Bear Trap --------- Version 1.0 Copyright (c) 1989 by G&G Computer Services 39 Cathy Circle Portsmouth, RI 02871 Disclaimer: ----------- The Bear Trap file (c) program is provided 'as is' without warranty of any kind, either expressed or implied. The entire risk as to the quality and performance of the program is with the user and should the program prove defective, the user and not the authors will assume the entire cost of all necessary remedies. None of the authors warrant that the functions contained in the program will meet any users requirements or that the operation of the program will be error-free or uninterrupted. G&G, its employees, and associates claim no responsibility for any damages incurred during use of this product. "... What enables the wise sovereign and the good general to strike and conquer, and achieve things beyond the reach of ordinary men, is foreknowledge ..." Sun Tzu The Art of War Introduction: ------------- Bear Trap (c) is designed to present the user with foreknowledge as to the existence of a viral attack. Bear Trap's main goal is to detect a virus during the initial infection phase, before the virus goes full term and starts attacking the system. It does this by creating dummy .com files (bear traps) and checking them for signs of infection (if they have been tripped or not). Bear Trap also has several security measures to prevent viruses from detecting the actual traps. System Requirements: -------------------- Bear Trap will run on all 100% IBM compatible computers. Minimum system requirements:at least 128 KB Memory and 1 floppy drive but is designed for use on hard disk systems. Files ----- The following files listed below should have been included in the ZIP file: READ-ME.TXT - This File. BEARTRAP.EXE - The executable file. ORDFRM - The registration form for this product. Preparing Bear Trap for use : ----------------------------- Add the directory name of which Bear Trap is stored into the DOS PATH command (see your DOS manual for more information on the PATH command). Using Bear Trap : ----------------- Usage : BEARTRAP Full path name of trap the file : --------------------------------- This is the name of a dummy file (a file that at this time does not exist on the system) and will be used to signal that a virus has attempted to infect the system. Also include the full path of the file (i.e.. C:\DOS\TRAP (This particular name is not suggested). DO NOT include a file extension, for Bear Trap uses the extension .com (a viruses favorite food). If by mistake you do add an extension Bear Trap will remove it and use .com in its place. Also DO NOT use the names of existing files nor try to run these dummy files once created (they exist only to fool the virus into trying to infect them so that Bear Trap will know of the viruses existence). When using multiple trap files refrain from using the same name in different directories or names that idenitify what they are (i.e.. TRAP1.com, ANTVIRUS.com, etc.). Password1 : ----------- This is a word of 4 or more letters used by Bear Trap for its internal processing. Also use this word every time the trap file is checked for infection else Bear Trap will falsely report an infection. Password1 and Password2 are used so that the virus can not look for a known signature in the dummy file, that will allow it to identify the file as a trap. Password2 : ----------- This is a word of 4 or more letters used by Bear Trap for its internal processing. It must not be the same word as Password1 or have the same number of letters. Also use this word every time the trap file is checked for infection else Bear Trap will falsely report an infection. When Bear Trap is first run it will create a trap file then each successive time it is run (with the same parameters) it will check that file for infection. If an infection is detected Bear Trap will notify the user with a message that the particular trap has been tripped and it will specify which dir/subdir it was found in by the .com name. It is recommended that multiple traps be set in different directories. To facilitate easier checking of multiple traps, place the Bear Trap commands in the autoexec file so that at boot-up it will check if any of the traps have been tripped. Bear Trap also returns an errorlevel of 10 if a trap has been tripped (see 'IF ERRORLEVEL (x)' in your DOS manual for more information) so that the user can create special code to handle this condition. Example Autoexec.bat file: -------------------------- PATH=C:\DOS /* BEARTRAP.EXE is located here */ BEARTRAP C:\ROOT\C_ROOT COMPUTER PRINTER IF ERRORLEVEL 10 GOTO VIRUS_FOUND BEARTRAP C:\DOS\C_DOS MODEM CABLES IF ERRORLEVEL 10 GOTO VIRUS_FOUND BEARTRAP C:\PCTOOLS\C_PCTLS HARD_DRIVE SOFT_HEARTS IF ERRORLEVEL 10 GOTO VIRUS_FOUND GOTO END :VIRUS_FOUND ECHO There is a virus loose in this system. :END If Bear Trap should report an infection : ----------------------------------------- The best recourse, if you believe there is an infection, is to erase all program files and reload them from the original/initial backup disks. Using your original DOS system disks replace the operating system (see the SYS command in your DOS manual) and copy the COMMAND.COM file from it also. Also be sure to determine which file is the initial carrier and be sure not to reload it into the system. It should be noted at this time that Bear Trap is designed to trap viruses only. It is ineffective against nonpropagating programs (i.e.. Trojan horses, worms, etc.). Miscellaneous: -------------- This product is shareware and may be distributed freely. If you find it of use after a reasonable test period, please send $35.00 (US funds) per copy to: G&G Computer Services 39 Cathy Circle Portsmouth, RI 02871 When you register your copy, you will be placed on the update list and receive a copy of Bear trap. Once on the list, you will be notified of updates to this product and the release of new products from our company. For any questions, problems, or suggestions call by modem: - Ups and Downs BBS Portsmouth, RI 1-(401)-683-5961 or - Swat BBS Swansea, MA 1-(508)-675-8503 and leave feedback to the sysop or write to G&G Computer Sevrices at the above address. Both of the above Bulletin Boards support 300/1200/2400 Baud and operate 24 hours - 7 days a week.