Gold Medal Software 1

home *** CD-ROM | disk | FTP | other *** search

/ Gold Medal Software 1 / Gold Medal Software Volume 1 (Gold Medal) (1994).iso / virus / ocln111.arj / OCLN111.DOC < prev next >

Wrap

Text File | 1994-01-14 | 21KB | 545 lines

CLEAN-UP for OS/2 Version 111 Copyright (C) 1990-1994 by McAfee Associates. All rights reserved. Documentation by Aryeh Goretsky. McAfee Associates (408) 988-3832 office 3350 Scott Blvd., Bldg. 14 (408) 970-9727 fax Santa Clara, CA 95054-3111 (408) 988-4004 BBS (25 lines) U.S.A USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE InterNet support@mcafee.COM America OnLine MCAFEE TABLE OF CONTENTS: SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2 - What is OS2CLEAN? - System Requirements AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .3 - Verifying the integrity of OS2CLEAN WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .4 - New features and viruses added in this release OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .5 - General description of OS2CLEAN OPERATION and OPTIONS . . . . . . . . . . . . . . . . . . . . .6 - How to use OS2CLEAN, detailed explanation of switches EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .8 - Samples of frequently-used options REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .9 - How to register OS2CLEAN TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .9 - Information to have ready when calling for tech support Page 1 OS2CLEAN Version V111 Page 2 SYNOPSIS CLEAN-UP for OS/2 (OS2CLEAN) is a virus disinfection program for IBM PC and compatible computers running IBM's OS/2 V2.00 (GA) or above with FAT or HPFS formatted drives, as well as any local area network the PC is logged into. OS2CLEAN searches through the partition table, boot sector, or files of a PC to remove any virus specified by the user. In most instances, OS2CLEAN repairs infected areas of the system and restoring them to their pre-infected state. OS2CLEAN removes all viruses identified by the current version of VIRUSCAN for OS/2 ( OS2SCAN). OS2CLEAN can also remove unknown (new) viruses from .COM and .EXE files, the partition table, and boot sector using recovery information stored by OS2SCAN [See the OS2SCAN documentation for more details]. Like its DOS counterpart, CLEAN-UP (for DOS), it removes viruses from a PC or LAN. OS2CLEAN, however, recognizes HPFS-partitioned drives and OS/2's extended filenames. This release removes all viruses that the current version of CLEAN-UP (for DOS) can. OS2CLEAN runs on any PC with OS/2 Version 2.00 (GA) or above installed on it. Use the SYSLEVEL command to determine which level of OS/2 you are running. OS2CLEAN Version V111 Page 3 AUTHENTICITY OS2CLEAN performs a self-test when run. If OS2CLEAN has been modified in any way, a warning will be displayed. However, OS2CLEAN is still able to remove viruses. If OS2CLEAN reports it has been damaged, a new, clean copy should be obtained. OS2CLEAN is packaged with VALIDATE for OS/2 (OS2VAL), a program to check the integrity of the OS2CLEAN.EXE file. The OS2VAL.DOC file describes its usage. The validation results for Version 111 should be: FILE NAME: OS2CLEAN.EXE SIZE: 330,256 DATE: 01-14-1994 FILE AUTHENTICATION Check Method 1: DF80 Check Method 2: 1F85 If your copy of OS2CLEAN.EXE differs, it may have been damaged or infected with a virus. Always obtain OS2CLEAN from a known source. The latest version of OS2CLEAN and validation data for it can be obtained from McAfee Associates' bulletin board system at (408) 988-4004, from the McAfee Virus Help Forum on CompuServe (GO MCAFEE), and by anonymous ftp from the mcafee.COM site on the Internet. OS2SCAN performs a self-check when run. If OS2SCAN has been modified in any way, a warning will be displayed and the user will be prompted to either continue or quit. OS2SCAN can still check for viruses. However, if OS2SCAN reports that it has been damaged, it is recommended that a new copy be obtained. All of McAfee Associates' programs are archived with Version 2.04g of PKWare's PKZIP Authentic File Verification. When unzipped with Version 2.04g of PKWare's PKUNZIP program, an "-AV" will be displayed after each file is unzipped and an "AuthenticfFiles Verified! # FZW807 McAFEE ASSOCIATES" will appear once all files are unzipped. NOTE: If you do not receive the Authentic File Verification messages, you may be using a different version of PKUNZIP, such as V1.10 or V1.93A. Use PKUNZIP Version 2.04g to unzip files if you wish to have Authenticity Verification displayed as files are unzipped. OS2CLEAN Version V111 Page 4 WHAT'S NEW Version 111 replaces Version 109. Version 110 was only used for beta-testing. This release adds disinfection of six viruses: the 592, Ganeu, Khobar, Spanish Holidays, Thrillers, Unbx, and Volkov viruses. Beginning with Version 111, McAfee Associates' programs will now be archived with PKZIP Version 2.04g. Please refer to the enclosed VIRLIST.TXT file for a short description of the new viruses. For more detailed descriptions, please refer to Patricia Hoffman's virus summary listing (VSUM). OVERVIEW OS2CLEAN searches the system for viruses to remove. When an infected file is found, OS2CLEAN isolates and removes the virus and in most cases restores the infected file to normal operation. If the file is infected with an uncommon virus, OS2CLEAN will instead display a warning message asking whether to overwrite and delete the infected file. Files erased in this manner are not recoverable. Before running OS2CLEAN, verify the infection with VIRUSCAN for OS/2 (OS2SCAN). OS2SCAN locates and identifies viruses and provide the I.D. code used by OS2CLEAN. The I.D. is displayed inside the square brackets, "[" and "]." For example, the I.D. code for the Jerusalem virus is displayed as "[Jeru]". This I.D. must be used with OS2CLEAN to remove the virus. The square brackets "[" and "]" MUST be included. NOTE: When OS2CLEAN is run with the /GENERIC or /GRF options to disinfect files or system areas based on recovery information stored by VIRUSCAN for OS/2 no virus I.D. code is required. Please refer to the OS2SCAN documentation for instructions on adding recovery information to your system. OS2CLEAN Version V111 Page 5 The common viruses that OS2CLEAN is able to remove while repairing and restoring the infected programs or system areas are: 555 644 696 730 748 855 1008 1024 1139 1241 1253 1339 1554 1575*+ 1757 1992 2014 2560 2878 2936 4096*+ Air Cop* Alabama+ Alameda Antitelefonica Athens Azusa Barrotes Barrotes 2 Beeper Black Monday+ Bloody! Boat Boys Bubonic Cansu Cartuja Cascade*+ Chemnitz Chile Mediera Chinese Blood Coahuila Creeper Curse Dark Avenger*+ DataLock+ December 28+ Devil's Dance Dir-2 Disk Killer* Dodo2 EDV* Empire* Enigma EXEBug1 EXEBug2 Fellowship+ Filler Fish+ Flash Flip*+ Form Generic Boot Generic MBR Ghost Grn Caterpillar Haifa Holocausto Invader*+ Irish_3 James Bond Jerusalem*+ Joshi KeyPress*+ Korea* Lazy Lehigh Liberty+ Lisbon* Little Girl2 Little Girl3 Loa Duong Loren M128 Maltese Amoeba Mardi Bro.'s Math Test Michelangelo Monkey Mosquito Multi-2 Murphy*+ Music Bug Nomenclature Pakistani Brain*Paradise Pegg Perfume Ping Pong* Plastique*+ Possessed Print Screen-2* R-11+ SBC Slayer Slow+ Stoned* Striker+ Sunday+ Sunday2+ SVC+ Taiwan 3+ Taiwan 4+ Tecla Tequila Tokyo Topo Traceback/3066 Troi Tuesday Typo Boot V800 V-801 VACSINA*+ Vienna* Violator*+ VirDem Viva Mexico XTAC Whale*+ Yankee Doodle*+ ZeroBug *Denotes virus with more than one strain +Denotes virus which attaches to overlays AN IMPORTANT NOTE ABOUT .EXE FILES: Some viruses damage .EXE files when they infect them if the file being infected loads overlays internally. CLEAN will truncate files infected in this manner. If a file no longer runs after being cleaned, replace it from the original disk or virus-free backups. AN IMPORTANT NOTE ABOUT BOOT SECTOR VIRUSES (e.g., FORM): Removal of boot sector-infecting viruses like the FORM may not work correctly on Dual Boot systems. If you have a Dual Boot system with a boot sector virus on it, boot OS/2 first, delete the BOOT.DOS file from the C:\OS2 directory (or wherever it is located), and then boot DOS to create a new, virus-free DOS boot sector file. As a precaution, back up all critical data before doing this. If you use Boot Manager, run OS2CLEAN with the /BMP option. OS2CLEAN Version V111 Page 6 OPERATION and OPTIONS IMPORTANT NOTE: CLOSE ALL DOS SESSIONS BEFORE RUNNING OS2CLEAN. THIS PREVENTS A VIRUS FROM REMAINING RESIDENT IN MEMORY AND REINFECTING FILES AFTER OS2CLEAN HAS BEEN RUN. OS2CLEAN displays the name of infected files or system areas, the virus found, and reports a "successful" disinfection for each virus removed. If a file has multiple infections, OS2CLEAN will report the virus has been removed successfully for each infection. After cleaning, shutdown and reboot the PC, then run OS2SCAN to confirm the system has been successfully disinfected. After cleaning the hard disk, copy the SCAN for OS/2 (name OS2SCAN.EXE) and CLEAN for OS/2 programs to it and check all floppy disks that have been in the system. Valid options for OS2CLEAN are: OS2CLEAN {drive(s)} [virus I.D.] {options} ^ | `---- NOTE: The square brackets "[" and "]" are required around the I.D. code {drive(s)} - Indicates a drive or drives to be scanned Options are: /A - Check all files for viruses /AD{x} - Clean all drives {L = Local, N = Network} /BMP - Clean a Boot Manager partition /E .xxx .yyy - Clean overlay extensions .xxx .yyy /GENERIC - Clean unknown viruses (see below for specifics) /GRF {filename} - Clean new virus using recovery data from file {filename} /MANY - Check multiple floppy disks in drive(s) /NOEXPIRE - Do not display expiration notice /NOPAUSE - Disable screen pause after 24 lines displayed /REPORT {fname} - Create report file {fname} of cleaned files OS2CLEAN Version V111 Page 7 /A - This options checks all files on the drive cleaned and also examines a greater portion of the files. This will increase the time required to scan disks, but increases OS2CLEAN's ability to detect viruses. It is recommended this switch only be used if a file-infecting virus is found. This option takes priority over the /E option. /AD{x} - This option cleans all drives of viruses. If /ADL is used, all local drives are checked, including compressed drives and CD-ROM's. If /ADN is used, all networked drives are checked. To clean local and network drives, use /AD by itself. /BMP - This option tells OS2CLEAN to remove a master boot record (partition table) or boot sector virus from an OS/2 Boot Manager partition. /E .xxx .yyy - This option allows an additional extension or extensions to be cleaned. Extensions should include a period "." and each extension must be separated by a space after the /E. Up to three extensions may be added with the /E. For more extensions, use the /A option. /GENERIC - This option is used to clean files or system areas on a PC that have been infected with a new (unknown) virus. For /GENERIC to work, recovery information must have been created prior to infection by VIRUSCAN for OS/2's /AG option. No virus I.D. code is required when using this switch. /GRF {filename}. This option is used to clean files or system areas on a PC or LAN that have been infected by a new (unknown) virus. For /GRF to work, a recovery data and validation code file must have been created by VIRUSCAN for OS/2 or NETSCAN for OS/2's /AF option. No virus I.D. code is required when using this switch. /MANY - This option is used to clean multiple diskettes placed in a given drive. If the user has more than one floppy disk to remove viruses from, the /MANY option allows the user to clean disks without have to re-run OS2CLEAN multiplie times. /NOEXPIRE - This option prevents OS2CLEAN from displaying a warning message after 7 months warning that it may no longer be current with respect to known viruses. /NOPAUSE - This option disables the "More? (H = Help)" prompt displayed when OS2CLEAN fills a screen with 24 lines of text. This allows OS2CLEAN to be run on PC's or LAN's with severe infections without requiring operator assistance. OS2CLEAN Version V111 Page 8 /REPORT {filename} - This option saves the output of OS2CLEAN to {filename} in ASCII text file format. If {filename} exists, OS2CLEAN will overwrite it with the current report. EXAMPLES The following examples show different option settings: OS2CLEAN C: D: E: [JERU] /A To remove the Jerusalem virus from drives C:, D:, and E:, searching all files for the virus OS2CLEAN A: [STONED] To remove the Stoned virus from the disk in drive A: OS2CLEAN C:\MORGAN [DAV] /A To remove the Dark Avenger virus from subdirectory MORGAN on drive C:, searching all files for the virus OS2CLEAN B: [DOODLE] /REPORT C:DoodleInfection.RPT To remove the Yankee Doodle virus from drive B: and create a report named DOODLEINFECTION.RPT on drive C: OS2CLEAN C: /GENERIC To remove an unknown virus from drive C: using recovery data stored by OS2SCAN's /AG option. OS2CLEAN D: /GRF A:\SCANCRC.CRC To remove a unknown virus from drive D: using recovery data stored by OS2SCAN or OS2NSCAN's /AF option. OS2CLEAN Version V111 Page 9 REGISTRATION A registration fee of US$35.00 is required for the use of OS2CLEAN by individual home users. Registration entitles the holder to unlimited free upgrades from McAfee Associates' BBS or the Computer Virus Help Forum on CompuServe and technical support for one year. When registering, a diskette containing the latest version may be requested for an additional US$9.00. Only one diskette mailing will be made. Registration is for home users only and does not apply to businesses, corporations, organizations, government agencies, or schools, which must obtain a license for use. Contact McAfee Associates directly or an Authorized Agent for more information. TECH SUPPORT For fast and accurate help, please have the following information ready when you contact McAfee Associates: - Program name and version number. - Type and brand of computer, hard disk, plus any peripherals. - Version of OS/2 (use the SYSLEVEL command to determine) plus any device drivers in use. - Printouts of your AUTOEXEC.BAT and CONFIG.SYS files. - The exact problem you are having. Please be as specific as possible. Having a printout of the screen and/or being at your computer will be helpful. McAfee Associates can be contacted by BBS, CompuServe, FAX, or InterNet, America OnLine 24 hours a day, or by telephone at (408) 988-3832, Monday through Friday, 7:00AM to 5:30PM Pacific Time. If you are overseas, you can contact a McAfee Associates Authorized Agent. Agents are located in over 50 countries around the world and provide local sales and support for our software. Please refer to the AGENTS.TXT file for a complete list of McAfee Associates Agents.