home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware Overload
/
ShartewareOverload.cdr
/
windows
/
vcopy74.zip
/
VCOPY74.DOC
< prev
next >
Wrap
Text File
|
1991-02-14
|
12KB
|
291 lines
VCOPY Version 0.5V74
Copyright 1990, 1991 by McAfee Associates.
All rights reserved.
Documentation by Aryeh Goretsky
McAfee Associates (408) 988-3832 office
4423 Cheeney Street (408) 970-9727 fax
Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps
U.S.A. (408) 988-5138 BBS HST 9600
(408) 988-5190 BBS v32 9600
TABLE OF CONTENTS
SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- What VCOPY is, system requirements
AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2
- Verifying the integrity of VCOPY
WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .3
- Features, new viruses added in this release
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .4
- Detailed description of VCOPY
OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . .4
- How to use VCOPY
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .5
- Samples of frequently-used options
REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .6
- How to register VCOPY
TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .6
- Information you should have ready when calling
VERSION NOTES. . . . . . . . . . . . . . . . . . . . . . . . .
- Program history
VCOPY Version 0.5V74 Page 2
SYNOPSIS
VCOPY is a replacement for the DOS COPY command for IBM PC and
compatible machines. VCOPY will search a PC for known computer
viruses in memory, then search the partition table and boot sector
of the source and destination disks, in addition to the files being
copied. This prevents viruses from entering your system and
identifies infected diskettes. VCOPY functions identically to the
MS-DOS 3.30 COPY command, with the exception of the COPY CON
function. For a list of viruses detected by VCOPY see the
accompanying VIRLIST.TXT file.
VCOPY requires DOS 2.0 or above, and 256Kb of memory.
AUTHENTICITY
VCOPY does a self-test when executed. If VCOPY has been
modified, a warning will be displayed. The program will still
continue to check for viruses and copy files, though. If VCOPY
reports that it has been damaged, a clean copy should be
obtained.
VCOPY is packaged with VALIDATE, a program to authenticate
the VCOPY.EXE file. Refer to VALIDATE.DOC for instructions on
how to use VALIDATE.
The validation results for Version 74 should be:
FILENAME: VCOPY.EXE
SIZE: 47,829
DATE: 02-14-1991
FILE AUTHENTICATION
Check Method 1: A4A8
Check Method 2: 14B2
If your VCOPY.EXE file differs, it has been changed. Always obtain
your copy of VCOPY from a known source. The latest version of
VCOPY and validation data for VCOPY.EXE can be obtained from
McAfee Associates Bulletin Board at (408) 988-4004.
Beginning with Version 72, all McAfee Associates programs for
download are archived with PKWare's PKZIP Authentic File
Verification. If you do not see the "-AV" message after every file
is unzipped and receive the message "Authentic Files Verified!
# NWN405 Zip Source: McAFEE ASSOCIATES" when you unzip the files
then do not run them. If your version of PKUNZIP does not have
verification ability, then this message may not be displayed.
Please contact McAfee Associates if your .ZIP file has been
tampered with.
VCOPY Version 0.5V74 Page 3
WHAT'S NEW
Version 74 of VCOPY adds 51 new viruses, bringing the total
number of known computer viruses to with 217 viruses, or counting
strains, 475 viruses.
The 1591 virus was sent to us from multiple sites in Quebec,
Canada, Oslo, Norway, and the United States. It is a
memory-resident file infector that attaches to .COM and .EXE files
when a disk is accessed via internal DOS commands.
The 903 virus was sent to us by Djennad Nasser from France.
It is a .COM file infector.
The Holocaust virus was sent to us by David Llamas of
Barcelona, Spain. It is a .COM file infector that uses "stealth"
type techniques.
The BeBe, Kuka, Kuka/Turbo, Lozinsky, MGTU, Nina, Off Stealth,
Polish-532, Sverdlov, Tiny-133, USSR-series, and Voronezh viruses
were discovered in the Soviet Union and Eastern Europe and sent to
us from numerous sources there and in Western Europe. They are not
believed to exist in the West.
The Christmas Violator, F-Word, Parity, Beeper, Best Wish,
Leapfrog, Destructor, Happy New Year Hymm, Justice, Label, V961,
Swiss-143, Sentinel, Plague, Monxla-B, Little Pieces, IKC528,
Hybrid, Dir-Vir, Stone90, Saddam, and Iraqui Warrior viruses were
sent to us from various sources around the globe.
For more information about these viruses, please refer to the
enclosed VIRLIST.TXT file
VCOPY Version 0.5V74 Page 4
OVERVIEW
VCOPY is a replacement for the DOS COPY command that adds
virus checking to the copying process. VCOPY checks the source and
destination diskettes for boot sector and partition table viruses,
as well as the files being copied for file-infecting viruses.
VCOPY prevents infected viruses from entering your system and
identifies infected disks during copying.
VCOPY processes commands identically to the MS-DOS 3.30 COPY
command. Refer to your MS-DOS 3.30 Users Guide for usage of the
COPY command.
When copying, VCOPY will search a PC for known computer
viruses in memory, search the partition table and boot sector
of the source and destination disks, and then the files being
copied. If a virus is found, VCOPY will report which virus it has
detected, and its location. VCOPY will check for viruses inside
LZEXEd files. For a list of viruses intercepted by VCOPY, please
refer to the accompanying VIRLIST.TXT file.
If VCOPY finds a virus, a message will be displayed stating
the name of the infected file and the virus infecting it. The user
will be presented with the option to either skip the file, or copy
it. If a virus is detected in an LZEXEd file, VCOPY will tell if
the infection is internal or external to the file.
If a virus is discovered, all media should be scanned for
viruses with the VIRUSCAN program to determine the extent of the
infection. The VIRUSCAN program, and its companion, the CLEAN-UP
virus disinfection program, are available from McAfee Associates
Bulletin Board at (408) 988-4004.
NOTE: Due to the fact that VCOPY must check for viruses in
addition to copying, it functions about 10% slower than the DOS
COPY command, on the average.
OPERATION
VCOPY should be placed in your DOS directory or any other
directory listed in your PATH statement. If you do not have a PATH
statement, then place VCOPY in your DOS directory and add the line
PATH=C:\name
to your AUTOEXEC.BAT file. Replace "name" with the directory where
all DOS commands are kept.
To copy files using VCOPY type:
VCOPY filespec1 filespec2 /E
To concatenate (join) files using VCOPY type:
VCOPY firstfile + lastfile sumfile /E
VCOPY Version 0.5V74 Page 5
Options are:
/E - check all files be copied, regardless of extension.
filespec1 - this is the source drive and path
filespec2 - this is the destination drive and path
firstfile - first file to concatenate
lastfile - last file to concatenate
sumfile - file created by concatenation of file1...file
NOTE: The DOS COPY /A, /B, and /V flags are supported by VCOPY,
refer to the DOS Users Manual for information on how to use them.
EXAMPLES
The following examples are shown as they would be typed in.
VCOPY A:*.* C:\FRITZ
To copy all files on drive A: to subdirectory FRITZ on drive
C:
VCOPY C:SMMRFELD\*.DOC A: /E
To copy all files from subdir SMMRFELD with the extension .DOC
to drive A:, checking them for viruses as they are copied.
VCOPY VL199 + VL200 + VL201 C:\SCRATCH\MONKEY.BAK
To join the files VL199, VL200, and VL201 as one file called
MONKEY.BAK in subdirectory SCRATCH on drive C:
REGISTRATION
A registration fee of $15.00US is requested for the use of
VIRUSCAN by individual home users. Registration is for one year
and entitles the holder to unlimited free upgrades off of McAfee
Associates BBS. Diskettes are not mailed unless requested. Add
$9.00US for diskette mailings.
Registration is for home users only and does not apply to
businesses, corporations, organizations, government agencies, or
schools, who must obtain a license for use. Contact McAfee
Associates for more information.
Outside of North America, registration and support may be
obtained through the agents listed in the accompanying AGENTS.TXT
text file.
VCOPY Version 0.5V74 Page 6
TECH SUPPORT
In order to facilitate speedy and accurate support, please
have the following information ready when you contact McAfee
Associates:
- Program name and version number.
- Type and brand of computer, hard disk, plus any
peripherals.
- Version of DOS you are running, plus any TSRs or device
drivers in use.
- The exact problem you are having. Please be specific as
possible. Having a print out of the screen and/or being
at your computer will help also.
McAfee Associates can be contacted by BBS or fax twenty-four hours
a day, or call our business office at (408) 988-3832, Monday
through Friday, 8:30AM to 6:00PM Pacific Standard Time.
McAfee Associates (408) 988-3832 office
4423 Cheeney Street (408) 970-9727 fax
Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps
U.S.A (408) 988-5138 BBS HST 9600
(408) 988-5190 BBS v32 9600
If you are overseas, the please refer to our AGENTS.TXT file for
a listing of International Agents for McAfee Associates product
support or sales.
VERSION NOTES
Version 72 of VCOPY adds four new viruses.
The ZeroHunt virus was uploaded to Homebase BBS by Paul
Ferguson of Washington, D.C., USA. It is a memory-resident
infector that attaches itself to the stack space in .COM files.
Since the virus is attaching itself inside a file, as opposed to
adding itself to the beginning or end, the size of the file will
not change.
The Bloody! virus has been reported in Massachusetts, USA as
well as Taiwan and Europe. It infects the boot sector of a floppy
disk and the partition table of the hard disk. After approximately
128 reboots, the virus displays the message "Bloody! Jun. 4, 1989"
which is the date of the Tiananmen Square Massacre in Beijing,
China.
The Jeff virus is a .COM file infector that destroys data by
writing garbage to the hard disk. It contains the text "Jeff is
visiting your hard disk."
The Music Bug virus has been reported in Woodland Hills,
California and Orlando, Florida as well as Taiwan. It infects the
boot sector of a a floppy disk and the partition table of the hard
disk. The Music Bug plays child nursery tunes after a specified
time. It contains the text "MusicBug v1.06. MacroSoft Corp."