program, VIRx.
VIRx is a program designed to make scanning for viruses as easy and
painless as possible. It's a fast, comprehensive solution to a serious
problem: the potential for viral infection affecting your normal usage
of your computer.
By using VIRx and the commercially available Virex package you will be
fully protected from virus infection.
You should use VIRx in the following way: when you first install VIRx,
you should do a "long" scan (described below), and should scan any new
program you obtain. On a regular basis, you may wish to scan the entire
hard disk again, just to double check. The speed at which VIRx operates
makes scanning for viral infections on your hard disk very quick: use VIRx
regularly.
***IMPORTANT***
This program should not be run except from a locked or write-protected
floppy. Otherwise, if run in an infected environment, it can get infected
itself, possibly carrying the virus to new files and/or machines. If you
downloaded VIRx you should copy the VIRX.EXE to a clean floppy and should
then write-protect or lock that floppy from further write access.
If VIRx finds a virus, it will only allow you to delete the infected file.
In order to disinfect (ie.- recover the original uninfected files) you will
need to use VPCScan, only available in the commercial product, Virex.
We are particularly interested in obtaining samples of infected files, and
have found that our users are a valuable asset in dealing with new viruses.
Samples sent to Microcom will be examined by our tech support team, but we
can not guarantee their return or an individual acknowledgment we received
them. Registered users of Virex are entitled to full technical support.
-------------------------------Features--------------------------------
1. VIRx is network compatible. Scan your network drives just as you would
normal drives. If you are not allowed read access to a particular file
VIRx will report that it cannot read that file, and tell you that
sub-directory is "Uncertain", because the file you could not read might be infected with a virus. If you find a boot sector or partition table
virus on a network drive, we would like to hear about it. In any case,
be sure you are adequately backed up before disinfecting: networks can
be tricky when being disinfected.
2. VIRx can detect viruses in .EXE files which were compressed with either
PKLite or LZEXE. The use of executable file pre-compressors is becoming
quite popular. These utilities take an .EXE program file and make its
disk image much smaller by using data compression. The resulting file
is run just like before, by typing its name. The end user normally
would not notice any difference. Unfortunately, if a virus infected
program is compressed in this way, it can not be detected by some other
virus scanners in the resulting executable file -- even though it still
contained a live, and potentially dangerous, virus.
è
VIRx has been updated to detect these compressed executable files,
and will check them thoroughly for viruses. We support both the LZEXE
and PKLite precompression schemes, a first in the industry! { Please
note, however, that we do NOT examine files inside archives with the
current version. }
3. VIRx scans all subdirectories beginning with the current directory of a
specified drive. Typing `VIRx A:\' scans the entire A: drive, including
and subdirectories on that drive's disk. Typing `VIRx C:' scans the
default directory of the C: drive and its subdirectories. To scan the
entire C: drive, type "VIRx C:\". To determine the current default
directory of a drive, type `CD d:', where `d' is the specific drive
letter. You can target any group of files for scanning using standard
DOS wildcarding.
4. Command line switches: (separate switches with a space)
a. The -O option, for "Only", tells VIRx to scan only the specified or
default directory, do not include any of its subdirectories in the scan.
b. The -L option, for "Long" scan, scans the entire contents of a file,
byte by byte.
Normally, VIRx uses a proprietary algorithm to determine where to look
for viruses in the suspect file. This helps VIRx, in part, to achieve
its amazing scanning speed when combined with other of its proprietary
scanning techniques. Using the -L option causes the "smart" search to
be turned off and VIRx will examine the file more closely, causing an
increase in the time it takes to scan the file. For this reason, it is
recommended that the -L option be used only on new files, the first time
your hard disk is scanned, or if there is particular reason to suspect
an undiscovered virus. We know of no virus that is detected with the
"long" option turned on that is not also detected by our Smart Scan.
c. The -A option, for "All files", tells VIRx to scan all types of
files, not only files that end with known executable extensions.
VIRx will, by default, only scan files with certain known executable
extensions, such as .COM and .EXE. If you scan a directory that does
not contain any executable files VIRx will return the message: "0 files
scanned", meaning that it found no executable files. True data files
cannot be infected with viruses, as viruses must be executed to be
activated. We provide this option in case you have executable files
whose extensions are not in our internal list of defaults.
d. The -M option, for "Memory", tells VIRx to NOT search the system
memory for signs of virus code.
By default, VIRx will scan memory for all viruses. Viruses in memory
can be very malicious, causing each file opened to be infected -- even
if they are opened by VIRx to check them for viruses! If we find a
virus in memory that would infect files as we open them for scanning,
we halt the scan to prevent the virus from being spread.
To confirm a reported virus in memory, you should:
1. Turn off your machine.
2. Obtain a virus-free floppy with the same version of DOS as
you are using on your hard disk. This disk should be write-
protected.
3. Insert that disk in your A: floppy drive.
4. Turn the machine back on booting from the clean floppy.
5. Repeat the scan immediately from our original locked or
write-protected floppy. (If you originally downloaded VIRx, you
should use the copy you made as discussed above -- you should
always run VIRx from a locked or write-protected floppy.)
e. The -C option forces monochrome mode.
Some computers with LCD displays, including some Toshiba and IBM
portables and Leading Edge monochrome systems, are unable to display
the VIRx screens because these machines perform color monitor emulation.
Running VIRx with the -C option will assure readability.
g. The -R option lets you set the name for the file used to log the
results of a scan.
When you specify that you want the results of a scan recorded on your
disk, the default operation of VIRx is to write these results into a
file called "C:\VIRx.LOG". If you'd prefer these results to be written
to a different file, you can specify that file using the -R option.
Specify the full path of the file you'd like the results to be written
to as:
-RC:\MYLOG.LOG
h. The -S option, for "Skip Self", will tell VIRx to save a few seconds
by not scanning itself.
This option is included to save time for people running a known clean
copy of the software from a locked floppy, over and over, perhaps as
part of a batch process. It's not for ordinary use - save yourself a
lot of time tomorrow by spending the extra few seconds to scan VIRx
to make sure you're running a clean copy of the program.
i. The -X option, for "extra memory", causes VIRx to scan memory past
the normal 640K DOS limit, to just under 1 Meg.
On machines with RAM mapped into this address range, it is possible for
certain viruses to load into this area, for example - the E.D.V. virus.
Note that the use of disk caching software loaded into this area can
result in false positives in memory.
j. The -F option, for "single Floppy", allows a single floppy to be
scanned without the user being prompted to insert a new floppy after the
scan is completed. Particularly useful in batch mode.
5. Batch mode options are now available through the -B? switch. These
options allow VIRx to be run without operator intervention and are
included for the convenience of system administrators.
a. -BI tells VIRx that you don't want the scan Interrupted when a
virus is found. Instead, VIRx will note the find in the log file and
continue scanning from there.
b. -BM asks VIRx to Modify the extension of any file found to contain a
virus, so you will not accidentally run the file before cleaning it up.
The infected file's extension will be changed to .VIR and the scan will
continue. The results will be stored in the log file. In case of name
collisions, the new extension will be .VI1, .VI2, etc.
c. -BR tells VIRx to Remove any file found to be infected with a virus.
This means the file or files are actually erased from the disk, though
they are not overwritten and so could possibly be recovered with an
undelete utility.
Although we are not aware of any file being flagged as containing a virus
which does not actually contain one, there is always a possibility
that such a false positive may occur. Using this switch would cause even
such false positives, rare as they may be, to be erased too. The danger
of false positives being erased is greatly increased if you use -BR with
the -A switch described above, so this combination is not recommended.
d. -BD Disinfects any infected file for which we have a disinfector.
If there is no disinfector available for the virus discovered this
switch acts like -BI, recording the find and continuing. There are no
disinfectors in the VIRx freely distributable version of VPCScan;
disinfectors are only available in the commercial Virex package.
6. VIRx can be updated in the field to detect currently unknown viruses.
If this becomes necessary, Microcom will provide the necessary
information to registered users of Virex and can forward the required
update information through the normal channels of online communication.
The latest version of VIRx and external signature files can be downloaded
from Microcom's BBS. Settings are 8 bits, No Parity, 1 Stop bit, at
speeds up to 14,400 baud. The number is (919)419-1602.
The list of viruses which Virex can detect and repair is constantly
updated. VIRx's '-#' option allows you to obtain a listing of all the
viruses which Virex is currently capable of detecting and repairing.
Repair capability is indicated by the term "Disinfector" in parentheses
next to the virus name. This list may be output to the printer using
DOS redirection (VIRx -# > PRN:). No scan will actually take place if
you use the '-#' option on the VIRx command line.
Licensing and Distribution Information
--------------------------------------
This program Copyright (C) 1990-92 Ross M. Greenberg, All rights reserved.
The related documentation Copyright (C) 1990-92 Microcom Systems, Inc. and
Ross M. Greenberg, All rights reserved. This software is a fully
functioning demonstration of a commercially available package and is not a
shareware program. VIRx may be distributed freely, but may not be sold or
bundled with other products without the written permission of Microcom Inc.
and Ross M. Greenberg. Business and corporate users: your license is for a
30 day evaluation period only, after which you require a site license for
continued use. Contact Microcom for further site license info.
THIS SOFTWARE IS DISTRIBUTED AS IS; THERE ARE NO WARRANTIES OR GUARANTEES
THAT IT WILL SUIT YOUR NEEDS AND NEITHER MICROCOM SYSTEMS, INC. NOR ROSS M.
GREENBERG SHALL BE RESPONSIBLE IN ANY WAY FOR YOUR USAGE OF THIS PROGRAM NOR
FOR ANY POSSIBLE CONSEQUENTIAL DAMAGES THAT MAY ARISE FROM THAT USAGE.
Although no support should be required for the use of this program, please
be aware that only the complete version of the Virex program is
supported.