home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
WDR Computer Club Digital 1997 April
/
cc970402.bin
/
ANTIVIRU
/
MCAF_WNT
/
GUI
/
DATA.Z
/
WhatsNew.TXT
< prev
Wrap
Text File
|
1996-12-17
|
27KB
|
927 lines
What's New in VirusScan for Windows NT v2.5.3 (9611)
Copyright 1994-1996 by McAfee, Inc.
All Rights Reserved.
Thank you for using McAfee's VirusScan for Windows NT.
This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.
McAfee welcomes your comments and suggestions. Please
use the information provided in this file to contact us.
___________________
WHAT'S IN THIS FILE
- New Features
- Known Issues
- Installation
- Documentation
- Frequently Asked Questions
- Additional Information
- Contact McAfee
____________
NEW FEATURES
VirusScan now supports centralized alerting and
reporting to a remote NetWare or Windows NT server.
Using NetShield for NetWare v2.3.3 or NetShield for
Windows NT v2.5.3, client alerts and reports can be
redistributed or compiled at the central server
location for ease of management.
For more information on using this feature, please
refer to the Frequently Asked Questions listed below.
* ENHANCEMENTS *
1. 'Disconnect User' and 'Alert Client Connection' in the
Shield configuration have been separated and the per-
formance enhanced.
2. MCALERT.MIB file included to interpret SMNP traps.
* ISSUES ADDRESSED IN THIS RELEASE *
1. McFSREC errors in the event log have been resolved.
2. Error message with DrWatson TASKMGR.EXE, when
attempting to disconnect users while sending them a
network message, has been resolved.
* NEW VIRUSES DETECTED *
This DAT file (9611) detects the following 129
new viruses. Locations that have experienced
particular problems with specific viruses are also
identified.
_922 Germany
_1000 US
_2673 Philippines
APOCALIPSE.1685 Portugal
APRIL1A.798
APRIL1B.797
AREQUIPA.1994 Peru
ASBV
ASH.302
ASMODEOUS.1437
ASSIGN.653
ATOM
BANDUNG.A US/Indonesia
BANDUNG.B
BARAN.2978
BARAN.3001
BNB.498
BR.1180
BW.790
CACO.3310 Peru
CHANDI US
CHAPA.447
CHAPA.448
CHERRY.2266
COMP.180
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
CRAWLER.545
CRIM_WW
CYBERTECH.668
DAN.1784
DELTREE TROJAN
DEMON3B.4313
DINA.271
DINA.283
DIR-II.1536.G
DIR-II.AS
DREAMER.8869
DST.330
DST.347
DST.396
DSTAR.223
EASY Internet
EDOL.832
EXEHEADER.VLAD.337
EXTRACTJPG.TROJAN
FATHER_MAC.1382
FAULT.9209
FORMATC:TROJAN
FSN.1279
GANGSTERZ Internet
H-ANDROMED.594
HELGA.666.B
HELPER US
HIDER.2143
INCH
INFERNO.781
JASON.626
JOVIAL.503
JUICE.305
KALO.1464
KOSKON.313
LATER.981.B
LD93.1217 Australia
LUNCH.783
MACGYVER.4112 (MBR) Taiwan
MAIDEN.891
MARKUS.5415
MBRK.714
MDMA.C US
MINZ.470
MIXTURA.1000
MOSCA.1278
MURCIA.4651
NPOX.1186
OKTUBRE.1784
OUTLAW Internet
PELIGRO.1206 Peru
PHARDERA Internet
PIRANIA.1617
PROTOVIRUS.720
PS-MPC.504 Peru
RESCUE 911.3774 Saudi Arabia
ROTATOR.864
SALAMANDER.888
SANLORENO.1025
SAVER:DE Internet
SCROLL.600
SHOWOFXX Australia
SIERRA.D US
SILLY.745
SMILEY:DE Germany
SPEC.907
SPOOKY:DE Internet
STEATODA.1623 Israel
STRYX:DE Internet
SUPERF.1175
SVC.3103 South America
SYSKLL.290
T555.556
TAURUS.1852
THEATRE:TW (*) Taiwan
THEATRE.A:TW (*) Taiwan
TREBUJENA.1094
TRIVIAL.44.F
TRIVIAL.45.H
TRIVIAL.52
TRIVIAL.53.A
TRIVIAL.119
TRIVIAL.284
TROOPER.2259
TWNO:TW (*) Taiwan
TWNO.B:TW (*) Taiwan
TWNO.C:TW (*) Taiwan
UNHAPPY.763.A
UNHAPPY.763.B
VCC.620
VCS.799
WAZZU.J
WAZZU.O
WAZZU.P US
WAZZU.Q US
WEATHER:TW (*) Taiwan
ZGENRAT.785 US
(*) Infects double-byte (omnicode) versions of Word,
which include Japanese, Korean, Chinese, and
Simplified Chinese.
* NEW VIRUSES REMOVED *
This DAT file (9611) removes the following 112 new
viruses. Locations that have experienced particular
problems with specific viruses are also identified.
666
_922 Germany
_1000 US
1946
_2673 Philippines
ARALE
AREQUIPA.1994 Peru
ASBV
AWAITS.500
BABY_L.674
BADSIZE.369
BANDUNG.B
BARAN.2978
BARAN.3001
BARROTES.840 Spain
BNB.498
BR.1180
BRBI.KOBRIN.492
CACO.2965
CACO.3310 Peru
CARRYON.534
CHANDI US
CHAPA.447
CHAPA.448
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
DEARFRIEND.524
DOPERLAND.490
DREAMER.4808
DREAMER.8869
DUNE.483
EASY Internet
EUPM.1731
F-YOU
FIFO.333
FORMAS.1146
FORMATC:FORMAT
GANGSTERZ Internet
GENE.1991
GENIUS
H-ANDROMED.594
HELPER US
INCH.386
INT4B.231
INT4B.242
IVP.BUBBLES.684 US
KALI-4
KOSKON.313
LD93.1217 Australia
LOVEBUZZ.591
LUNCH
MACGYVER.4112 Taiwan
MANTRA.719
MARKUS.5415
MDMA.C US
NPOX.1186
OMEGA
OUTLAW Internet
PELIGRO.1206 Peru
PHARDERA Internet
PS-MPC.504 Peru
PUPPETS.960
RESCUE 911.3774 Saudi Arabia
SAVER:DE Internet
SHOWOFXX Australia
SIERRA.D US
SILLYC.90
SILLYC.155.B
SILLYC.165
SILLYC.200.B
SILLYC.202
SILLYC.226
SILLYC.316
SILLYC.373
SILLYORCE.76.B
SILLYRC.214
SILLYRC.248
SILLYRC.303
SMILEY:DE Germany
SPOOKY:DE Internet
STEATODA.1623 Israel
STRYX:DE Internet
SUPERVISOR.2221
SVC.3103 South America
T555.556
THEATRE:TW (*) Taiwan
THEATRE.A:TW (*) Taiwan
TIE.619
TIP.554
TULA.1540
TULA.1656
TURBOEXE.854
TWNO:TW (*) Taiwan
TWNO.B:TW (*) Taiwan
TWNO.C:TW (*) Taiwan
UNHANDLED.495
UNHAPPY.763.A
UNHAPPY.763.B
VIAGGIO.1051
VOTADC.591
WAZZU.J
WAZZU.O
WAZZU.P US
WAZZU.Q US
WEATHER:TW (*) Taiwan
WILDY.354.B
WILDY.354.C
(*) Infects double-byte (omnicode) versions of Word,
which include Japanese, Korean, Chinese, and
simplified Chinese.
____________
KNOWN ISSUES
1. On-access exclusions only apply to local devices.
2. Files with the "-" (dash) character in the filename
that are compressed in zipped files will not be
scanned by the on-demand scanner.
3. VirusScan appears to continue scanning after
clicking STOP. If this occurs, move the VirusScan
window to reveal the DynaZip UnZip Error window.
Then click OK. Respond to the dialog box.
____________
INSTALLATION
* INSTALLING THE PRODUCT *
Prior to installation, take the following steps:
1. Uninstall any previous versions of VirusScan for
Windows NT.
2. Make sure you have Administrator rights for the
server on which you are installing VirusScan.
3. Run SETUP.EXE and follow the prompts. If the NT
server is a BDC, check the appropriate box when
prompted.
If you would like to perform a "silent" installation
of VirusScan NT, requiring minimal user interaction and
using all default or "Typical" installation settings, add
-s (i.e. SETUP.EXE -s) to the setup command when you
install the product.
NOTE: If you would like to perform a silent installation
on machines running NT 4.0, you must first rename
SETUP40.ISS to SETUP.ISS.
Network Administrators can customize the silent
installation by following the steps below.
1. Check in the Windows directory to ensure that a
file named SETUP.ISS does not already exist. If it
does, rename it, back it up, or delete it.
2. Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).
3. Select the components you would like to be installed
during the silent installation. All responses will
be recorded.
4. Finish the installation, and locate the file SETUP.ISS
in the Windows directory.
5. Open the file using any ASCII editor (e.g., NOTEPAD.EXE)
and delete the section titled APPLICATION.
6. Locate the section [SdSetupType-0] in the SETUP.ISS
file and go to the line:
Result=x
where x is equal to
301 (Typical installation)
302 (Compact installation)
303 (Custom installation)
7. Add 100 to the above value, so that the Result
variable is equal to 401, 402, or 403. Modifying
this file will allow the installation to copy the
VirusScan files to the drive where the operating
system resides instead of defaulting to the C:
drive.
8. Rename, back up, or delete SETUP.ISS on the first
installation disk (floppies only). For CD-ROM versions
of the product, you must copy the installation files
onto the hard drive before taking this step.
9. Copy the new SETUP.ISS from the Windows directory
to the location of the installation files.
10. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).
11. When the silent installation is complete, you should
reboot the machine manually.
NOTE: If you do not specify a "recorded" answer for
all dialog boxes during the initial installation, the
silent installation will fail. Also, the file used
for the silent installation, SETUP.ISS, may not work
properly across different operating systems. For
example, if the silent install is generated for
Windows 95, it may not work properly in Windows 3.1x
or Windows NT.
* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS NT *
Files located in the Install directory:
=======================================
1. Installed for the Alert Manager/VirusScan:
MCKRNLNT.DLL = Library files
MCSCAN32.DLL = Library files
MCUTILNT.DLL = Library files
SHUTIL.DLL = Library files
README.1ST = McAfee information
WHATSNEW.TXT = What's New document
PACKING.LST = Packing list
AGENTS.TXT = McAfee authorized agents
VALIDATE.EXE = McAfee file validation
program
UPDATE.MSG = Update message file
SHIELD.HLP = On-access help
SHIELD.CNT = On-access context-sensitive
help
MCCONSOL.HLP = Console help
VIRUSCAN.HLP = On-demand help
VIRUSCAN.CNT = On-demand context-sensitive
help
NAMES.DAT = Virus names definition data
SCAN.DAT = Virus scan definition data
CLEAN.DAT = Virus clean definition data
VirusScan Activity Log.TXT = VirusScan NT activity log
Scan Activity Log.TXT = Scan activity log
MODEMS.TXT = Modem initialization
strings
SAMPLE.CMD = Sample alert file
MCUPDATE.EXE = Update module
AMGRCNFG.EXE = Alert manager configuration
program
FTPGET.CMD = Automatic updating script
DEISL1.ISU = Uninstall file
MCSRVSHL.EXE = Uninstall application
MCSERVIC.DLL = Install/uninstall library
file
MCALERT.MIB = Interpret SMNP traps
2. Installed for Alert Manager:
WCMDR.EXE = Uninstall program
WCMDR.INI = Uninstall initialization
file
DEFAULT.VSC = On-demand scanner default
configuration settings
NETSHLD.MIF = MIF file
IMPTASK.EXE = Task import tool
IMPTASK.TXT = Task import text file
AMGRSRVC.EXE = Alert manager service
program
MCALSNMP.DLL = Alert manager SNMP
POWERP32.DLL = Alert manager support
module
VIRNOTFY.EXE = Notification utility
3. Installed for VirusScan:
MCCONSOL.EXE = Console manager
SHSTAT.EXE = Shield status monitor
program
SCNSTAT.EXE = Scan status monitor
program
SCNCFG32.EXE = Console configuration
module
VIRLIST.EXE = Virus list
SHCFG32.EXE = Console configuration
module
DPMI16.DLL = 16-bit DOS protected
mode interface library
DPMI32.DLL = 32-bit DOS protected
mode interface library
MCKRNL95.DLL = Library files
MCUTIL95.DLL = Library files
DUNZIP32.DLL = File decompression
library
DZIP32.DLL = File decompression
library
TASKMRG.EXE = Task managing service
SCAN32.EXE = On-demand scanner
Files located in WINNT35\SYSTEM32:
==================================
1. Installed for VirusScan/Alert Manager:
CTL3D32.DLL = 32-bit 3D Windows
controls library (*)
(*) File will be installed upon installation of
VirusScan if the file does not already exist,
or if an older version is found.
Files located in WINNT35\SYSTEM32\DRIVERS:
==========================================
1. Installed for VirusScan:
MCFILTER.SYS = System files
MCFSREC.SYS = System files
MCKRNL.SYS = System files
MCSCAN.SYS = System files
MCUTIL.SYS = System files
MCSHIELD.SYS = System files
* TESTING YOUR INSTALLATION *
The Eicar Standard AntiVirus Test File is a combined
effort by anti-virus vendors throughout the world to come
up with one standard by which customers can verify their
anti-virus installations.
To test your installation, copy the following line into
its own file and name it EICAR.COM.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When done, you will have a 69- or 70-byte file.
When VirusScan is applied to this file, Scan will report
finding the EICAR-STANDARD-AV-TEST-FILE virus.
It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.
Please delete the file when installation testing is
completed so unsuspecting users are not unnecessarily
alarmed.
_____________
DOCUMENTATION
For more information, refer to the VirusScan User's
Guide, included on the CD-ROM versions of this program
or available from McAfee's BBS and FTP site. This file
is in Adobe Acrobat Portable Document Format (.PDF) and
can be viewed using Adobe Acrobat Reader. This form of
electronic documentation includes hypertext links and
easy navigation to assist you in finding answers to
questions about your McAfee product.
Adobe Acrobat Reader is available on CD-ROM in the
ACROREAD subdirectory. Adobe Acrobat Reader also can
be downloaded from the World Wide Web at:
http://www.adobe.com/Acrobat/readstep.html
VirusScan documentation can be downloaded from McAfee's
BBS or the World Wide Web at:
http://www.McAfee.com or http://205.227.129.97
For more information on viruses and virus prevention,
see the McAfee Virus Information Library, MCAFEE.HLP,
included on the CD-ROM version of this product or
available from McAfee's BBS and FTP site. A ViaGrafix
Interactive Anti-virus Training program also is available
on the CD-ROM version, or can be purchased from the
McAfee Web Site.
__________________________
FREQUENTLY ASKED QUESTIONS
Regularly updated lists of frequently asked questions
about McAfee products also are available on McAfee's
BBS, website, and CompuServe and AOL forums.
Q: How do I enable McAfee's Centralized Alerting and
Reporting?
A: VirusScan now supports Centralized Alerting and
Reporting to a remote NetWare or Windows NT server
running NetShield for Windows NT v2.5.3 or NetShield
for NetWare v2.3.3.
To set up this option on your VirusScan client, modify
ScanNT's DEFAULT.VSH and DEFAULT.VSC, and/or your custom
settings file to read the following:
Note: Administrators will need to configure both the
.VSH and .VSC files for complete Centralized Alerting
& Reporting.
szNetworkAlertPath=<directory name>
bNetworkAlert=1
Where the <directory name> is the path to the remote
NetWare volume or NT directory(can use UNC format
where supported). From this directory, NetShield can
broadcast or compile the alerts and reports according
to its established configuration.
NOTE: The client must have write access to this
<directory> location and the directory must contain
the NetShield-supplied CENTALRT.TXT file.
To send a complete alerting file identifying the
system and user, establish the following environment
variables or add them to the AUTOEXEC.BAT file.
Set COMPUTERNAME=<name of computer>
Set USERNAME=<user name>
The alert file sent to the server is an .alr text
file. Upon receipt of the alert file, NetShield NT or
NetShield for NetWare sends an alert message to an
administrator and/or appropriate personnel.
Q: How do I manually uninstall VirusScan for Windows
NT?
A: To uninstall, take the following steps:
1. Close the product dialog windows.
2. Delete the installation directory.
3. Delete the HKLM\SOFTWARE\MCAFEE key in the
registry.
4. Delete the six McAfee device drivers (MC*.*)
in %SYSTEMROOT%\SYSTEM32\DRIVERS.
5. Reboot.
Q: Why do I get errors in my event viewer after
installing Service Pack 3 or Service Pack 4?
A: Service Pack 3 and Service Pack 4 involved a
change to the HAL.DLL file that is used by McAfee's
device drivers. If you are using VirusScan for
Windows NT Version 2.5.0, uninstall, then install
Version 2.5.3 or higher.
Q: Why do I get an error in MCINST32.DLL when I
attempt to install VirusScan for Windows NT?
A: VirusScan for Windows NT was designed for an i386
processor only. This error is usually caused by an
attempt to install to a non-i386 machine.
Q: Is there a conflict with the Novell written client
for NT?
A: No. However, there are some timing issues that
arise when VirusScan for Windows NT is installed.
If it is necessary for you to use the Novell client,
change the account that both the McAfee Task
Manager and the Alert Manager use to a "System"
account.
Q: As an administrator, how can I scan private
directories that are accessible only to
individual users?
A: The on-access scanner will detect infected files
as they are copied into the users' private spaces.
On-demand (scheduled) scans are launched by the
McTaskManager Service. If you specify a user name
and password for the Service, then the scheduled
scan will only scan directories for which the user
name has privileges. If no user name was specified,
then the Service has SYSTEM privileges.
To perform an on-demand, or scheduled, scan of
private directories, the McTaskManager Service must
have access to these private areas. Following are
two ways to address this issue:
Solution A:
1. Do not associate a user name to the Service.
2. Give SYSTEM privileges to access the private spaces.
Considerations with Solution B:
Someone could create or use a Service to access your
information.
Solution B:
1. Create a custom user name to be used by the Service.
2. Give this user name privileges to access the private
spaces.
Considerations with Solution A:
The administrator will need to know the user names
and passwords.
McAfee recommends Solution A as a more secure solution.
Q: VirusScan will not perform an on-demand (scheduled)
scan of some networked devices. Why?
A: It is possible that the user name you are using for
the Taskmanager Service does not have sufficient
rights to scan the devices in question. To verify
whether this is the issue, log in to each device using
the user name and password used by the Taskmanager
Service. Confirm that this user name has rights on
the device by manually running an on-demand scan. If
you can scan the device while you're logged in, then
the Service should also be able to do it as a scheduled
scan.
Q: When performing an on-demand (scheduled) scan of a
networked device, the system locks up. How can I
solve this problem?
A: Log on to the device in question and manually run
an on-demand scan with the Compressed Files option
turned off. If the scanner locks up, note where it
locks. Attempt to determine which file VirusScan locks
on and send the information to McAfee. If the scan
succeeds, select the Compressed Files option and scan
the device again. If it locks this time, chances are
you have a ZIP file that is corrupted or large, and
it takes time to scan. If scanning works in both
scenarios, then give the Taskmanager Service the same
user name and password currently logged in as and try
a scheduled scan again. If this now works, then the
old user name didn't have sufficient rights to scan
the device in question.
Q: Can I update VirusScan's data files to detect
new viruses?
A: Yes. If you have Internet access, you can download
updated McAfee data files from the McAfee Web
Site, BBS, or other online resources. To download
from the McAfee Web Site, follow these steps:
1. Go to the McAfee Web Site (http://www.mcafee.com
or http://205.227.129.97).
2. Click on the Download McAfee button in the upper
left hand column or frame.
3. Click on Update Your DAT File to update DAT files.
4. View the information provided on new DAT files
and downloading.
5. Click on Download This Month's DAT.
6. Data file updates are stored in a compressed form
to reduce transmission time. Unzip the files into
a temporary directory, then copy the files to the
appropriate directory, replacing your old files.
7. Before performing any scans, shut down your
computer, wait a few seconds, and turn it on again.
If you need additional assistance with downloading,
contact McAfee Download Support at (408) 988-3832.
Q: I have an on-demand (scheduled) scan that doesn't
seem to run. What am I doing wrong?
A: Scheduled scans should not overlap one another. If
you have more than one drive, folder, or item that
you would like to have scanned, add additional items
for scanning to the Detections page of the Task's
properties. After making the changes, restart the
computer and scheduled scans should function as
designed.
______________________
ADDITIONAL INFORMATION
VirusScan NT includes an external utility,
VIRNOTFY.EXE, that will notify you in the event that
McAfee's Alertmanager is not installed. To use this
utility, open McConsole, and select Tools/Alerts. Add
the path and utility to the Program To Execute line.
______________
CONTACT McAFEE
* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *
Contact McAfee's Customer Care department:
1. Call (408) 988-3832
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
2. Fax (408) 970-9727
24-hour, Group III Fax
3. Fax-back automated response system (408) 988-3034
24-hour fax
Send correspondence to any of the following McAfee
locations:
McAfee Corporate Headquarters
2710 Walsh Avenue
Santa Clara, CA 95051-0963
McAfee East Coast Office
Jerral West Center
766 Shrewsbury Avenue
Tinton Falls, NJ 07724-3298
McAfee Central Office
5944 Luther Lane, Suite 117
Dallas, TX 75225
McAfee Canada
178 Main Street
Unionville, Ontario
Canada L2R 2G9
McAfee Europe B.V.
Orlyplein 81 - Busitel 1
1043 DS Amsterdam
The Netherlands
McAfee (UK) Ltd.
Hayley House, London Road
Bracknell, Berkshire RG12 2TH
United Kingdom
McAfee France S.A.
50 rue de Londres
75008 Paris
France
McAfee Deutschland GmbH
Industriestrasse 1
D-82110 Germering
Germany
Or, you can receive online assistance through any of the
following resources:
1. Bulletin Board System: (408) 988-4004
24-hour US Robotics HST DS
2. Internet e-mail: support@mcafee.com
3. Internet FTP: ftp.mcafee.com or 205.227.129.134
4. World Wide Web: http://www.mcafee.com or
http://205.227.129.97
5. America Online: keyword MCAFEE
6. CompuServe: GO MCAFEE
7. The Microsoft Network: GO MCAFEE
Before contacting McAfee, please make note of the following
information. When sending correspondence, please include
the same details.
- Program name and version number
- Type and brand of your computer, hard drive, and any
peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and
system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where
applicable
- Relevant browsers/applications and version number,
where applicable
- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand
- Your contact information: voice, fax, and e-mail
Other general feedback is also appreciated.
* FOR ON-SITE TRAINING INFORMATION *
Contact McAfee Customer Service at (800) 338-8754.
* FOR PRODUCT UPGRADES *
To make it easier for you to receive and use McAfee's
products, we have established an Agents program to
provide service, sales, and support for our products
worldwide. For a listing of agents, see the file
AGENTS.TXT, where applicable, or contact McAfee
Customer Service for agents near you.