Shareware Overload

home *** CD-ROM | disk | FTP | other *** search

/ Shareware Overload / ShartewareOverload.cdr / virus / clean75.zip / CLEAN75.DOC < prev next >

Wrap

Text File | 1991-02-26 | 14KB | 337 lines

CLEAN-UP Version 6.9V75 Copyright (C) 1990, 1991 by McAfee Associates. All rights reserved. Documentation by Aryeh Goretsky. McAfee Associates (408) 988-3832 office 4423 Cheeney Street (408) 970-9727 fax Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps U.S.A (408) 988-5138 BBS HST 9600 (408) 988-5190 BBS v32 9600 TABLE OF CONTENTS: SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2 - What CLEAN-UP is, system requirements AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2 - Verifying the integrity of CLEAN-UP WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .2 - Features, new viruses added in this release OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .3 - Detailed description of CLEAN-UP OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . .4 - How to use CLEAN-UP EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .5 - Samples of frequently-used options REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .5 - How to register CLEAN-UP TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .6 - Information you should have ready when calling VERSION NOTES. . . . . . . . . . . . . . . . . . . . . . . . .6 - Program History Page 1 CLEAN-UP Version 6.9V75 Page 2 SYNOPSIS CLEAN-UP (CLEAN) is a virus disinfection program for IBM PC and compatible computers. CLEAN-UP will search though the partition table, boot sector, or files of a PC and remove a virus specified by the user. In most instances CLEAN-UP is able to repair the infected area of the system and restore it to normal usage. CLEAN-UP works on all viruses identified by the current version of the VIRUSCAN (SCAN) program. CLEAN-UP runs on any PC with 256Kb and DOS version 2.00 or greater. AUTHENTICITY CLEAN-UP runs a self-test when executed. If CLEAN has been modified in any way, a warning will be displayed. The program will still continue to remove viruses, though. If CLEAN reports that it has been damaged, is recommended that a new, clean copy be obtained. CLEAN-UP is packaged with the VALIDATE program to ensure the integrity of the CLEAN.EXE file. The VALIDATE.DOC instructions tell how to use the VALIDATE program. The VALIDATE program distributed with CLEAN-UP may be used to check all further versions of CLEAN. The validation results for Version 75 should be: FILE NAME: CLEAN.EXE SIZE: 108,177 DATE: 02-26-1991 FILE AUTHENTICATION Check Method 1: 5132 Check Method 2: 10DF If your copy of CLEAN.EXE differs, it may have been modified. Always obtain your copy of CLEAN-UP from a known source. The latest version of CLEAN-UP and validation data for SCAN.EXE can be obtained off of McAfee Associates' bulletin board system at (408) 988-4004. Beginning with Version 72, all McAfee Associates programs for download are archived with PKWare's PKZIP Authentic File Verification. If you do not see the "-AV" message after every file is unzipped and receive the message "Authentic Files Verified! # NWN405 Zip Source: McAFEE ASSOCIATES" when you unzip the files then do not run them. If your version of PKUNZIP does not have verification ability, then this message may not be displayed. Please contact McAfee Associates if your .ZIP file has been tampered with. WHAT'S NEW Version 75 of CLEAN-UP adds removal of the Azusa virus, a floppy disk boot sector and hard disk partition table virus that has been reported in multiple sites in the U.S. CLEAN-UP Version 6.9V75 Page 3 OVERVIEW CLEAN-UP searches the system looking for the virus you wish to remove. When an infected file is found, CLEAN-UP isolates and removes the virus, and in most cases, repairs the infected file and restores it to normal operation. If the file is infected with a less common virus, CLEAN-UP will then display a warning message and prompt the user, asking whether to overwrite and delete the infected file. Files erased in such a manner are non-recoverable. Verify the suspect virus infection with the VIRUSCAN program before running CLEAN-UP. VIRUSCAN will locate and identify the virus and provide the I.D. code needed to remove it. The I.D. is displayed inside the square brackets, "[" and "]." For example, the I.D. code for the Jerusalem virus is displayed as "[Jeru]". This I.D. must be used with CLEAN-UP to remove the virus. The square brackets "[" and "]" MUST be included. The common viruses that CLEAN-UP is able to remove successfully and repair and restore the damaged programs are: 1260 1591 1701 1704 4096 Alabama Alameda Ashar Azusa Bloody! Dark Avenger DataLock Disk Killer EDV Fish Flip Invader Jerusalem A Jerusalem B Jerusalem E Joshi KeyPress Liberty Music Bug New Jerusalem Pakistan Brain PayDay Ping Pong B Plastique Slow Stoned SunDay Suriv03 Taiwan 3 Taiwan 4 V800 VacSina Vienna Violator Whale Yankee Doodle ZeroBug AN IMPORTANT NOTE ABOUT .EXE FILES: Some viruses which infect .EXE files can not be removed successfully in all cases. This usually occurs when the .EXE file loads internal overlays. Instead of attaching to the end of the .EXE file, the virus may attach to the beginning of the overlay area, and program instructions are overwritten. CLEAN-UP will truncate files infected in this manner. If a file no longer runs after being cleaned, replace it from the manufacturer's original disk. AN IMPORTANT NOTE ABOUT THE STONED VIRUS: Removing the Stoned virus can cause loss of the partition table on systems with non-standard formatted hard disks. As a precaution, backup all critical data before running CLEAN-UP. Loss of the partition table can result in the LOSS OF ALL DATA ON THE DISK. CLEAN-UP Version 6.9V75 Page 4 OPERATION: IMPORTANT NOTE: POWER DOWN YOUR SYSTEM AND BOOT FROM A CLEAN SYSTEM DISK BEFORE BEGINNING. RUN THE CLEAN-UP PROGRAM FROM A WRITE-PROTECTED DISK TO PREVENT INFECTION OF THE PROGRAM. Power down the infected system and boot from a clean, write-protected system diskette. This step will insure that the virus is not in control of the computer and will prevent reinfection. After cleaning, power down the system again, reboot from the system disk, and run the VIRUSCAN program to make sure the system has been succesfully disinfected. After cleaning the hard disk, run the VIRUSCAN program on any floppies that may have been inserted into the infected system to determine if they have been infected. CLEAN-UP will display the name of the infected file, the virus found in it, and report a "successful" disinfection when the virus is removed. If a file has been infected multiple times by a virus (possible if the virus does not check to see if it has already attached to a file) than CLEAN-UP will report that the virus has been removed successfully for each infection. To run CLEAN-UP type: CLEAN d1: ... d10: [virus ID] /A /E .xxx /FR /MANY /M /REPORT d:filename Options are: /A - Examine all files for viruses /E .xxx .yyy .zzz - Clean overlay extensions .xxx .yyy .zzz /FR - Display messages in French /MANY - Check and disinfect multiple floppies /REPORT d:filename - Create report of cleaned files d1: ... d10: - indicate drives to be cleaned [virus ID] - Virus identification code - provided by the VIRUSCAN program when it detects a virus. For a complete list of codes, see the accompanying VIRLIST.TXT file The /A option will cause CLEAN to go through all files on diskette. This should be used if a file-infecting virus is detected. The /E option allows the user to specify an extension or set of extensions to clean. Extensions must be separated by a space after the /E and between each other. Up to three extensions may be added with the /E. For more extensions, use the /A option. The /FR option tells CLEAN-UP to display all messages in French instead of English. The /MANY option is used to clean multiple floppy diskettes. If the user has more than one floppy disk to check for viruses, the /MANY option will allows the user to check them without having to run CLEAN multiple times. CLEAN-UP Version 6.9V75 Page 5 The /REPORT option is used to generate a listing of disinfected files. The resulting list can be saved to disk as an ASCII text file. To use the report option, specify /REPORT on the command line, followed by the device and filename. EXAMPLES The following examples are shown as they would be typed in on the command line. CLEAN C: D: E: [JERU] /A To disinfect drives C:, D:, and E: of the Jerusalem virus, searching all files for the virus in the process CLEAN A: [STONED] To disinfect floppy in drive A: of the Stoned virus CLEAN C:\MORGAN [DAV] /A To disinfect subdirectory MORGAN on drive C: of the Dark Avenger, searching all files for the virus in the process CLEAN B: [DOODLE] /REPORT C:YNKINFCT.TXT To disinfect floppy in drive B: of the Yankee Doodle virus, searching all files in the process, and creating a report of disinfected files named YNKINFCT.TXT on drive C: REGISTRATION A registration fee of $35.00US is required for the use of CLEAN-UP by individual home users. Registration is for one year and entitles the holder to unlimited free upgrades for the duration of the year. Upgrades must be obtained from the McAfee Associates bulletin board. Diskettes are not mailed with registrations unless specifically requested. Add $9.00US for diskette mailings. Registration is for home users only and does not apply to businesses, departments, organizations, government agencies, or schools, who must obtain a site license for use. Contact McAfee Associates for more information. Outside of North America, registration and support may be obtained through the agents listed in the accompanying AGENTS.TXT text file. CLEAN-UP Version 6.9V75 Page 6 TECH SUPPORT In order to facilitate speedy and accurate support, please have the following information ready when you contact McAfee Associates: - Program name and version number. - Type and brand of computer, hard disk, plus any peripherals. - Version of DOS you are running, plus any TSRs or device drivers in use. - Printouts of your AUTOEXEC.BAT and CONFIG.SYS files. - The exact problem you are having. Please be specific as possible. Having a print out of the screen and/or being at your computer will help also. McAfee Associates can be contacted by BBS or fax twenty-four hours a day, or call our business office at (408) 988-3832, Monday through Friday, 8:30AM to 6:00PM Pacific Standard Time. McAfee Associates (408) 988-3832 office 4423 Cheeney Street (408) 970-9727 fax Santa Clara, CA 95054 (408) 988-4004 BBS 2400 bps U.S.A (408) 988-5138 BBS HST 9600 (408) 988-5190 BBS v32 9600 VERSION NOTES Version 74, 74-B: Version 74-B fixes a bug in 74 that caused CLEAN to misidentify the Stoned virus on some removable media. Version 74 of CLEAN-UP adds removal of the 1591 and the Music Bug viruses, as well as several new variants of the Jerusalem virus. For more information about these viruses, please refer to the enclosed VIRLIST.TXT file. A new command has been added. When the /FR option is specified, all messages will be display by CLEAN-UP in French. Version 72: Version 72 of CLEAN-UP adds the removal of two new viruses, the Liberty virus, widely being reported in Australia and the southeastern United States, and the Plastique virus, which is being reported in the United States, Asia, Australia, and Europe. Additionally, handling of the removal of the Pakistani Brain virus has been improved. Version 71: Version 71 of CLEAN-UP adds disinfection of six new viruses, the Flip virus, KeyPress virus, DataLock virus, Taiwan-3, Taiwan-4 and the Violator. For summary information about these viruses, please refer to the accompanying VIRLIST.TXT file. For a detailed description of these viruses please refer to Patricia Hoffman's VSUM document. VSUM is copyrighted by Patricia Hoffman.