ProfitPress Mega CDROM2 Shareware Freeware (MSDOS)(1992)(Eng)

home *** CD-ROM | disk | FTP | other *** search

/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / NBY127.ZIP / NBY.DOC < prev next >

Wrap

Text File | 1991-06-19 | 40.7 KB | 887 lines

+-----------------------------------------------------------------------+ | [NBY] (NOT BORN YESTERDAY) Trojan Subterfuge ver. 4.00 | | Copyright (C) 1991 by cALMER Utilities [All Rights Reserved] | |361 Somerville Road Hornsby Heights Sydney Australia [612] (02) 4821715| +-----------------------------------------------------------------------+ Purpose: Detect damage done by Trojan Horses , viruses and other electronic poisons and take action accordingly. LATEST RELEASE INFORMATION Tue. 25th. June 1991 * ALL boot-sector viruses damage floppy disks in some way or another (they must store the original bootup information somewhere on disk and can thus overwrite existing information). For that reason, NBY will now simply eliminate any bootsector virus found on any floppy disk by re-writing the bootsector from scratch. If the diskette was a bootable DOS disk, DOS will no longer load from if booting from the previously infected disk. You should NEVER have a non-writeprotected DOS boot disk ! The advantage of this is two-fold: NBY can eliminate the boot- sector virus even if it has been hacked by someone and has changed it's expected behaviour. All previously infected disks become bootable disks, as if they had been treated with BootPast. * After scanning a floppy disk, NBY now gives you the option to scan another disk, allowing you to edit the command line. On hard disk scanning, you can call up this option by going say: 'NBY C:*.com c:*.exe /m<Enter>' (/m for 'More') * A bug which did not check boot sectors on floppies if the system had no hard disk at all has been removed. * Users who have ThunderByte installed will note that the systems files (io.sys, msdos.sys, command.com or equivalent) are only scanned once a day. However, if ThunderByte has been disabled, it will scan those files on every bootup. This is due to the supreme protection derived from the antivirus hardware card and it really is not necessary to check those files in every bootup. * Users who have ThunderByte installed are given a message to ignore the ThunderByte warning message when NBY is eliminating a floppy boot-sector virus. QUICK INTRODUCTION: NBY PROVIDES COMPLETE PROTECTION AGAINST ANY VIRAL ATTACK IF USED PROPERLY. First time you run it, NBY will take an image of the systems files. On all subsequent runs it will compare the image against the present situation and warn you if there where any changes. If NBY is attacked by a virus, it will warn you thereof. Once installed, you can scan any drive or directory for viruses as follows: NBY \*.OVL \*.LIB C:\DEVELOP\*.COM This would search the entire hard disk for *.ovl files, *.lib files as well as any COM files in directory DEVELOP and below on drive C: NBY RELEATED FILES: NBY.EXE the anti-virus program NBY.CRC Data file containing list for daily check-up NBY.DOC your looking at it NBYUPD.DOC latest info of viruses recognised by NBY. NBY.UPD NBY Virus signature update file. This file can be downloaded free of charge from cALMER 1, the cALMER Utilities Bulletin board on (02) 482-1716, 24 hours. This file is automatically processed by NBY if found in same directory as NBY is called from and will dissapear once you have re-run NBY. NBY.VIR NBY report file. Information on what files are infected on your system (if any). xxx.SIG NBY Virus signature file where xxx = the name you gave NBY. This is a hidden file and is not visible with the normal DOS dir command. NBY.MSG NOT SUPPLIED ! Generate this ASCII file to instruct your staff on what to do in case of a virus attack. Use Autoedit or other standard ASCII editor to generate the file. DEL_VIRUS.BAT This batch file gets generated when NBY finds viruses in executable files. In that event, you'll have the option of deleting the files immediately or, at a later stage. THE ONLY SAFE THING TO DO IS TO DELETE INFECTED EXECUTABLE FILES ! REGISTER.DOC Registration information README.!!! Important info not necessarily contained in this file on latest releases of the cALMER Utilities ------------------------------------------------------------------------ OVERVUE: * Automatically checks all relevant systems areas every time it is run. * Direct interface to F A S T - NBY. In conjunction with F A S T - NBY automatically scans any additions to your hard disk, even if you forgot to do so yourself. * Customised messages in case of infection. * May be installed for Shez file compression utility * Once a day, checks any given file on any drive as nominated in a data file. * Optionally checks any file on hard disk, floppies or network drive for known viruses. * Generates a rescue disk in case of catastrophic attack or failure. (register version only). * Self protected against viral attack. * Works on networks. Works under PC DOS, MS DOS, DR DOS, PC MOS, Unix, OS/2, Double DOS, 4DOS. SYSTEM REQUIREMENTS: * NBY needs ~ 120K of hard disk space on its first run. * Your Config.sys must contain the statement Files = 20 (or higher) Note: NBY does NOT check or alter config.sys ! ****** If you are booting from a floppy after detecting problems, make sure that the floppy disk contains config.sys with the files = 20 included ! Note: THE RESCUE DISK GENERATE BY NBY CONTAINS CONFIG.SYS. (Use AUTOEDIT.EXE to edit your config.sys file.) * NBY can not operate on a Read-Only Hard disk drive if that drive is also the boot-drive. * REGISTERED VERSION: NBY requires a formatted, systemised low-density floppy disk. If you are using extended disk drivers in your config.sys, you MUST modify the file config.sys on the rescue disk to contain the relevant driver also. You should, for safety sake, copy the relevant device drivers onto your floppy disk as well. GENERAL NOTES ABOUT NBY: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! ! ! ! ! ONCE YOU HAVE RUN NBY ON YOUR COMPUTER, YOU CAN NOT, REPEAT ! ! =========================================================== ! ! ! ! ! ! ! ! NOT, COPY THAT PROGRAM AND RUN IT ON ANOTHER COMPUTER. IF ! ! =========================================================== ! ! ! ! ! ! ! ! YOU DO THIS, IT WILL TELL YOU THAT THE SYSTEM MAY HAVE BEEN ! ! =========================================================== ! ! ! ! ! ! ! ! DAMAGED. If you attempt to do that, NBY will tell you that you ! ! ======== made a SERIOUS ERROR ! ! ! ! ! ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NBY caters for a wide range of non-standard disk drivers, alas, not all of them. If your driver is not recognised, NBY will say "disk is not bootable" and fail to proceed. In that case, you should do the following: Keep NBY in your autoexec.bat. As it is protected against virus attack, you can assume that if it runs in any form, your computer is not the victim of any parasitic virus, i.e. a virus which attacks executable files. Contact the author BY MAIL and supply the following: a) A fully formatted and systemised diskette Use the DOS "format /s" command (see below) b) A copy of SIPLUS printout or report file. "SIPLUS >SIPLUS.INF" will generate a report file called SIPLUS.INF d) Copies of AUTOEXEC.BAT and CONFIG.SYS c) Your master disk of the utilities. d) Description of the Hardware, i.e. Brand name etc. HOW TO RUN NBY: To evade viral injection to NBY itself, you must first rename NBY.EXE to another name. This is so that those pea-brains out there can't simply look for NBY.EXE and screw it up. The program could not care less what name it is, as long as it ends in '.exe'. As of version 2.13, you must also rename the nby.crc file to the same name. The easiest way to this is as follows: From DOS command line key in: copy nby.* myname.*<Enter> ; whatever name you ; choose. myname<Enter> ; and run the ; program. If upgrading from an earlier version, use the same name as you had before. This way you do not need to change your autoexec.bat file. NBY BEHAVES DIFFERENTLY WHEN BEING RUN THE FIRST TIME AS OPPOSED TO ANY OTHER TIME. FIRST TIME RUNNING: The first time you run it, you must be logged onto your boot drive. This is generally drive C:, after that it can be run from any disk. If you damned well know that the drive you are logged onto is the boot drive and NBY tells you that the disk is not bootable, you should stop cursing me and, when you calmed down, get in touch with me. REGISTERED VERSION: You must have a 360K or 720K formatted and systemised disk ready. An image of your system will be copied to the floppy for later rescue services. Follow screen instructions. THAT DISK MUST BE PRODUCED (I.E. FORMATTED & SYSTEMISED) ON THE COMPUTER IT IS GOING TO BE USED ON. THIS MEANS THAT YOU CAN NOT PRODUCE A BATCH OF SYSTEMISED, FORMATTED DISKS ON ONE COMPUTER AND THEN USE THEM ON DIFFERENT ONES. NBY ATTEMPTS TO DETECT YOUR ATTEMPTS TO CHEAT BUT AN NOT ALWAYS GUARANTEE SUCCESS. AS THE RESCUE DISK WILL CONTAIN VITAL INFORMATION USED TO RESTORE YOUR SYSTEM AFTER A POSSIBLE FAILURE, IT IS I M P E R A T I V E THAT YOU FOLLOW THE INSTRUCTIONS PRECISELY. Use the CALMER installation program to format and systemise the rescue disk if you are unsure how to go about it. You can not run NBY from a network drive the first time you run it. If the station is purely a terminal without hard disk, there is no point in running / installing NBY. If you have a hard disk on the terminal, you MUST SET THE TERMINAL INTO LOCAL MODE before performing initial installation of NBY. CHECKING SYSTEMS FILES NBY is not a TSR program (terminate and stay resident). Therefore, to check the system you must run it. Put it in your AUTOEXEC.BAT file so that the system is being checked every time you start the computer. The first time every day you run NBY, it will do a systems check as well as check all files nominated in NBY.crc. As supplied, NBY.crc contains: c:\config.sys c:\autoexec.bat c:\calmer\tct.com c:\calmer\tctoff.com c:\calmer\tcton.com c:\calmer\emptykbd.com c:\calmer\screen.com c:\calmer\tct.com c:\calmer\formfeed.com c:\calmer\prinfool.com c:\calmer\move.com c:\calmer\cursor.com c:\calmer\nocursor.com As viruses become cleverer, they become harder to detect. One specific virus for example will attack all command files but leave command.com alone. It is therefore a good idea to leave a few commonly used ".com" files in the above list. You can add as many file names you wish to this file. Note: No wildcards are allowed in this file. Full path name must be supplied. A CRC number gets calculated and written against each file, thus no wildcards. All Calmer Utilities *.exe Programs automatically check themselves against viral protection, so there is no need to include them. From DOS, key in "autoedit nby.crc<Enter>" to change that file. Naturally, "nby.crc" should be changed to whatever name you decided on. Once NBY has run, the data file will contain a CRC number against every file name. If adding new files, leave the CRC numbers alone. If a program in the list of files has been attacked by a virus, the data file will contain a note against the file. IF YOU WISH TO CHECK THE FILES IN THE LIST MORE THAN ONCE A DAY, use the following: nby /DoIt<Enter>. This will check the system and the files in the data file. CHECKING OTHER FILES NBY will check any file you wish for known viruses. If you receive a floppy disk which you suspect you should do the following: Bootpast<Enter> ; make floppy bootable and eliminate ; any possible virus on boot sector. NBY a:*.* ; check all files on drive a: (Again, ; NBY is changed to whatever name you ; choose); Note: NBY accepts wild-cards in this mode and will scan all subdirectories following the starting directory. NBY A: scans all files on a: NBY A:\UTIL scans all files on a: in util directory or, if a file called util exists, scans that one. NBY A:\*.EXE checks all exe files on A See 'MONDAY.DAT' for a sample on how to use this on a weekly basis. SYSTEMS WITHOUT HARD DISKS: If you use NBY on a floppy-only computer, you will only be able to perform scanning of other floppies with it. I.e., it will not generate a rescue disk for you nor will it take a systems image and compare it every time you run the program. WHEN UPGRADING DOS OR SYSTEM: Now and then, you'll upgrade your system or reformat your hard disk for some reason or other. Naturally, the next time you run NBY, it will warn you of a change having taken place. Simply copy NBY.EXE to the filename you use normally and rerun it. NBY will then go ahead and gather the new systems information. IN THE EVENT OF FAILURE: NBY does NOT trap any error codes, as mentioned above. If you do get a 'RUNTIME ERROR', the only certain thing is that something is wrong. In that instance you will have to rely on technical information, and as luck has it, I do not provide that. Follow these instructions: If near a phone and if during reasonable hours (9.00am to 9.00pm Sydney time) ring me NOW. If not near phone or no answer on +61-02-476-2252, take note of error number, what directory you where in and call me later. (The reasons why the run time errors are not trapped is because I want to know every conceivable problem viruses could cause in order to upgrade NBY.) Your computer can fail for a myriad of reasons. The first thing to keep in mind in the event of failure is NOT TO PANIC ! Most users have a tendency to do a low level format. This is understandable but totally unnecessary in any virus infestation case. Keep in mind that a virus will only reside in a given area on your disk, not all over it. After all. Some viruses, like the Marijuana virus, remove drive D, E etc, and all you have left is Drive C plus floppies. It is therefore IMPERATIVE that you adhere the following rules: KEEP YOUR MAIN UTILITIES ON DRIVE C KEEP YOUR DOS AND SYSTEMS FILES ON DRIVE C KEEP YOUR DOS AND SYSTEMS FILES ON A FLOPPY TOO !!!! i.e., any files mentioned in config.sys should reside on drive C, command.com should be on drive C etc., everything should be backed up on bootable floppies.... Extended device drivers which set-up drives D etc generally DO NOT ADHERE TO STANDARD practices. Therefore, generic disk utilities can not interpret the information correctly unless that driver is also on the floppy. Run SIPLUS from Drive C. If the partition table contains any 'unknown's, chances are that recovery will not be possible with standard utilities if the need arises. IF DISK DOES NOT BOOT AFTER RESTORING VIA RESCUE DISK: Under certain circumstances it could be possible that the hard disk will "hang" after restoration and NBY will tell you that the systems appears to be save. This could be the case for instance if you had more than one virus nibbling around. In that event, put your DOS utilities disk in Drive A, log onto drive A and give the command "SYS C:". This will attempt to restore the systems files. If the message "System transferred" appears, you should be okay. On the other hand, if the message "No Room for systems files" appears, you have two choices: a) Back-up your entire hard disk, then re-format it, or, b), give me a call and I will try to guide you through... (No promises of success though) TROUBLE: When NBY detects any tampering with your systems files, it will warn you thereof. Normally, this it the time to start to panic. As a licensed user, there is no need to worry, but a non- registered user will have to restore the system manually. In that case, NBY has no control over what event took place. NBY assumes next time you are running NBY is once again the first time. It will re-read the system status and check the information against that data from then on. Registered users can simply follow the screen, answer yes to "do you want automatic recovery" and go on with their lives. 2 minutes and your system is as it was before. INSERTING CUSTOMISED MESSAGES FOR OPERATORS: Corporations with unlimited registration have two inherent problems after a virus attack: a) The operator will not know what to do when the alarm goes off b) The operator will not necessarily have access to the rescue disk To overcome these problems, I have implemented the ability to display customised messages in case of attacks. This system is only available for registered users: Create a file called "NBY.MSG". Naturally, rename it to whatever you have renamed NBY to. The file must reside in the same directory as the program is in. If the file is not present, normal NBY messages and directives will appear. DO NOT COPY THIS FILE ONTO YOUR RESCUE DISK AS IT INHIBITS AUTOMATIC RECOVERY ! This file can be as long as you like, there will be a pause after every screen full. The last screen should be 2 lines shorter since NBY displays its own message at the end. The file must be a standard ASCII file (use Autoedit to generate it). If the last line in the file contains the word "lock", the computer will be locked and must be reset with a hardware reset. Sample NBY.MSG: :: :: :: Your computer has been infected by a virus. :: :: :: :: Please call :: :: :: :: Joe Blow :: :: Systems Support Analyst :: :: Internal Phone Number 1234 :: :: :: :: Or :: :: :: :: Sandy Fly :: :: MIS Manager :: :: Internal Phone Number 4321 :: :: :: :: :: :: DO NOT SWITCH YOUR COMPUTER OFF, WAIT FOR FURTHER INSTRUCTIONS :: :: :: :: this computer is now locked up ! :: NBY should be run from the autoexec.bat file. I recently heard of a user with about 100 computers, all of them protected by NBY. The other day, NBY found a virus and made a lot of noise which upset some people. Therefore, in the MIS manager's absence, some clever user sent an inter-office memo to all staff to remove NBY from the autoexec.bat file for the time being, until the problem is fixed and it no longer screams. Moral of the story: When NBY screams, there's a reason. If you don't understand what it is, call someone who does. But, whatever you do, do NOT ignore it or bypass it. NBY CAN NOT COPE WITH: NEC Large disk partition If you happen to run under a NEC extended disk manager for large NEC disks on PowerMates, sorry, both SIPLUS and NBY do not run on them. No idea why. One day, I'll get my hands on one of them for a couple of hours and may be able to fix it. Solution: Use standard DOS partitioning of your hard disk. (It is the extended disk driver that causes the problem!) Run PARTDISK and select AUTO instead of LARGE. DO NOT DO THIS WITHOUT HAVING A COMPLETE BACKUP OF YOUR ENTIRE DISK AS YOU WILL LOOSE ALL INFORMATION !!!! -------------------------------------------------------------------- UPGRADE HISTORY: Version 4.00 Auto-elimination of floppy boot-sector viruses. Incorporation of ThunderByte anti-virus hardware card detection and special handling if present. Version 3.03 Series 126, first release version incorporating virus signature file. Version 3.00 ß-copies for new virus signature data file testing. Version 2.79 The 'Serious Error' message has been changed to: 'ROM MISMATCH ERROR ! PLEASE SUPRESS NBY ROM LOCK VIA CA-STAT' If it appears when you run NBY for the second time on the same PC, include 'NONBYROM' in the CA-STAT environment variable. Registered users can do this by running the cALMER Installation program and changing the default setup. Version 2.78 Fixed BUG which generated an error during rescue-disk generation. Version 2.77 Interface to F A S T - NBY. NBY /FAST will grab F A S T - NBYs data files and auto- matically check any program which has been modified as well as any new programs added to your system since the last running of F A S T - NBY. This should be used in conjunction with the TODAY program and take the following format: (See TODAY.DOC) echo please stand by while scanning system fastnby /silent if errorlevel 1 NBY /FAST Other changes include new viruses and modifications to self-test. Version 2.68 to 2.77 where inhouse and ß-test versions only, they where never released to public. Version 2.68 Version 2.63 to 2.67 where internal versions only, they where never released. Version 2.68, Series 123 brings the following changes and problem fixes: a) Several users reported that NBY complained about a "Serious Error" immediately it was being re-run. This was due to reading problems on certain types of machines. It can now be suppressed via NONBYROM in CA-Stat. b) Several Commercial software packages have appeared on the market which modify the file creation date of command.com. Naturally, NBY complained. This can now be allowed via ALLOWCT in CA-Stat. c) Floppy-based only installations had a problem in that NBY did not check the boot-sector of the floppy disks. This has been corrected. d) Several users requested the ability to bypass the generation of a rescue disk. This is now possible if upgrading via NORESCUE in ca-stat. e) NBY now allows you to print a listing of files before they are deleted, for easier re-installing of affected programs. f) NBY did NOT use the NBY.MSG file when it found viruses, only when system files got attacked. It now uses the file in both circumstances. g) NBY will now test itself if it has been attacked by a virus so that you know which virus is active in your system. As there are some viruses which will attack any file read, NBY only allows self- testing, i.e. no other files can be tested with a corrupted or attacked NBY. Version 2.67 (internal) Self-Test if Attacked Version 2.66 (internal) Disable ROM Locking Version 2.65 (internal) NO Rescue Disk generation Version 2.64 (internal) Additional viruses Version 2.63 (internal) Boot sector checking on floppies-only systems Version 2.62 Additional internal (undocumented) safety checks. Version 2.61 Recognises 1022 and STAF virus Version 2.60 Removed the Halloechen Virus detection due to errors in reporting the presence of this virus. Version 2.59 Added another 44 New Viruses and their substrains to the list of viruses covered. There has been a huge increase in viral activities in Australia over the last few weeks and, luckily, I received copies of most of them. (Wed 06. Jun 1990). CA-STAT=NOHARD Ability to tell those inferiour machines without any hard disks which report to NBY any figure between two and 43, that there really is no hard disk present. You must set this environment variable if NBY request you to run NBY from the hard disk during initial running of the program and you do not have a hard disk. (Add "set ca-stat=NOHARD" without quotation marks to your autoexec.bat file). Version 2.58 TimeOut feature for Sysops: Running a bulletin board involves, amongst thousands of hours of slave labour, the exciting task of finding viruses which people upload onto my computer. (I encourage people to do so.) The problem was that four the last couple of days, at 4:00am, I had to get up and hit a key as NBY complained loudly every time it found a virus. I have now implemented for NBY to do this automatically in registered versions via the CA-STAT environment variable: CA-STAT=SILENCE: A special variable designed for SYSOPS of Bulletin Boards. This values is effective only in registered versions of NBY. You specify the times where you want virus warnings and any other changes warnings by NBY to be processed automatically. It takes the following form: CA-STAT=SILENCE:23:45-06:30-02 Meaning that between 23:45am and 06:30am there will be a two-second delay, then NBY will answer the questions for you automatically by hitting a key automatically. By now you would have noticed that the time must be in military (24 hour) format, no spaces area allowed ! This feature should only be used by SYSOPs. Naturally, any other values for CA-STAT remain unaffected. See CA-STAT.DOC Version 2.57 Changed Initial Checking mechanism. Now recognises Toshiba DOS and Mitsubishi DOS Version 2.56 12 Tricks virus detection midified Version 2.55 Recognises DiskKiller, Ohio virus Version 2.54 Recognises 9 additional viruses Version 2.53 So, I added a feature into NBY whereby NBY writes a program (batch file) so you can automatically erase all files containing a virus which have been found anywhere on the disk. This can be done immediately or at a later stage. Note: It is IMPERATIVE that you run the "Del_Virus" program to ensure that ALL programs requiring removal are removed. You should tell NBY to do it immediately. The batch file will then start instantly. At the end of the batch file is a command for the batch file to erase itself. This gets some implementations of DOS somewhat confused. It does not like the batch program to erase itself and says "Batch File Missing". Just ignore the message, the program finished anyway. Also, to make it easier in a "TODAY" datafile for any given day of the week, you can now add as many parameters as can fit on the command line. As an example, you can say: NBY \*.OVL \*.LIB C:\DEVELOP\*.COM D:\LOTUS\*.EXE D:\LOTUS\*.COM .... to check for all .ovl files and .lib files, all .com files on drive C: in directory DEVELOP and so on. Anyway, 2:30am, (Wed 23. May 1990) the next series (119) is released, and, hopefully, E_C_46 (RK) is on its way out. Version 2.52 Late on Tuesday, 22. May 1990, afternoon I received two virus- infected Diskettes with three different viruses on. The first had the "Den Zuk" (also called the "Search") virus together with the "Ohio" virus. Unfortunately, both where residing on the Boot-sector of the floppy. As I had not seen either of these two viruses I had hoped that NBY(118) would identify the "Den Zuk" properly, which it did. I had never seen the "Ohio" virus, nor did I have any technical information on it, other than that it was a boot virus. The other disk contained a virus which was not recognised by any anti-virus programs and, in an uncontrolled environment, could spread very quickly on a system or presumably network. Therefore, I put priority on this virus and wrote the detection algorithm into NBY. After testing the floppy disk with the new version of NBY which worked, I then did an entire systems test. And it turned up in quite a few places to my surprise ! I called it "E_C_46 (RK)" which is an in-house disk reference number. No need to give these beast an exotic name as the Americans do.... Version 2.51 bug fix: NBY 2.50 produced a run-time error in some circum- stances while processing CRC file, clobbering that file. If this has happened to you, there would have been a back-up file left in the directory, called nby.bak (whatever you renamed nby to). This bug is now fixed after a second attempt ! Version 2.50 After collecting run-time error reports over the past few months and having found out what causes which error, NBY now captures most errors and reports on them. There is now an indicator showing that work is in progress, Useful when checking rather large files. When redirecting output to printer or file, output is also echoed to the screen. Version 2.32 .. 2.49 in-house versions implementations only. Although these version numbers exist amongst some users, the changes implemented in them are only internal re-writes of the program to make it more efficient, but, from an operators point of view, there is no visible difference.. Version 2.32 Recognises 100 Year virus carrier. Version 2.31 Some whacko has actually gone and patched the Marijuana Virus, presumably in order to avoid detection. 2.31 recognises (and removes) this version. Version 2.30 Recognise 12 Tricks virus and Trojan program By the descriptions given to me, this is the most severe virus out there yet. However, NBY would have picked up infestation. It now recognises the virus dropping programs. Version 2.29 Recognise Wyse computer anomaly Version 2.28 Additional information kept in system image Version 2.27 Some types of AT's showed an intermittent anomaly of not displaying "system appears to be safe" message. After weeks of hunting, I finally got one of those computers and the problem is now fixed. Version 2.26 Implementation for floppy-disk only computers, i.e. no hard disks. Version 2.25 Allow insertion of own messages for operator. Version 2.24 More informative error-message during initial installation. Version 2.19 Now searches subdirectories and boot sector when scanning programs identified from command line. Can now be added to latest version of SHEZ for fast and extensive scanning of files via <Alt-z> in SHEZ. Now reports viruses by other common names and checks for several signatures per virus in order to attempt to detect new strains. Version 2.19 through 2.23 ß-test releases to attempt to overcome NEC problems. Getting there but still not 100%. Version 2.18 Adjusted to overcome DR-DOS bug, additional viruses covered. Now works under PC DOS, MS DOS, PC-MOS, DR DOS, Double DOS, OS/2. Early versions of DR DOS do NOT work with hidden, read/only CONFIG.SYS and AUTOEXEC.BAT. In that case, use confedit/autoedit to change. See relevant documentation. Version 2.17 Two Additional (undocumented) Safety Checks. Version 2.16 Renamed NBY.DAT to NBY.CRC to avoid potential conflicts if NBY run from DOS or Root directories. Thanks to Chris Halliday for finding/reporting the problem. It appears that last time I edited this file, a few paragraphs where stuck in the holding buffer and never made it back into the intended spot while others where in the wrong area. The confusion should now be gone. Version 2.15 Works under DR DOS Version 2.14 Check Files nominated from Command line Version 2.13 Check files contained in data file nby.crc Version 2.12 Encrypted virus signatures to avoid detection by other programs. Version 2.11 More Viruses covered Version 2.10 Pakistani Virus Detection incorporated Version 2.09 Copes with SpeedStor Disk Drivers Version 2.08 1701 Virus Detection incorporated Version 2.07 Improved self-protection Version 2.06 Locked Keyboard to force PowerOff after certain virus detection Version 2.05 More stringent testing and faster algorithm. Version 2.04 additional virus detection. Version 2.03 Antidote against Marijuana virus Note: My sincere thanks and appreciation to Chris Freeman of Chisholm Institute of Technology for providing vital information needed to incorporate latest features. Version 2.02 Additional (undocumented) Safety Checks and warnings incorporated. Version 2.01 Auto-generation of Rescue disk (licensed versions only) Version 2.00 Self-Protecting version Version 1.01 works on large DOS partitioned disks and DOS 4.00+. Version 1.00 did not work with large partitioned disks or DOS 4.00+ -------------------------------------------------------------------- D I S C L A I M E R cALMER Utilities hereby disclaims all warranties relating to this software, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. cALMER Utilities will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if cALMER Utilities or an agent of cALMER Utilities has been advised of the possibility of such damages. In no event shall cALMER Utilities' liability for any damages ever exceed the price paid for the license to use the software, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software. .end of document nby.doc