What's New in VirusScan for Windows NT v3.0.3 (3008a) Copyright 1994-1997 by McAfee, Inc. All Rights Reserved. Thank you for using McAfee's VirusScan for Windows NT. This What's New file contains important information regarding the current version of this product. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. **NOTE: Do not attempt to install the Intel version of VirusScan on a DEC Alpha system or vice-versa. ___________________ WHAT'S IN THIS FILE - New Features - Known Issues - Installation - Documentation - Frequently Asked Questions - Additional Information - Contact McAfee ____________ NEW FEATURES 1. VirusScan for Windows NT now includes ISeamless install scripting technology for completely customizable, silent installations. 2. Now is able to scan LHA/LZH compressed files. 3. Now supports Microsoft Windows NT Service Pack 3. 4. Now detects infections in files transferred with Microsoft Internet Information Server (IIS). This protects remote users accessing files via HTTP or FTP. 5. Compatible with Windows NT systems running with 3GB user memory frames. 6. For added security, the user ID and password recorded for use during silent installations are now stored within the SETUP.ISS file in a scrambled format. Please note that plain-text user ID's and passwords can be manually entered into the SETUP.ISS file with a text editor. The installation program is capable of using scrambled or plain-text. 7. Compatible with Compaq LS-120 (120 MB) floppy drives. * NEW VIRUSES DETECTED * This DAT file detects the following 198 new viruses. Locations that have experienced particular problems with specific viruses are also identified. ABC.A AL-DITH.1502 ALEX.599 ALFONS.1344 ANDYC.565 ANDYC.565 DROPPER ANGEL.A ANT.A:TW ANT.C:TW ANT.D:TW APPDER.G APPDER.H APPDER.I BADSECTOR.3422 BADSECTOR.3428 BAJAB.1024 BANDUNG.AS BANDUNG.AT BANDUNG.AU BANDUNG.AW BANDUNG.AX BANDUNG.AY BANDUNG.AZ BANDUNG.BA BARBARO.A:IT BARROTES.1310.A BLACK.A BLIN.1457 CAFE-AX.1516 CAP.I CAP.K CAP.M CAP.X CAP.Y CEBU.B CHAOS.B CHILL.A COLORS.BL COLORS.BM COLORS.BN COLORS.BO CONCEPT.AL CONCEPT.AR CONCEPT.AW CONCEPT.AX CONCEPT.AY CONCEPT.AZ CONCEPT.BA CONCEPT.BB (US) CONCEPT.BC CONCEPT.BD CONCEPT.BE CONCEPT.BF CONCEPT.BG CONCEPT.BH DEMON.A DISHONOR.A:DE DODGY (UK, Europe) DPOP.1168 DZT.G ELYTHNIA EPIDEMIC.B:TW EPIDEMIC.C:TW ERASER.F:TW FIRE.A:DE FITW_DISK FOG.1748 FORMATS.A (TROJAN) FOUR.A FRIDAY.D:DE FRIDAY.E:DE GINGER (Australia) GINGER-PEANUT GINGER.2774 GLITTER.1462 GOLDSECRET.A (Internet) GOLDSECRET.B (INTENDED) (Internet) HELPER.F HELPER.G HELPER.H HLL.CMP.16052 HLLO.20621 HLLP.21037 HLLT.5850 (Internet) HLLT.5850C (Internet) HYBRID.G HYBRID.H ILLITERATE.A IMPOSTER.E INCARNAT.A ISLAND.3551 IVP.1075 IVP.1755 KOH-INSTALL KOMPU.E KOMPU.F LAMOT.744 LILITH LUCIFER.A LUNCH.E MALARIA.A:TW MDMA.V MDMA.W MDMA.X MDMA.Y MONDAY.A:TW MORPHINE.3500 MSHARK.889 MUCK.G MUCK.H MULTIANI MVCK1.B MVCK1:KIT NAZI.8600 NJ-WMDLK1.G NOP.G NOP.M:DE NPAD.CE NPAD.CF NPAD.CG NPAD.CH NPAD.CI NPAD.CJ NPAD.CK NPAD.CL NPAD.CM NPAD.CN (Canada) NPAD.CO NPAD.CP NPAD.CQ NPAD.CR NPAD.CS NUCLEAR.O NUCLEAR.P NUCLEAR.Q NUCLEAR.R NUKER.A OMINOUS.1846 PAYCHECK.E PEACEKEEPER.A PEACEKEEPER.B PERCENT.A:TW RAPI.AL2 RAZER.A REHENES.A (Word6/7) RELLIK.A:TW SCHUMANN.B:DE SETMD.A SHIN SHOWOFF.BT SHOWOFF.BU SHOWOFF.BV SHOWOFF.BW SKIMPOP.1455 SOCKS.A SOPRON.937 SPOOKY.B:DE SPOOKY.C:DE STOOPID.353 SWAPPER.746 (Germany) SWLABS.E SWLABS.F SWLABS.G (US Military) TALON.B TALON.C TALON.D TALON.J TARGET.B:DE TEMPLE.C TMC-LEVEL42 TODAYBOO TWOLINES.Q TWOLINES.Q1 VAMPIRE.D:TW VAMPIRE.D1:TW VAMPIRE.E:TW VAMPIRE.F:TW VANITAS.2048 (Internet) VICOD.532 VIKING32 (TROJAN) VOLCANO.A:IT (INTENDED) WAZZU.CF (Canada) WAZZU.CJ WAZZU.CK WIN NUKE (TROJAN) WPC_ALAEH.2279 (Phillipines) XM/EMPEROR.B:TW XM/LAROUX.F XM/LAROUX.G XM/YOHIMBE.B XUTE.1056 XUTE2.1062 XUXA.1656 ZAHAK.960 ZERO.A:DE ZMB.A:DE (Germany) ZOOLOG.A (Russia) * NEW VIRUSES CLEANED * This DAT file cleans the following 174 new viruses. Locations that have experienced particular problems with specific viruses are also identified. AL-DITH.1502 ALEX.599 ALFONS.1344 ANDYC.565 ANDYC.565 DROPPER ANGEL.A ANT.A:TW ANT.C:TW ANT.D:TW APPDER.G APPDER.H APPDER.I BADSECTOR.3422 BADSECTOR.3428 BAJAB.1024 BANDUNG.AS BANDUNG.AT BANDUNG.AU BANDUNG.AW BANDUNG.AX BANDUNG.AY BANDUNG.AZ BANDUNG.BA BARBARO.A:IT BARROTES.1310.A BLACK.A CAFE-AX.1516 CAP.I CAP.K CAP.M CAP.X CAP.Y CEBU.B CHAOS.B CHILL.A COLORS.BL COLORS.BM COLORS.BN COLORS.BO CONCEPT.AW CONCEPT.AX CONCEPT.AY CONCEPT.AZ CONCEPT.BA CONCEPT.BB (US) CONCEPT.BC CONCEPT.BD CONCEPT.BE CONCEPT.BF CONCEPT.BG CONCEPT.BH DEMON.A DISHONOR.A:DE DODGY (UK, Europe) DPOP.1168 DZT.G ELYTHNIA EPIDEMIC.B:TW EPIDEMIC.C:TW FIRE.A:DE FITW_DISK FORMATS.A (TROJAN) FOUR.A FRIDAY.D:DE FRIDAY.E:DE GINGER (Australia) GINGER-PEANUT GINGER.2774 GOLDSECRET.A (Internet) GOLDSECRET.B (INTENDED) (Internet) HELPER.F HELPER.G HELPER.H HLL.CMP.16052 HLLO.20621 HLLP.21037 HLLT.5850 (Internet) HLLT.5850C (Internet) HYBRID.G HYBRID.H ILLITERATE.A IMPOSTER.E INCARNAT.A IVP.1075 IVP.1755 KOH-INSTALL KOMPU.E KOMPU.F LAMOT.744 LILITH LUCIFER.A LUNCH.E MALARIA.A:TW MDMA.V MDMA.W MDMA.X MDMA.Y MONDAY.A:TW MSHARK.889 MUCK.G MUCK.H MULTIANI MVCK1.B MVCK1:KIT NAZI.8600 NJ-WMDLK1.G NOP.M:DE NPAD.CE NPAD.CF NPAD.CG NPAD.CH NPAD.CI NPAD.CJ NPAD.CK NPAD.CL NPAD.CM NPAD.CN (Canada) NPAD.CO NPAD.CP NPAD.CQ NPAD.CR NPAD.CS NUCLEAR.O NUCLEAR.P NUCLEAR.Q NUCLEAR.R NUKER.A PAYCHECK.E PERCENT.A:TW RAPI.AL2 RAZER.A RELLIK.A:TW SCHUMANN.B:DE SETMD.A SHIN SHOWOFF.BT SHOWOFF.BU SHOWOFF.BV SHOWOFF.BW SKIMPOP.1455 SOCKS.A SOPRON.937 SPOOKY.B:DE SPOOKY.C:DE STOOPID.353 SWAPPER.746 (Germany) SWLABS.E SWLABS.F SWLABS.G (US Military) TALON.J TARGET.B:DE TMC-LEVEL42 TODAYBOO TWOLINES.Q TWOLINES.Q1 VAMPIRE.D:TW VAMPIRE.D1:TW VAMPIRE.E:TW VAMPIRE.F:TW VANITAS.2048 (Internet) VICOD.532 VOLCANO.A:IT (INTENDED) WAZZU.CF (Canada) WAZZU.CJ WAZZU.CK WPC_ALAEH.2279 (Phillipines) XM/EMPEROR.B:TW XM/LAROUX.F XM/LAROUX.G XM/YOHIMBE.B XUTE.1056 XUTE2.1062 XUXA.1656 ZMB.A:DE (Germany) ZOOLOG.A (Russia) ____________ KNOWN ISSUES 1. The new 3000 series DATs contained in VirusScan for Windows NT v3.0.3 are not backward compatible with the VirusScan v2.x series. The 3000 series DATs should not be used with VirusScan v2.x products. 2. Reported problem with Microsoft Windows NT 4.0 Service Pack 2 and anti-virus software. After installing Service Pack 2, you may receive a STOP 0x0000000A error message when you try to access your CD-ROM drive or floppy disk drive while anti-virus software is running. Solution: Apply the fix that is now available through Microsoft. For more information regarding this issue, please contact Microsoft Technical Support. 3. When using Windows NT 4.0 and Microsoft Internet Information Server with VirusScan, you must install Microsoft Service Pack 2 with the Kernel Hot Fix or Service Pack 3 to avoid the following error message: STOP 0x0000000A. 4. When using Windows NT 4.0 and Microsoft Distributed File System with VirusScan for Windows NT, you must install Microsoft Service Pack 3, or the following error message may occur: STOP 0x00000035. 5. When using Microsoft Services for Macintosh with VirusScan for Windows NT, you must install Microsoft Service Pack 3 for Windows NT 4.0 (Servicepack 5 for Windows NT 3.51) plus the SFM Hotfix, which is available through Microsoft. Without these patches installed, you may experience a STOP 0x0000000A error. Please contact Microsoft Technical Support. 6. If you have manually uninstalled a previous installation of VirusScan for Windows NT, and have not rebooted, a silent installation of VirusScan v3.0.3 will fail. 7. When using an ISeamless Install Script, and running setup in standard or silent mode without any parameters, setup requires that the custom installation file produced by ISeamless be named admin.sis or oem.sis. 8. If you are upgrading from VirusScan 2.5.3 or 3.0.0 to the current version, there are some situations that can cause an NT STOP error message. The problem is related to the device drivers in the previous product and is not related to VirusScan NT 3.0.3. McAfee recommends uninstalling previous versions of VirusScan and rebooting before installing this release. 9. When installing using the default Windows NT SYSTEM account, some product functionality is not available. This includes: alert forwarding to other NT servers, sending alerts to printers, scheduled AutoUpdates from NT file shares, remote event logging, and sched- uled scans of network drives. 10. When specifying a local user account for VirusScan NT service account during installation, please be sure to add ".\" before the user name. 11. When performing a silent install that is upgrading a previous version of VirusScan NT, the destination directory must be the same as the previous install. If it is not the same, the silent install will fail. 12. Automatic uninstallation of VirusScan sometimes does not remove all registry items and files associated with VirusScan. See the INSTALLATION section of this file for information on manually uninstalling. 13. On-access scanning of write-protected floppies infected with a boot-sector virus may return multiple notific- ation messages. 14. On-access exclusions only apply to local drives. 15. A McAfee Task Manager session cannot be ended while VirusScan is actively scanning. When VirusScan is active, the McAfee Task Manager Stop button in the Sessions window is greyed out. Attempting to end the McAfee Task Manager session from a DOS box will result in an error message. You must close the scanning session or complete the scan before stopping the McAfee Task Manager session. 16. Alert forwarding through a chain of servers may fail. ____________ INSTALLATION * INSTALLING THE PRODUCT * To install VirusScan for Windows NT, run SETUP.EXE and follow the prompts. Note: It is not necessary to uninstall VirusScan for Windows NT before upgrading to a newer version. If, however, VirusScan NT is uninstalled before applying the upgrade, you must reboot the system and then install the upgraded version. If you would like to perform a "silent" installation of VirusScan NT, you will need to record a setup.iss file, then run setup.exe with the -s switch to utilize that file. Network Administrators can customize the silent installation by following the steps below. 1. Check in the Windows directory to ensure that a file named SETUP.ISS does not already exist. If it does, rename it, back it up, or delete it. 2. To record a setup.iss file, run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r). 3. Select the components you would like to be installed during the silent installation. All responses will be recorded. 4. Finish the installation, and locate the file SETUP.ISS in the Windows directory. 5. Locate the section [SdSetupType-0] in the SETUP.ISS file and go to the line: Result=x where x is equal to 301 (Typical installation) 302 (Compact installation) 303 (Custom installation) 6. Add 100 to the above value, so that the Result variable is equal to 401, 402, or 403. Modifying this file will allow the installation to copy the VirusScan files to the drive where the operating system resides instead of defaulting to the C: drive. 7. Copy the new SETUP.ISS from the Windows directory to the location of the installation files. 8. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s). NOTE: If you do not specify a "recorded" answer for all dialog boxes during the initial installation, the silent installation will fail. * PRIMARY PROGRAM FILES FOR VIRUSSCAN NT * Files located in the Install directory: ======================================= 1. Installed for the Alert Manager/Console/Server: README.1ST = McAfee information PACKING.LST = Packing list VALIDATE.EXE = McAfee file validation program UPDATE.MSG = Update message file SHIELD.HLP = On-access scanner help SHIELD.CNT = On-access context-sensitive help MCCONSOL.HLP = Console help VIRUSCAN.HLP = On-demand scanner help VIRUSCAN.CNT = On-demand context-sensitive help NAMES.DAT = Virus names definition data SCAN.DAT = Virus scan definition data CLEAN.DAT = Virus clean definition data MCALYZE.DAT = Virus definition data strings SAMPLE.CMD = Sample alert file MCUPDATE.EXE = Update module AMGRCNFG.EXE = Alert manager configuration program FTPGET.CMD = Automatic updating script DEISL1.ISU = Uninstall file MCSCAN32.DLL = Library files MCSRVSHL.EXE = Uninstall application MCSERVIC.DLL = Install/uninstall library file SHUTIL.DLL = Library files SVCPWD.EXE = Service account configuration program MODEMS.TXT = Modem initialization VIRUSSCAN ACTIVITY LOG.TXT = VirusScan activity log RESELLER.TXT = McAfee authorized resellers SCAN ACTIVITY LOG.TXT = Scan activity log SCANLOG.TXT = Scan log WHATSNEW.TXT = What's New document 2. Installed for Alert Manager: WCMDR.EXE = Uninstall program WCMDR.INI = Uninstall initialization file DEFAULT.VSC = On-demand scanner default configuration settings AMGRSRVC.EXE = Alert manager service program MCALSNMP.DLL = Alert manager SNMP POWERP32.DLL = Alert manager support module VIRNOTFY.EXE = Notification utility 3. Installed for the Console: MCCONSOL.EXE = Console manager SHSTAT.EXE = Shield status monitor program SCNSTAT.EXE = Scan status monitor program SCNCFG32.EXE = Console configuration module VIRLIST.EXE = Virus list SHCFG32.EXE = Console configuration module MCKRNL32.DLL = Library files MCUTIL32.DLL = Library files MCALYZE.DLL = Library files 4. Installed for the Workstation: SCAN32.EXE = On-demand scanner TASKMRG.EXE = Task managing service MCCOD32.DLL = Library files Files located in %SYSTEMROOT%\SYSTEM32: ======================================= 1. Installed for the Console/Server/Alert Manager: CTL3D32.DLL = 32-bit 3D Windows controls library (*) (*) File will be installed upon installation of VirusScan if the file does not already exist, or if an older version is found. Files located in %SYSTEMROOT%\SYSTEM32\DRIVERS: =============================================== 1. Installed for the Workstation: MCFILTER.SYS = System files MCFSREC.SYS = System files MCKRNL.SYS = System files MCSCAN.SYS = System files MCUTIL.SYS = System files MCSHIELD.SYS = System files * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installation. To test your installation, copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69- or 70-byte file. When VirusScan for Windows NT is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. * MANUALLY UNINSTALLING THE PRODUCT * 1. Stop the McAfee TaskManager service and the AlertManager service in Control Panel/Services. 2. Stop the VirusScan console if running. 3. Using the NT Taskmanager, end the SHSTAT process. 4. If you use SNMP, stop the SNMP service in Control Panel/Services. 5. Delete the VirusScan installation directory (the directory that contains the VirusScan executables). 6. Delete the following device driver files from %SYSTEMROOT%\SYSTEM32\DRIVERS: MCFSREC.SYS MCSCAN.SYS MCUTIL.SYS MCKRNL.SYS MCFILTER.SYS MCSHIELD.SYS 7. If VirusScan was set to load at startup, remove the following registry key: HKLM\software\microsoft\windows\CurrentVersion\Run\ Shstatexe 8. Remove VirusScan installation registry keys: HKLM\software\mcafee\alertmanager HKLM\software\mcafee\mcalsnmp HKLM\software\mcafee\virusscan 9. Remove VirusScan device driver and service registry keys: HKLM\system\CurrentControlSet\Services\Alertmanager HKLM\system\CurrentControlSet\Services\McFilter HKLM\system\CurrentControlSet\Services\McFsrec HKLM\system\CurrentControlSet\Services\McKrnl HKLM\system\CurrentControlSet\Services\McScan HKLM\system\CurrentControlSet\Services\McUtil HKLM\system\CurrentControlSet\Services\McShield HKLM\system\CurrentControlSet\Services\McTaskManager 10. If the context-sensitive scanning option was installed, remove the following registry keys: HKLM\software\classes\comfile\shell\virusscan HKLM\software\classes\directory\shell\virusscan HKLM\software\classes\drive\shell\virusscan HKLM\software\classes\exefile\shell\virusscan HKLM\software\classes\word.document.6\shell\virusscan HKLM\software\classes\word.document.8\shell\virusscan HKLM\software\classes\word.template\shell\virusscan 11. To remove the Scan for Viruses right-click option, remove the following registry keys: HKCR\comfile\shell\VirusScan HKCR\Directory\shell\VirusScan HKCR\Drive\shell\VirusScan HKCR\exefile\shell\VirusScan HKCR\Excel.Addin\shell\VirusScan HKCR\Excel.Chart.5\shell\VirusScan HKCR\Excel.Macrosheet\shell\VirusScan HKCR\Excel.Sheet.5\shell\VirusScan HKCR\Excel.Template\shell\VirusScan HKCR\Excel.Workspace\shell\VirusScan HKCR\Excel.XLL\shell\VirusScan HKCR\exefile\shell\VirusScan HKCR\WinZip\shell\VirusScan HKCR\Word.Document.6\shell\VirusScan HKCR\Word.Template\shell\VirusScan 12. To remove SNMP extension agent, remove the following registry key: HKLM\system\CurrentControlSet\services\SNMP\parameters\ ExtensionAgent\McAlSNMP 13. Since entries in HkeyClassesRoot are not derived from a hive, it is unneccessary to delete these keys manually. When you reboot, VirusScan-specific keys under HkeyClassesRoot will be removed. 14. Reboot the system. _____________ DOCUMENTATION For more information, refer to the VirusScan's User's Guide, included on the CD-ROM versions of this program or available from McAfee's BBS and FTP site. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your McAfee product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html VirusScan documentation can be downloaded from McAfee's BBS or the World Wide Web at: http://www.McAfee.com For more information on viruses and virus prevention, see the McAfee Virus Information Library, MCAFEE.HLP, included on the CD-ROM version of this product or available from McAfee's BBS or FTP site. Documentation feedback is welcome. Send e-mail to documentation@cc.mcafee.com. __________________________ FREQUENTLY ASKED QUESTIONS Regularly updated lists of frequently asked questions about McAfee products also are available on McAfee's BBS, website, and CompuServe and AOL forums. Q: How do I enable Centralized Alerting and Reporting? A: McAfee's VirusScan now supports Centralized Alerting and Reporting to a remote Windows NT server running NetShield for Windows NT v2.5.3 or later. Centralized Alerting and Reporting and be configured by an administrator through the anti-virus console. To set up this option on your server, check the Enable Centralized Alerting checkbox on the Tools/Alerts menu. Set up a directory for Centralized Alerting and point your workstations to this directory. To set up this option on your VirusScan client, add the following two lines to the AlertOptions section in VirusScan NT's DEFAULT.VSC, and/or your custom settings file: szNetworkAlertPath= bNetworkAlert=1 Note: Administrators will need to configure the .VSC file for complete Centralized Alerting & Reporting. Where the is the path (can use UNC format where supported)to the remote NT directory. From this directory, NetShield can broadcast or compile the alerts and reports according to its established configuration. NOTE: The client must have write access to this location and the directory must contain the NetShield-supplied CENTALRT.TXT file. The alert file sent to the server is an .alr text file. Upon receipt of the alert file, NetShield NT sends an alert message to an administrator and/or appropriate personnel. Q: How can I scan mapped Novell drives with scheduled on-demand scans? A: If you want to scan any Novell-server drives (mapped or via UNC) from scheduled tasks, you must create the same account/password on the Novell server as configured under McAfee services on the Windows NT system. Q: As an administrator, how can I scan private directories that are accessible only to individual users? A: The on-access scanner will detect infected files as they are copied into the users' personal directories. On-demand (scheduled) scans are launched by the McTaskManager Service. If you specify a user name and password for the Service, then the scheduled scan will only scan directories for which the user name has privileges. If no user name was specified, then the Service has SYSTEM privileges. To perform an on-demand, or scheduled, scan of private directories, the McTaskManager Service must have access to these private areas. Following are two ways to address this issue: Solution A: 1. Create a custom user name to be used by the Service. 2. Give this user name privileges to access the private spaces. Considerations with Solution A: The administrator will need to know the user names and passwords. Solution B: 1. Do not associate a user name to the Service. 2. Give SYSTEM privileges to access the private spaces. Considerations with Solution B: Someone could create or use a Service to access your information. McAfee recommends Solution B as a more secure solution. Q: VirusScan will not perform an on-demand (scheduled) scan of some networked devices. Why? A: It is possible that the user name you are using for the Taskmanager Service does not have sufficient rights to scan the devices in question. To verify whether this is the issue, log in to each device using the user name and password used by the Taskmanager Service. Confirm that this user name has rights on the device by manually running an on-demand scan. If you can scan the device while you're logged in, then the Service should also be able to do it as a scheduled scan. Q: When performing an on-demand (scheduled) scan of a networked device, the system locks up. How can I solve this problem? A: Log on to the device in question and manually run an on-demand scan with the Compressed Files option turned off. If the scanner locks up, note where it locks. Attempt to determine which file VirusScan locks on and send the information to McAfee. If the scan succeeds, select the Compressed Files option and scan the device again. If it locks this time, chances are you have a ZIP file that is corrupted or large, and it takes time to scan. If scanning works in both scenarios, then give the Taskmanager Service the same user name and password currently logged in as and try a scheduled scan again. If this now works, then the old user name didn't have sufficient rights to scan the device in question. Q: Can I update VirusScan's data files to detect new viruses? A: Yes. If you have Internet access, you can download updated VirusScan data files from the McAfee Web Site, BBS, or other online resources. To download from the McAfee Web Site, follow these steps: 1. Go to the McAfee Web Site (http://www.mcafee.com). 2. Select Update DAT File in the left hand column or frame. 3. Scroll down, and click Update Your DAT Files to update your virus definition files. 4. Data file updates are stored in a compressed form to reduce transmission time. Unzip the files into a temporary directory, then copy the files to the appropriate directory, replacing your old files. 5. Before performing any scans, shut down your computer, wait a few seconds, and turn it on again. If you need additional assistance with downloading, contact McAfee Download Support at (408) 988-3832. ______________________ ADDITIONAL INFORMATION 1. VirusScan NT includes an external utility, VIRNOTFY.EXE, that will notify you in the event that McAfee's AlertManager service is not installed. To use this utility, open the VirusScan Console, and select Tools/Alerts. Add the path and utility to the Program To Execute line. 2. SVCPWD.EXE is a utility for setting and/or changing usernames and passwords used in the McAfee services. SVCPWD requests one command-line parameter which is a filename (i.e computers.txt). Use SVCPWD/? to get additional command-line information. This file (i.e. computers.txt) should contain a list of all the computers that you want to modify the service accounts (username and password)for. Example: \\COMPUTER1 \\COMPUTER2 \\SERVER Start the SVCPWD utility by entering the file as command-line (i.e. SVCPWD computers.txt). This utility contacts all the computers via the network and changes the username and password originally given to McAfee- services. The username and password are changed to the value that the user is asked to set upon starting the utility. All service accounts need to be set to user "LocalSystem". If a domain\username is entered, then the SVCPWD utility will require a password for the domain\username. When this is completed, the utility contacts all the computers and changes the settings. Note 1: The domain\username that is used by the services needs to be an administrative account. Note 2: The person running this utility must have an administrative account for all the computers that require such changes. Note 3: Do not run this utility during an on-demand scan. ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Corporate-licensed customers, call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time Retail-licensed customers, call (972) 278-6100 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax (408) 970-9727 24-hour, Group III fax 3. Fax-back automated response system (408) 988-3034 24-hour fax Send correspondence to any of the following McAfee locations. McAfee Corporate Headquarters 2805 Bowers Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral Center West 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 4099 McEwen Suites 500 and 700 Dallas, TX 75244 McAfee Canada 139 Main Street Suite 201 Unionville, Ontario Canada L3R2G6 McAfee Europe B.V. Gatwickstraat 25 1043 DL Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet e-mail: support@mcafee.com 3. Internet FTP: ftp.mcafee.com 4. World Wide Web: http://www.mcafee.com 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE 7. The Microsoft Network: GO MCAFEE Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script - Microsoft service pack, where applicable - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. * FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established a Reseller program to provide service, sales, and support for our products worldwide. For a listing of McAfee agents near you, click Contact McAfee under the Information section on the McAfee website.