home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Media Share 9
/
MEDIASHARE_09.ISO
/
pcboard
/
vid201.zip
/
USER.DOC
< prev
next >
Wrap
Text File
|
1993-07-10
|
6KB
|
153 lines
VID User Documentation
----------------------
VID always keeps track of the "current" virus. When in browse mode, the
majority of options available are specifically applied to the current
virus. However, we have made additions to the main menu, to allow a few of
these options in more of a "global" scope.
** NOTE **
The virus names in VID are now "color-coded" for recognition purposes. If
the virus is an "original" piece, it's name will appear in WHITE, whereas
variants will appear in MAGENTA. This feature (of course) is only available
to ANSI users, and not ASCII/TTY users.
From the main menu:
[L]ist Viruses
----------------
By pressing "N", the user will be presented with the entire database of
virus names, one per line, one screen at a time. At the end of each screen
of names, the user will have the option of continuing the listing process,
or quitting back to the main menu. he will have the option of beginning the
list from either the top of the database, or the current virus record. The
virus names are color-coded, as described above.
Search by [V]ariants
--------------------
By pressing "V", the user will be asked for a virus name (full or partial).
If VID cannot locate a virus by that name, he will try and find the closest
match (by name). After the virus has been located, VID will perform a
search across the database, to attempt to locate any variants of this virus.
VID color codes apply to this search, and in fact, add a bit of flavor to it.
For instance:
If the user entered "1226" as the virus name, VID would reply with
something like:
Searcing for variants for: 1226
───────────────────────────────
#0039 - 1226
#0040 - 1226-B
#0041 - 1226-B Dropper
#0042 - 1226-D
#0043 - 1226-M
^^^^^ ^^^^^^^^^^^^^^
│ │
│ └──────────── Virus Name
└── Record Number
The first entry above (record #0039, 1226) would appear in WHITE, since
it is the "base" virus for this small group, or family. The remainder
of the virus names would appear in MAGENTA (actually, light magenta), to
indicate that these particular entries are "variants" of the virus which
appeared in WHITE (in this case, the original 1226 virus).
Search by Be[H]avior
------------------
By pressing "H", the user can perform a behavior query across the database.
This is very similar to the behavioral searching in previous versions of
VID, with the exception of a few new fields. VID will prompt the user
with 13 different questions, i.e. Does the virus infect .COM files?, etc.
The user has three (3) possible responses to each question:
Y - yes
N - No
I - Ignore this question
If a question is "ignored" then the field is not used in the search. By
combining the above three possible question answers, powerful searches can
be performed across the database.
The following questions are asked by VID when performing a behavior query:
1) Does the virus infect .COM files?
2) Does the virus infect .EXE files?
3) Does the virus infect .SYS files?
4) Does the virus infect Boot Sectors?
5) Does the virus infect Floppy Boot Sectors?
6) Does the virus go memory resident?
7) Is the virus parasitic (non-overwriting)?
8) Is the virus a spawning or "companion" virus?
9) Does the virus manipulate DOS FAT tables?
10) Does the virus infect partition tables?
11) Does the virus infect directory entries (i.e. DIR-2 virus)
12) Does the virus display "stealth" characteristics?
After all questions have been answered, VID will then perform the query, and
display the results.
Search by [O]rigin
------------------
By pressing "O", the user can perform a search based on the origin of
computer viruses. i.e. Bulgaria, United States, California, etc. If the
full name is not known, partial answers are allowed. Note that the search
is not linear! As long as the string the user enters appears anywhere in
the origin of the virus (not necessarily the first x amount of letters),
then the score will score a hit.
The database record number, virus name, and complete virus origin will be
displayed for each virus which scores a hit in the query.
Search by [N]ame
----------------
By pressing "N", the user can perform a search based on the namne of the
computer virus. i.e. Dark Avenger, Jerusalem, etc. If the full name is not
known, partial answers are allowed.
VID will then place the user in "browse" mode, and placed at the record that
best matches the search name.
[J]ump to Record #
------------------
This option allows the user to jump to a specific record number in the
database. VID will use the record number as the "current" virus. This is
a quick way of jumping to a specific virus record, if you know the record
number.
[B]rowse Database
-----------------
This option will place the user into "browse" mode, and will place him
in the database at the current record. From the browse system, the user
can do several things:
[+] - Next Record
[-] - Previous Record
[F] - First Record
[L] - Last Record
[V] - Variant Search (same as main menu)
[C] - Comments (Additional/Extended Information)
[D] - Detection (Shows all known AV products which detect this virus)
[Q] - Quit to main menu
** Note that the [C]omments option will present some basic information about
the virus when running in VIDLite mode. If VID detects the presence of the
VID+ module, then additional detailed information will be presented to the
user, if it is available.
[Q]uit VID
----------
Quits VID and returns control to the BBS
- EOF -