home *** CD-ROM | disk | FTP | other *** search
- VIRSTOP
-
- The primary purpose of the VIRSTOP.EXE program is to prevent the execution
- of programs infected with known viruses. VIRSTOP installs itself in RAM as
- a standard TSR and intercepts the so-called "Load-and-execute" function.
- This means that whenever an attempt is made to run a program VIRSTOP gets
- a chance to examine it first.
-
- It must be noted that it may not be possible to install VIRSTOP on
- machines with the Cyrix 486 processor, as it is not fully compatible.
-
- VIRSTOP uses a simple but fast search to check for viruses, but it does
- not make an accurate identification - "Full Scan" or "Secure Scan" are
- necessary for that purpose.
-
- If VIRSTOP finds a virus, it will abort the execution of the program,
- display a message and return an error. For example, if you attempt to run
- a program infected with the Cascade virus, with VIRSTOP active in memory,
- you might see something like this:
-
-
- This program is infected with the Cascade virus.
- Cannot execute A:\INF-PROG.COM
-
- VIRSTOP has a secondary function as well - it attempts to check for any
- active boot sector virus when it is run.
-
- Older versions of F-PROT (pre-2.0) contained two programs (F-DRIVER.SYS and
- F-NET.EXE) which are now replaced by VIRSTOP.EXE. Using a .SYS program is
- in some ways preferable to using an .EXE program, in particular as it
- reduces the chances than an infected program is run before the monitoring
- program (VIRSTOP or F-DRIVER). However, this caused problems on networked
- machines, as network software often takes over the "Load-and-execute"
- function, disabling the monitoring program.
-
- VIRSTOP is supplied as an .EXE file, so that it can be run after the
- network software is installed (in AUTOEXEC.BAT). On stand-alone machines
- the program may be loaded as a device-driver, with a command such as
-
- DEVICE=C:\F-PROT\VIRSTOP.EXE
-
- IMPORTANT! - If HIMEM.SYS is used, it must be loaded before VIRSTOP.
-
- VIRSTOP.EXE includes one additional feature - it is designed to be able to
- detect if it has been infected by a "stealth" virus - an ability which
- is rather unusual. It is also often (but not always) able to detect
- attempts to run "stealth"-virus infected programs, even though the virus is
- active in memory.
-
- In order to test if VIRSTOP is properly installed, the program F-TEST is
- provided. It is NOT a virus, but it is detected by VIRSTOP the same way as
- a virus-infected program.
-
- If VIRSTOP is not installed or not active, F-TEST will print out a message
- when run. If it is active and working, VIRSTOP will display a message
- saying so, and return a code of 1, which can be checked with the
- ERRORLEVEL command.
-
- VIRSTOP supports the following command-line switches:
-
- /DISK - do not store virus signatures in memory, but read them
- in from disk when necessary. This reduces the memory requirements
- from 14K to around 2K, but cannot be used if you run VIRSTOP from
- a diskette which is later removed. If this switch is used, and
- VIRSTOP is loaded from CONFIG.SYS, it is critical that the full
- path name is given.
-
- /OLD - do not complain, even if the program has "expired". Use of
- this switch is generally not recommended.
-
- /NOMEM Do not perform a memory scan when starting.
-
- /FREEZE Stop the computer when a virus is found.
-
- The following switches have just been added and have not been fully tested
- under all circumstances. If you use /COPY, /BOOT or /WARM to enable the
- new features, some problems might appear...in that case, please report the
- problems to Frisk Software International.
-
- /[NO]COPY [Do not] check files when they are accessed/copied.
-
- /[NO]BOOT [Do not] check boot sectors when a diskette is accessed.
-
- /[NO]WARM [Do not] check the diskette in drive A: when the user
- presses Ctrl-Alt-Del
-
