home *** CD-ROM | disk | FTP | other *** search
- If your system has been infested by a virus, read the whole document !
-
- Protecting your system from viral attacks using NBY:
-
- NBY is a program designed to provide comprehensive protection against
- viral attacks. However, no matter what system you use to protect your
- computer, YOU are the only person who can assure that your system
- remains clean.
-
- Protection starts by installing NBY and adding your major programs to
- the NBY.CRC data file. This will ensure that those programs are
- checked once a day. Naturally, you MUST add NBY to your AUTOEXEC.BAT
- file.
-
- Only one thing is certain with any anti-virus software: There will be
- a virus out there which is NOT recognised by your anti-virus program.
- The authors of these things are as busy as the authors of anti-virus
- software, and, naturally, we as anti-virus authors, are always a step
- behind. We can not write the code to recognise the virus until the
- virus has been written.
-
- The latest series of viruses coming from overseas are getting to be
- very sophisticated indeed and detection becomes more difficult. In
- contrast to the E_C_46 (PK) virus which originated in Australia, a
- pathetic attempt by some twit out there to introduce a new virus. As
- the viruses increase in their complexity, so do the vaccines.
-
- Viruses can be transmitted in many forms. NBY allows you to check any
- type of file, i.e., executable files, data files etc. Because virus
- detection is based on a series of characters within files, there is
- always the possibility that a data file, by coincidence, contains an
- exact match of a virus signature.
-
- It is highly unlikely though that you would have a real virus in say
- an index file of your data-base, and yet, NBY will report that file as
- being a virus-carrier.
-
- In such an instance, you must think logically: If every file in a
- given directory has been identified as a virus carrier, program file
- or not, then, there is obviously a problem. If there is just ONE
- data-file, index file or the like, then, in all probability, it will
- be a coincidence and the file should NOT be removed.
-
- NBY writes a batch file which you can edit with any word processor or
- text editor, so you can delete individual lines in the file. The
- batch file 'DEL_VIRUS.BAT' resides in the same directory that NBY
- resides in.
-
-
- INFECTED, WHAT NOW ?
-
- Let us assume that your PC has been infected by a virus which attacks
- other programs. You will notice that immediately when you run any cALMER
- .EXE file. They warn you thereof and will no longer run. Here is what
- to do in such an instance:
-
- a) TURN PC OFF immediately.
-
- b) Get a W R I T E - P R O T E C T E D DOS Master disk, insert it
- in drive A and turn PC Back on again.
-
- c) Log onto Drive C:
-
- d) RENAME AUTOEXEC.BAT to A.BAT
-
- e) RENAME CONFIG.SYS to C.SYS
-
- f) COPY the entire DOS disk back into your DOS directory on your
- hard disk. (USE 'COPY' command, N O T 'xcopy'
-
- g) Put system back onto hard disk ('SYS C:')
-
- h) COPY COMMAND.COM back onto hard disk.
-
- i) REBOOT computer from HARD disk. If sucessful, it should ask
- for date and time. DO N O T run any programs !!!!
-
- j) Go into cALMER directory.
-
- k) COPY NBY.EXE to xxx.exe where xxx is the name you gave NBY earlier.
-
- l) RUN 'XXX' (NBY)
-
- m) RUN 'XXX C:\' and let NBY remove the infected files.
-
- n) RENAME A.BAT and C.SYS back to their original names.
-
- o) Reboot
-
- p) Restore all programs from printout AFTER CHECKING E V E R Y FLOPPY
- to ensure you are not carrying the virus back onto the hard disk.
-
- q) Be happy that you had a copy of NBY.
-
- If in doubt after a virus alert, call me to discuss the problem.
-
- Claude Almer
- cALMER Utilities
- Sydney, Australia
- [61+] (02) 482-1715
-
- or leave a message on the BBS:
- cALMER 1 [61+] (02) 482-1716 (2400 baud, No Parity, 8 Data Bits, 1 Stop Bit)
-
- .end of document virus.doc
-
-
-
-
-
-
-
-
-
