Media Share 9

home *** CD-ROM | disk | FTP | other *** search

/ Media Share 9 / MEDIASHARE_09.ISO / pcboard / vid201.zip / USER.DOC < prev next >

Wrap

Text File | 1993-07-10 | 6KB | 153 lines

VID User Documentation ---------------------- VID always keeps track of the "current" virus. When in browse mode, the majority of options available are specifically applied to the current virus. However, we have made additions to the main menu, to allow a few of these options in more of a "global" scope. ** NOTE ** The virus names in VID are now "color-coded" for recognition purposes. If the virus is an "original" piece, it's name will appear in WHITE, whereas variants will appear in MAGENTA. This feature (of course) is only available to ANSI users, and not ASCII/TTY users. From the main menu: [L]ist Viruses ---------------- By pressing "N", the user will be presented with the entire database of virus names, one per line, one screen at a time. At the end of each screen of names, the user will have the option of continuing the listing process, or quitting back to the main menu. he will have the option of beginning the list from either the top of the database, or the current virus record. The virus names are color-coded, as described above. Search by [V]ariants -------------------- By pressing "V", the user will be asked for a virus name (full or partial). If VID cannot locate a virus by that name, he will try and find the closest match (by name). After the virus has been located, VID will perform a search across the database, to attempt to locate any variants of this virus. VID color codes apply to this search, and in fact, add a bit of flavor to it. For instance: If the user entered "1226" as the virus name, VID would reply with something like: Searcing for variants for: 1226 ─────────────────────────────── #0039 - 1226 #0040 - 1226-B #0041 - 1226-B Dropper #0042 - 1226-D #0043 - 1226-M ^^^^^ ^^^^^^^^^^^^^^ │ │ │ └──────────── Virus Name └── Record Number The first entry above (record #0039, 1226) would appear in WHITE, since it is the "base" virus for this small group, or family. The remainder of the virus names would appear in MAGENTA (actually, light magenta), to indicate that these particular entries are "variants" of the virus which appeared in WHITE (in this case, the original 1226 virus). Search by Be[H]avior ------------------ By pressing "H", the user can perform a behavior query across the database. This is very similar to the behavioral searching in previous versions of VID, with the exception of a few new fields. VID will prompt the user with 13 different questions, i.e. Does the virus infect .COM files?, etc. The user has three (3) possible responses to each question: Y - yes N - No I - Ignore this question If a question is "ignored" then the field is not used in the search. By combining the above three possible question answers, powerful searches can be performed across the database. The following questions are asked by VID when performing a behavior query: 1) Does the virus infect .COM files? 2) Does the virus infect .EXE files? 3) Does the virus infect .SYS files? 4) Does the virus infect Boot Sectors? 5) Does the virus infect Floppy Boot Sectors? 6) Does the virus go memory resident? 7) Is the virus parasitic (non-overwriting)? 8) Is the virus a spawning or "companion" virus? 9) Does the virus manipulate DOS FAT tables? 10) Does the virus infect partition tables? 11) Does the virus infect directory entries (i.e. DIR-2 virus) 12) Does the virus display "stealth" characteristics? After all questions have been answered, VID will then perform the query, and display the results. Search by [O]rigin ------------------ By pressing "O", the user can perform a search based on the origin of computer viruses. i.e. Bulgaria, United States, California, etc. If the full name is not known, partial answers are allowed. Note that the search is not linear! As long as the string the user enters appears anywhere in the origin of the virus (not necessarily the first x amount of letters), then the score will score a hit. The database record number, virus name, and complete virus origin will be displayed for each virus which scores a hit in the query. Search by [N]ame ---------------- By pressing "N", the user can perform a search based on the namne of the computer virus. i.e. Dark Avenger, Jerusalem, etc. If the full name is not known, partial answers are allowed. VID will then place the user in "browse" mode, and placed at the record that best matches the search name. [J]ump to Record # ------------------ This option allows the user to jump to a specific record number in the database. VID will use the record number as the "current" virus. This is a quick way of jumping to a specific virus record, if you know the record number. [B]rowse Database ----------------- This option will place the user into "browse" mode, and will place him in the database at the current record. From the browse system, the user can do several things: [+] - Next Record [-] - Previous Record [F] - First Record [L] - Last Record [V] - Variant Search (same as main menu) [C] - Comments (Additional/Extended Information) [D] - Detection (Shows all known AV products which detect this virus) [Q] - Quit to main menu ** Note that the [C]omments option will present some basic information about the virus when running in VIDLite mode. If VID detects the presence of the VID+ module, then additional detailed information will be presented to the user, if it is available. [Q]uit VID ---------- Quits VID and returns control to the BBS - EOF -