home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BBS Toolkit
/
BBS Toolkit.iso
/
gt_power
/
nby126.zip
/
VIRUS.DOC
< prev
Wrap
Text File
|
1990-12-19
|
4KB
|
114 lines
If your system has been infested by a virus, read the whole document !
Protecting your system from viral attacks using NBY:
NBY is a program designed to provide comprehensive protection against
viral attacks. However, no matter what system you use to protect your
computer, YOU are the only person who can assure that your system
remains clean.
Protection starts by installing NBY and adding your major programs to
the NBY.CRC data file. This will ensure that those programs are
checked once a day. Naturally, you MUST add NBY to your AUTOEXEC.BAT
file.
Only one thing is certain with any anti-virus software: There will be
a virus out there which is NOT recognised by your anti-virus program.
The authors of these things are as busy as the authors of anti-virus
software, and, naturally, we as anti-virus authors, are always a step
behind. We can not write the code to recognise the virus until the
virus has been written.
The latest series of viruses coming from overseas are getting to be
very sophisticated indeed and detection becomes more difficult. In
contrast to the E_C_46 (PK) virus which originated in Australia, a
pathetic attempt by some twit out there to introduce a new virus. As
the viruses increase in their complexity, so do the vaccines.
Viruses can be transmitted in many forms. NBY allows you to check any
type of file, i.e., executable files, data files etc. Because virus
detection is based on a series of characters within files, there is
always the possibility that a data file, by coincidence, contains an
exact match of a virus signature.
It is highly unlikely though that you would have a real virus in say
an index file of your data-base, and yet, NBY will report that file as
being a virus-carrier.
In such an instance, you must think logically: If every file in a
given directory has been identified as a virus carrier, program file
or not, then, there is obviously a problem. If there is just ONE
data-file, index file or the like, then, in all probability, it will
be a coincidence and the file should NOT be removed.
NBY writes a batch file which you can edit with any word processor or
text editor, so you can delete individual lines in the file. The
batch file 'DEL_VIRUS.BAT' resides in the same directory that NBY
resides in.
INFECTED, WHAT NOW ?
Let us assume that your PC has been infected by a virus which attacks
other programs. You will notice that immediately when you run any cALMER
.EXE file. They warn you thereof and will no longer run. Here is what
to do in such an instance:
a) TURN PC OFF immediately.
b) Get a W R I T E - P R O T E C T E D DOS Master disk, insert it
in drive A and turn PC Back on again.
c) Log onto Drive C:
d) RENAME AUTOEXEC.BAT to A.BAT
e) RENAME CONFIG.SYS to C.SYS
f) COPY the entire DOS disk back into your DOS directory on your
hard disk. (USE 'COPY' command, N O T 'xcopy'
g) Put system back onto hard disk ('SYS C:')
h) COPY COMMAND.COM back onto hard disk.
i) REBOOT computer from HARD disk. If sucessful, it should ask
for date and time. DO N O T run any programs !!!!
j) Go into cALMER directory.
k) COPY NBY.EXE to xxx.exe where xxx is the name you gave NBY earlier.
l) RUN 'XXX' (NBY)
m) RUN 'XXX C:\' and let NBY remove the infected files.
n) RENAME A.BAT and C.SYS back to their original names.
o) Reboot
p) Restore all programs from printout AFTER CHECKING E V E R Y FLOPPY
to ensure you are not carrying the virus back onto the hard disk.
q) Be happy that you had a copy of NBY.
If in doubt after a virus alert, call me to discuss the problem.
Claude Almer
cALMER Utilities
Sydney, Australia
[61+] (02) 482-1715
or leave a message on the BBS:
cALMER 1 [61+] (02) 482-1716 (2400 baud, No Parity, 8 Data Bits, 1 Stop Bit)
.end of document virus.doc