What's New in VirusScan 2.04 for Windows 95 (9606) Copyright 1994-1996 by McAfee, Inc. All Rights Reserved. ___________________ What's In This File - Eicar Installation Test. - New VirusScan95 features. - Known issues. - New Viruses Detected and Removed. - Installing VirusScan95. - If a Virus is Detected in Memory. - Scanning with VirusScan95. - Customizing VirusScan95. - Documentation. - Frequently Asked Questions. - Reporting Problems. - How to contact us. - Registering VirusScan95. - McAfee Training. - Upgrading McAfee Products. ______________________________ Eicar Standard AntiVirus Test. A few words about the Eicar Standard AntiVirus Test File: The Eicar Standard AntiVirus Test File is a combined effort by antivirus vendors throughout the world to come up with one standard by which customers can verify their antivirus installations. To test your installation, you would copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69 or 70 byte file. When VirusScan is applied to this file, SCAN will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is very important to know that THIS IS NOT A VIRUS! However, users often have the need to test that their installations function correctly. The antivirus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. Notes: The next DAT update is scheduled for July with another in Sep. Intermediate "emergency" updates will be available only through the BBS. ____________________________ New Features for VirusScan95 * Added support for ZIP file scanning from the On-Demand scanner. * Added MS-DOS scanning component prior to loading Windows 95. * VirusScan95 now CLEANS MS Word macro infections. * Added the ability to scan the boot sector on local hard drives (enabled by default). * Added support for multiple scan targets (see FAQs under Section II below). * Added support for the "Scan in:" field to scan Local Drives as well as Network Drives. * Added support for scanning Word documents when launching from Word or Mail. * Added an AutoExit switch in VirusScan Configuration (VSC) files (see item 4 below). * Enabled the ability for launching VirusScan95 in a minimized or maximized window by using shortcuts. * Installation directory defaults to "C:\Program Files\McAfee\VirusScan95". * To save disk space, the installation searches for previously installed versions of McAfee VirusScan95. __________________________ New Features for VShield95 McAfee has re-vitalized the classic VShield product for an entirely new generation of Windows products. McAfee's chief architect stated when asked, "We overhauled the entire product by dropping in a 32-bit engine, and a series of VXD modules then, gave the interface a completely new look & feel. Customers who are familiar with the older product will be completely amazed at the improvements and features we have added. New users will really enjoy how VShield has been seamlessly blended into the workings of Windows95." Unlike its predecessor, VShield no longer relies on a DOS TSR; everything is done directly in the Windows95 environment. "We assembled customers' feedback and attempted to develop a product which, we believe the customer really wants. In the marketplace, I believe McAfee will be the first to develop an on-access product which is completely independent of MS-DOS." Here's what we did: * On Access scanning of floppy diskettes. * UNC aware. * Long file and directory name support. * Netware and MS-Network awareness. * Log file support with real-time logging. * Exclusions table. * Detection rate equivalent to existing products. ____________ Known Issues Symptom: VirusScan95 appears to continue scanning endlessly even after pressing the 'Stop' button. Cause: If VirusScan95 finds a corrupted zip file, an information box appears behind the main window. This leaves it appearing as if the scan is continuing, when it is really waiting for user input. Resolution: If you encounter this situation, simply move the VirusScan95 window in any direction to reveal the "DynaZip UnZip Error" window behind it. Then click OK, responding as requested by the dialog box. Compressed Files: Files with the "-" (dash) character in the filename which are compressed in Zipped files will not be scanned by the On Demand Scanner. Macro Viruses: When a macro virus is detected in conjunction with other viruses, the macro virus remover will not work. We are still working on this. If you encounter this, you can remove the other virus first or work in a separate area. Memory Managers: Windows 95 no longer requires MS-DOS memory managers. Using MS-DOS memory managers, may cause VirusScan95 to falsely detect viruses in memory. To eliminate the possibility of false warnings, remark (Rem) the memory manager lines from your CONFIG.SYS to deactivate them. ____________________ New Viruses Detected This DAT file (9606) detects the new viruses listed below. In addition, locations that have experienced problems with a particular virus are identified (172). _1660 _2869 (Europe) 1STVIR.3032/3173 ABBAS.5660 ALLFOOLS ANGEL_2.661 ANGEL_2.1671 ANTITRACE.1864 AS.594 ASMODEOUS.1450 AVALGASIL.666 AWAITS.500 BABY.962 BABY_L.674 BADCOM.600 BADSIZE.369 BAGNARA.694 BBO.1000.D BERT.2294 BIRTHDAY.512 BLACK_ADDER.1015 BLACK_SUNDAY.2372 BOLERO.1000.A BOLERO.1000.B BOLERO.1300 BOWL.737.B BRBI.KOBRIN.492 BUFFALO.486 BUNNY.497 CARRYON.534 CGA.1024 CHAPA.447 CHAPA.448 CHAPA.450.C CHAPA.450.D CHAPA.566 CHAPA.572 CHAPA.586 CHEK.282 CIVIL_WAR.533 CIVIL_WAR.837 CMOS DEATH (US) CNTV.2630 CONV.321.B CPW.1395 CRLC.484 CROVIR.625 DAN.1500 DEBIT.2000 DESTRUCTOR.2082 DOPERLAND.490 DRONE.1024 DUNE.483 DUNE.579 EBOL.313 EBOL.378 ELIZA.1282 EXEHEADER.RENEGADE.416 FASOLA.2215 FIFO.333 FORMAS.1146 GAD_FLY.629 GAD_FLY.646 HALLO.524 HELLOWEEN.1377 HI.512 SIRIUS.HOMUNCULUS.3000 IMI.1536.G IMI.1536.H IMPOSTER INCH.386 INSIDE.752 INT4B.231 INT4B.242 JERUSALEM.CURSE.1653.A JERUSALEM.CURSE.1653.B JERUSALEM.CURSE.1653.C JERUSALEM.KEEPER.1570 JUNE_24TH JUNKIE.1308 KATE.582 KPOBOCOC.335 L2.2000.B LOUSE.919 LOVEBUZZ.381 LOVEBUZZ.591 MAJOR.1644 (Europe) MANTRA.719 MEF.1481 MEF.1538 MEMORY_LAPSE.LUPUS.886 MEP.295 MEPH.615 MEPH.914 MEPH.928 MEPHISTO.1235 MEPH.1242 NADO.838 NADO.841 NOT_JERUSALEM.1008 NOV_17.1045 NUKER.SYNDROME.1485 OFT.1500 OPPRESSOR-B PATR.1536 PIXEL.ILL.573 POLITE (*) PROBLEM.857 PUPPETS.960 RATSOFT.753 RATSOFT.821 RATSOFT.828 RAVING_II.1195 SENORITA.885 SILLYC.90 SILLYC.101.B SILLYC.155.B SILLYC.165 SILLYC.200.B SILLYC.202 SILLYC.226 SILLYC.316 SILLYC.373 SILLYE.398 SILLYE.512 SILLYORCE.76.B SILLYRC.214 SILLYRC.224 SILLYRC.248 SILLYRC.303 SILLYRC.670 SMALL_COMP.116 SOFIATERMINATOR.1487 SUPERVISOR.2221 TANPRO.524 (Europe) TENTACLES (Worldwide) TIE.619 TIJUANA (Mexico/US) TIP.554 TRIVIAL.32.F TRIVIAL.32.G TRUST.687 TULA.1540 TULA.1656 TURBOEXE.854 UNHANDLED.495 V.334 V.719 V.864 V.1906 VERONIKA.1549.B VIAGGIO.1051 VIENNA.534.F VIENNA.BBOD.896 VIK.480 VIK.550 VIRUS.655 VOTADC.591 WAZZU (*) (US) WILDY.354.B WILDY.354.C WILLY_WONKA.1088 WORDMACRO.NOP (Germany) WZ-436.A WZ-436.B XPH-DR&E.EXE XPH.2010 XUTE.1182 XUXA.1045 XWG.1333 ZUB.792 ZVER.512 (*) Requires 2.5 executable ___________________ New Viruses Removed This DAT file (9606) removes the viruses listed below. In addition, locations that have experienced problems with a particular virus are identified (10). CMOS DEATH CONCEPT.B:FR IMPOSTER MAJOR.1644 POLITE TENTACLE TIJUANA WAZZU WORDMACRO.NOP XENIXOS ______________________ Installing VirusScan95 VirusScan is a single file install. This means all program files are located directly within the installation executable. The installation adds the following files to your system: NOTE: Due to the nature of the VShield component and how it is integrated into the Windows95 Operating System, it is important to confirm that VShield for MS-DOS or any other virus protection software is not currently loaded from MS-DOS or Windows95. If you are aware of any other Virus Detection program loading from within Windows95, please disable them accordingly before proceeding with VirusScan installation. VirusScan Files & Location (primary program files are listed) File Name Location Installed For* Description ------------ -------------- ----------- --------------------- SCAN.DAT Install dir scn/vsh/DOS Virus Definition Data NAMES.DAT Install dir scn/vsh/DOS Virus Definition Data CLEAN.DAT Install dir scn/vsh/DOS Virus Definition Data VALIDATE.EXE Install dir scn/vsh/DOS Verify authenticity of VirusScan files CHKVSH32.EXE Install dir scn/vsh/DOS VShield VxD Checking Utility UINSTALL.EXE Install dir scn/vsh/DOS Uninstall program VSUINST.EXE Install dir scn/vsh/DOS Uninstall assistant DPMI16.DLL Install dir scn/vsh Boot sector Scan Engine DPMI32.DLL Install dir scn/vsh Boot sector Scan Engine MCKRNL95.DLL Install dir scn/vsh McAfee tools library MCUTIL95.DLL Install dir scn/vsh Run time support DLL DEFAULT.VSC Install dir scn Default settings when Scan is launched DZIP32.DLL Install dir scn De-Archive Run Time Library DUNZIP32.DLL Install dir scn De-Archive Run Time Library MCSCAN32.DLL Install dir scn Main Scan Engine SCAN32.EXE Install dir scn Main Scan GUI SHUTIL95.DLL Install dir scn Run time support DLL DEFAULT.VSH Install dir vsh Default VShield settings VSHCFG32.EXE Install dir vsh Main VShield GUI VSHWIN32.EXE Install dir vsh Main VShield Engine SCAN.EXE Install dir DOS MS-DOS scanning engine MCKRNL.VXD WINDOWS\SYSTEM scn/vsh McAfee tools device driver (memory scanning engine) MCSCAN32.VXD WINDOWS\SYSTEM scn/vsh Scan Engine device driver MCUTIL.VXD WINDOWS\SYSTEM scn/vsh McAfee utility device driver S95EXT.DLL WINDOWS\SYSTEM scn Shell Extension (Adds two "TABs" to .VSC file properties UI) VSHIELD.VXD WINDOWS\SYSTEM vsh VShield device driver SCANEXT.HLP WINDOWS\HELP scn Help file for Shell Extension VIRUSCAN.HLP WINDOWS\HELP scn On-Line help file VIRUSCAN.CNT WINDOWS\HELP scn Context help file VSHLDCFG.HLP WINDOWS\HELP vsh Help file Note: WINDOWS refers to the directory that Windows 95 is installed to, not the Windows 3.1x directory that may exist on systems containing a previous version of Windows. * Legend: vsh = VShield scn = Scan32 DOS = Command Line MS-Word = Microsoft Word, if present When the installation is complete, the user is prompted to restart their system. This is recommended. Note: DOSSTART.BAT will load if you still have your previous version of Windows or MS-DOS installed. Do not be alarmed. If this occurs, reboot manually. ________________________ Uninstalling VirusScan95 We have included two methods for Uninstalling VirusScan95: METHOD 1 * From the McAfee VirusScan95 program group, execute the McAfee VShield Uninstall program. METHOD 2 * Launch the Add/Remove Programs applet from the Control Panel. * Select the Install/Uninstall Tab. * Double-click on 'McAfee VirusScan95 Version 2.x'. * Reboot your System. All files, groups, and registry entries related to McAfee VirusScan95 will be automatically removed from your system. Log files such as Vslog.txt are not removed however, and as a result, any directories related to VirusScan95 that contain these files will not be removed during uninstall. ________________________________ If a virus is detected in memory If you have eliminated the possibility of memory manager conflicts and suspect a virus in memory, 'clean boot' to MS-DOS then use McAfee VirusScan for MS-DOS to perform a detection and cleaning procedure. To perform the detection and cleaning procedure, boot from a known, clean, bootable floppy diskette; an original set of MS-DOS setup disks is ideal. Then put the diskette containing the McAfee VirusScan for MS-DOS into the floppy drive, and enter the following command at the prompt: SCAN /ADL /ALL /CLEAN If you do not have a copy of the McAfee VirusScan product for MS-DOS, you can contact McAfee Customer Service at (408) 988-3832 to order a fully licensed version of the product. _________________________ Scanning with VirusScan95 VirusScan95 is directly incorporated into the Windows 95 interface by means of Context Menus. To access VirusScan from a Context Menu, launch Explorer and right mouse click on any Folder, Drive, EXE, or COM icon. This will generate a Context Menu with the Scan for Viruses selection. To Scan multiple items, select multiple Folders or Drives through Explorer and right mouse click to reveal the Context Menu. Choose Scan for Viruses. Try it out right now! Double-Clicking on any of your hard drive ICONs to launch Explorer. Then right mouse click on any Folder to reveal the Context Menu. Look for Scan for Viruses on that menu. _______________________ Scanning with VShield95 VShield provides ON-ACCESS scanning. This means that, once enabled, VShield will provide real-time protection against the contracting and spreading of viruses. VShield scan options are extremely customizable. Through the VShield Configuration Manager, users can customize just about every component of VShield including what to scan and when to scan. To access the VShield Configuration Manager, double-click on the VShield icon in the taskbar or double-click on the VShield icon in the McAfee VirusScan95 program group. _______________________ Customizing VirusScan95 VirusScan95 has a default set of options that are stored in DEFAULT.VSC. This file is located in the MCAFEE subfolder in the PROGRAM FILES folder. This is a standard text file with line items associated with each option in the VirusScan95 User Interface. The majority of options are configurable through the user interface. The following options are not: szDefaultProgramExtensions The default list of file extensions used by the Default" button in the Program File Extension dialog. bAutoStart Set to "1" for Scan to automatically start scanning. bAutoExit Set to "1" for Scan to automatically exit when scanning is complete. bSkipMemoryScan Set to "1" to skip a scan of memory. bSkipBootScan Set to "1" to skip boot sector scanning. bSkipSplash Set to "1" to suppress initial splash screen. bPreserveAccessDate Set to "1" to preserve file access date. _____________________ Customizing VShield95 VShield has a default set of options that are stored in DEFAULT.VSH. This file is stored in "C:\Program Files\McAfee ". This is a standard text file with line items associated with each option in the VShield Configuration Manager. All items in the DEFAULT.VSH file are directly referenced by the VShield User Interface. When you apply changes through the user interface, the DEFAULT.VSH file will be updated immediately. _____________ Documentation All documentation is available on-line. To access documentation, launch VirusScan95 and select Help from the Menu bar for a list of available help options. ________________________________________ VirusScan95 - Frequently Asked Questions Question: How do I scan multiple drives? Answer#1: VirusScan95 is a true 32 bit application that can run in multiple instances at the same time. This means you can Scan many locations simultaneously. To do so: * Launch Explorer. * Highlight the drives or folders you want scanned. * Right mouse click to reveal the Context Menu. * Select Scan for Viruses. * Press the Scan Now button to begin Scans. Answer#2: Use the word "LocalDrives" or "NetworkDrives" in the Scan In text dialog on the Where&What property page. Press the Scan Now button and all network or all local drives will be scanned. Question: How do I save my Scan settings ? Answer: VirusScan Configuration (VSC) files can be saved by selecting File | Save Settings. The default save location will be your Desktop. Question: I moved a VSC file to my Startup Folder. Whenever I turn-on my PC it launches VirusScan95 but, does not begin scanning. How can I make it start automatically? Answer: There are options within the VSC file which can be customized. Many of these options are easily accessible by doing the following: * Navigate to the location of the Saved VSC file. * While pointing to the VSC file, right mouse click to reveal the Context Menu. * From the Context Menu, select Properties. * Notice the added property sheets. * Select the Options Tab on the property sheet. * Check the Start Automatically box. By enabling this option, Scanning will now begin automatically. If viruses are not detected, VirusScan95 will automatically close thus, freeing up system resources. Other VSC configuration options are also accessible from the properties dialog. Question: Virus Definition files get old and need to be updated. Answer: For information on how to update your definition files, contact McAfee at 408-988-3832. Question: The System Agent is a utility included in Microsoft's Plus Pack. How do I schedule VirusScan95 through the System Agent and have scans launch automatically? Answer: VirusScan95 saves VirusScan Configuration (VSC) files for automating repetitive scan jobs. In order to have System Agent automate scanning of your system, you must create a VSC file which meet your needs. Follow these steps to create and customize a VSC file: 1.) Use the VirusScan95 interface to configure a Scan then, Save the Scan settings through the File|Save menu option. This will create a VSC file. 2.) Use Explorer to navigate to the VSC file, right mouse click on the file, and select properties from the Context Menu. Refer to the extra property sheets that are available for the VSC file. Make sure 'Start Automatically' under the 'Options' tab is checked. This will allow VirusScan95 to start scanning automatically. Once you've created a VSC file which meets your needs, use the System Agent to schedule this VSC file. Question: When VirusScan95 is launched, how does it determine the default settings? Answer: VirusScan95 default settings may be found in the DEFAULT.VSC file, located in the install directory. This file contains default startup options. The DEFAULT.VSC file is like any other VSC file, except that it is named DEFAULT.VSC and located in the install directory. To customize your default settings: 1.) Use Explorer to navigate to the DEFAULT.VSC file, right mouse click on the file, and select properties from the Context Menu. Refer to the extra property sheets that are available for the VSC file. 2.) Make modifications as you see fit. If the DEFAULT.VSC file is missing, VirusScan95 will use default settings internal to the program. Question: Why doesn't VShield find any infections with Action set to "Deny access to infected file and continue" ? Answer: Actually, the viruses are being found but, if Action is set to 'Deny access and continue', no messages will be sent to the user if an infection is found. Instead, VShield will deny the user access to the infected file on any subsequent attempts to copy, move or execute the file. Question: So why would I use an option that does not tell me when I have a virus?! Answer: Setting Action to Deny access and continue can be useful on PC's that require little or infrequent user intervention. Using Deny access and continue, will allow the PC to run without halting to display a virus warning message if an infected file is copied to it. However, the next time someone goes to that PC and tries to access that infected file, VShield will Deny access to the file. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT SET ACTION TO DENY ACCESS, ON WORKSTATIONS THAT ARE IN REGULAR USE BY USERS! Question: If a virus is found while running an MS-DOS Window, why does my screen go blank after the alert? Answer: When the VShield VxD detects a virus and must alert the user, Windows automatically switches from whatever is being displayed to a full size text screen displaying the error. Once the user has responded to the message and VShield is through, Windows restores the display to its former state. Unfortunately, some video drivers do not properly handle switching from a VxD error message back to a windowed DOS box. Instead of setting the display back into a graphical mode, it leaves the screen "blanked out" in text mode. Windows continues to run, but mistakenly believes that it is still using graphics. To restore the screen to normal, set Windows to display the DOS program full-screen. This is accomplished by pressing the and keys in combination, the normal way to switch between windowed and full screen modes. Your screen will now show the DOS program in full screen. Pressing and will then return you to graphical mode. Question: What happened to my Novell (S)harable file attribute? My executable files were set to Sharable and Read Only before I ran VirusScan95, and now they are just Read Only!! Answer: This is a known bug, and will be fixed in the next elease of VS95. Possible work-around: mark the files EXECUTE only. Create a dummy account called SCAN on the server, and grant only Read and Filescan rights to that account. Login as SCAN before scanning your Novell volumes. __________________ Reporting Problems When you encounter a problem or have general questions, you may contact McAfee Technical Support at (408) 988-3832. __________________________ McAfee Contact Information For questions, orders and problems call Customer Service Monday-Friday, 6:00AM - 5:00PM PST at (408) 988-3832 For Faxes (24 hour, Group III FAX), call (408) 970-9727 To receive information from our Fax-back automated response system, call (408) 988-3034. In addition, you can receive online assistance through any of the following resources: Bulletin Board System (24 hour US Robotics HST DS) at (408) 988-4004 Internet Email: support@mcafee.com Internet FTP: ftp.mcafee.com World Wide Web: http://www.mcafee.com America Online: keyword:MCAFEE CompuServe: GO MCAFEE The Microsoft Network: GO MCAFEE You can send correspondence to any of our McAfee locations: McAfee Corporate Headquarters McAfee East Coast Office 2710 Walsh Avenue 766 Shrewsbury Avenue Santa Clara, CA 95051-0963 Jerral West Center Tinton Falls, NJ 07724-3298 McAfee Central Office McAfee Canada 5944 Luther Lane, Suite 117 178 Main Street Dallas, TX 75225 Unionville, Ontario Canada L2R 2G9 McAfee Europe B.V. McAfee (UK) Ltd. Orlyplein 81 - Busitel 1 Hayley House, London Road 1043 DS Amsterdam Bracknell, Berkshire The Netherlands RG12 2th United Kingdom McAfee France S.A. McAfee Deutschland GmbH 50 rue de Londres Industriestrasse 1 75008 Paris D-82110 Germering France Germany _______________________ Registering VirusScan95 Refer to the README.1ST file for more information. README.1ST may be found in the installation directory or as an ICON labeled "McAfee Information" in the McAfee VirusScan95 Program Group. _______________ McAfee Training For more information about scheduling onsite training for any McAfee product, call Customer Service at (800) 338-8754. _________________________ Upgrading McAfee Products To make it easier for you to receive and use McAfee's products, we have established an Agents program to provide service, sales, and support around the world for our products. A listing of United States and International agents is provided in the file README.1ST.