Dec 122017
 
Detect any changes in files for virus's.
File DETECT.ZIP from The Programmer’s Corner in
Category System Diagnostics
Detect any changes in files for virus’s.
File Name File Size Zip Size Zip Type
DETECT.COM 20935 7056 deflated
DETECT.DOC 42172 11355 deflated
REL1_2.TXT 578 359 deflated

Download File DETECT.ZIP Here

Contents of the DETECT.DOC file






















THE DETECTIVE

Version 1.2



File Tracking and Virus Detection for the IBM
Personal Computer and Other Compatibles

---------



User's Manual


(c) 1988 PC SOFT-TECH
































Table of Contents




Introduction/Installation...................................1

How to Use THE DETECTIVE....................................2


FILE TRACKING:
--------------

"JUST THE FACTS MA'AM" (The Importance of File Tracking)....3

The "SURVEILLANCE" (File Tracking with THE DETECTIVE).......4

"THE DETECTIVE" Reports.....................................6


VIRUS DETECTION:
----------------

The "CRIME" (What is a VIRUS?)..............................7

The "INVESTIGATION" (How a Virus Detector Works)............8

"ON THE CASE" (How to Invoke the Virus Detector)...........11

"THE EVIDENCE" (Report Generated from Virus Detector)......12



APPENDICES:
-----------


System Requirements.........................................A

A word from the Author......................................B

Disclaimer..................................................C

Registration................................................D

Sample files created by THE DETECTIVE.......................E



















PAGE 1

-- Introduction --

THE DETECTIVE is a program which allows a user to verify the
integrity of files on his or her PC. THE DETECTIVE works on
systems which are stand along, or work as file servers for a
network. Changes made to critical files (whether they are
unintentional or intentional) can be detected quickly and
accurately. This all in one program not only can protect
from viral infection, but also can allow the user to quickly
review critical files on the system for any updating which may
have occurred since the last review. As the PC world grows in
size, connectivity and multi-user environments, this becomes
more and more important.

THE DETECTIVE is available in two formats. The first is as
free-ware from many public bulletin board systems. The second
is through registration by sending $25.00 for a diskette
containing the programs (see Appendix D for order form).
Registered versions of THE DETECTIVE are available on 3 1/2"
and 5 1/4" diskettes.

NOTE: THE FREE VERSION OF THE DETECTIVE WILL NOT PROCESS THE
ROOT DIRECTORIES OF ANY DISK DRIVE. IF YOU HAVE DONE A GOOD
JOB OF DISK MANAGEMENT, THE ROOT DIRECTORY SHOULD CONTAIN 3
PROGRAMS ONLY (COMMAND.COM, IBMBIO.COM, AND IBMDOS.COM). WE
REALIZE THAT THESE ARE THE MOST IMPORTANT PROGRAMS IN YOUR
SYSTEM, BUT WE BELIEVE THAT QUALITY SOFTWARE IS WORTH A PRICE.
THE DETECTIVE IS NOT EXPENSIVE, ESPECIALLY WHEN COMPARED TO
THE COST THAT A VIRUS CAN INCUR.

-- INSTALLATION --

THE DETECTIVE should be installed into its own directory and
will always look for and create its files in the drive/
directory from where it was invoked. If you create a
directory called DETECT and always invoke THE DETECTIVE from
that directory, you will have no problems. If, on the other
hand, you invoke THE DETECTIVE from the root directory the
first time, and from another directory on a subsequent run,
THE DETECTIVE will not be able to find the required file
(DETECT.NEW) and will abort.

To install THE DETECTIVE on the hard drive of your PC, you
must first create a directory for the programs. First make
sure you are in the root directory and create a sub-directory
called DETECT. Put THE DETECTIVE diskette in Drive A: and
follow these steps:

Go to Root Directory, type "CD \" (enter)
Create DETECT Directory, type "MD DETECT" (enter)
Make DETECT Directory current, type "CD \DETECT" (enter)
Copy DETECTIVE to hard disk, type "COPY A:*.* C:" (enter)

THE DETECTIVE (DETECT.COM & DETECT.DOC) is now ready for use.










PAGE 2

-- HOW TO USE THE DETECTIVE --

THE DETECTIVE is both a file tracker and optionally a virus
detecter. Issuing the command "DETECT" causes the program to
prompt the operator for the drives to be checked, whether
virus detection is to be done, and the file extensions to
track. These options are recorded in the file DETECT.NEW.
Subsequent runs to check for any differences is done by
issuing the command "DETECT C" which extracts the options
from DETECT.NEW and runs without any operator intervention.
If, on your first run, you opted for no virus detection and
now wish to include virus detection, you have run THE
DETECTIVE by issuing the command "DETECT".


If a user wishes to do both file tracking and virus detection
at different times, he or she should set up two separate
directories such as TRACK and DETECT and put a copy of THE
DETECTIVE in each. This way, depending on the current
directory, either file tracking of virus detection can be run.












































FILE TRACKING PAGE 3
-------------

-- JUST THE FACTS MA'AM --
(The Importance of File Tracking)

File Tracking today is more important than ever. Even a system
known to be virus free can have problems caused by users making
changes to files which affect the PC's operation. Take the
case of a rare and inexperienced PC user inadvertantly deleting
or moving a critical file. Or the case of a user getting on the
network and changing a batch file needed by others users. Even
normal updates to existing files can be important to detect.

With systems the size of PC's today, it can be very difficult
for an operator to detect these and other subtle changes to
the system on a timely basis, especially if limited to the DOS
environment with commands such as 'Dir'. THE DETECTIVE is
designed to give operators a method of easily checking out
what changes have been made to the system in an efficient,
timely manner.

By invoking THE DETECTIVE on a regular basis, the operator can
request that all changes made to any (or those designated)
files, on any or all drives which have been changed or updated
since the last time THE DETECTIVE ran, be highlighted in a
consise report format in the DETECT.RPT file. This file can
be saved for future reference as well as be printed
immediately.

One client we support has well over 100 programs and batch
files that we change periodically. When it comes time to
produce a new release of the system, we run THE DETECTIVE and
it tells us everuthing that has changed and thus what we mus
update in the next release of the software.

Another by-product of THE DETECTIVE is the ability to know
what software is being used on a specific computer. If you
are using THE DETECTIVE in a business environment and have
expensive word processors, spreadsheets, or data base
managers, and you find that the files created by these
products are not changing, you can pretty well assume that the
products are not being used very often and may wish to
reexamine the need for the software product on a specific
machine.

And NOTE: THE DETECTIVE automatically keeps itself up to date
each time it is run. This means the operator doesn't have to
re-establish a base file by re-running the programs a second
time each time he or she checks for changes.
















FILE TRACKING PAGE 4
-------------

-- THE SURVEILLANCE --
(File Tracking with THE DETECTIVE)

File tracking with THE DETECTIVE is simple and fast. When
doing file tracking without virus detection, the computer
does not do any of the CRC checking associated with virus
detection. However, any and all files with a change (based
upon the file extensions requested) in size, date, or time
will be reported as well as any added, deleted, or changed
files.

The first time THE DETECTIVE is run for file tracking
purposes, the user simply types "DETECT" at the DOS prompt from
the directory containing the DETECT.COM file. The main screen
of THE DETECTIVE will appear and the user will be prompted for
the drives to be checked. Up to 5 different drives may be
checked. After the user has entered all the drives to be
checked, he or she will be prompted as to whether or not the
user wants virus detection. Type "N" for file tracking
purposes. The user will then enter the file extensions of the
files to be checked. Up to 10 extensions may be entered. An
asterisk (*) may be entered as a wildcard to check all files
on the drives specified. Once this is done, THE DETECTIVE
will sort through all the directories on the specified drives
and check all specified file extensions. The file DETECT.NEW
will be created with all data found in this check.

Subsequent runs are done by typing "DETECT C" from the DOS
prompt. The 'C' indicates that THE DETECTIVE should perform a
check against the DETECT.NEW file that exists in the current
directory. If the 'C' is not supplied, THE DETECTIVE will
only create a new base file (DETECT.NEW).

Whenever THE DETECTIVE is run, it will search for DETECT.NEW
and rename it to DETECT.OLD. If the program would be
interrupted by control-c, a power outage, or an abort issued
by THE DETECTIVE, you can rename DETECT.OLD to DETECT.NEW so
you will not lose the snapshot from the last run.

It may be important to know exactly when THE DETECTIVE issues
this rename:

If invoked as "DETECT": DETECT.NEW is not renamed to
DETECT.OLD until after all options have been entered and
processing against the drives has started.

If invoked as "DETECT C": DETECT.NEW is not renamed to
DETECT.OLD until after the options from the last run have
been extracted from DETECT.NEW. If DETECT.NEW has been
corrupted, THE DETECTIVE will abort.













FILE TRACKING PAGE 5
-------------

-- THE SURVEILLANCE -- (con't)

THE DETECTIVE will create the report file DETECT.RPT only
during the checkout process (DETECT C). If DETECT.RPT exists,
it will be deleted and a new one created, again in directory
from where THE DETECTIVE was invoked.

THE DETECTIVE can be run from a batch file. THE DETECTIVE
has to go through the entire tree structure of each drive, but
will always return to the directory where it started from. So
if invoked from a batch file, no special commands are required
to reposition yourself to a specific directory. THE DETECTIVE
will also set the ERRORLEVEL to 1 if any errors are detected
so your batch file can pause, exit or do anything you specify
if a problem occurs.
















































FILE TRACKING PAGE 6
-------------

-- THE DETECTIVE REPORTS --

As noted in the previous section, THE DETECTIVE will create
the report file DETECT.RPT only during the checkout process
(DETECT C). If DETECT.RPT exists, it will be deleted and a
new one allocated, again in directory from where THE DETECTIVE
was invoked.

The DETECT.RPT file can be stored on the user's hard disk as
well as printed on his or her printer. The report will list
the start and end time of THE DETECTIVE file check. It will
also list any file that has changed since the last time THE
DETECTIVE was run (added, deleted, changed).

The Report has the following format:



DETECT STARTED AT 23:20 ON 09-07-88 VERSION 1.2

Report of differences since last run

FILE EXT BYTES DATE TIME CRC1 CRC2


DIRECTORY: C:\
ADDED FILE: TIMER COM 1394 1-01-88 12:19a 0000 0000

DIRECTORY: C:\FIXDISK
DELETED FILE: MENU BAT 128 4-15-88 2:34p 0000 0000

DIRECTORY: C:\MCXXXX\DATAFILE
CHGE FILE FROM: ORDERS DAT 14306 7-27-88 5:40p 0000 0000
TO: ORDERS DAT 15978 7-29-88 10:15a 0000 0000


THE DETECTIVE ENDED AT 23:30 ON 9-07-88


























VIRUS DETECTION PAGE 7
---------------


-- THE CRIME --
(What is a Virus)

A computer virus is a piece of program code that exists within
an otherwise normal program. When this program is run, the
viral code seeks out other programs within the computer and
replicates itself. The other programs can be anywhere in your
system and can even be the operating system itself. This
infection can grow geometrically depending on the number and
different types of programs you run (1 program infects 2, 2
infect 4, 4 infect 8...). At a given point in time or based
on some other external triggers such as the number of times
the program was run, the amount of free disk space is reduced
to below 10%, or any of a million other circumstances, the
viral code goes to work doing what it was intended for. It
could be as harmless as blanking your screen or as vicious as
formatting your hard disk and everything inbetween is
possible.

The concern over viruses has grown enormously over the past
year and even IBM and NASA has been infected. You would think
(or hope) that high security installations like NASA would be
free from infections, but the fact of the matter is that it
can happen to any computer, no matter how hard you try to
prevent it.

There is some software on the market today that tries to stop
viruses from spreading by monitoring disk access and only
allowing authorized updates. The biggest problem with these
is that they are doing this monitoring while your doing your
day-to-day work. You may not see any impact on performance
with a fast cpu and disk, but not everyone has that sort of
equipment. A bigger problem is that some viruses are created
knowing what and how these monitor programs work. Once
knowing this the virus can circumvent the protection process.

We by no means imply that these viral-fighting programs are
less than adequate, but only want you to know that regardless
of the precautions, a virus can still infect your system.























VIRUS DETECTION PAGE 8
---------------


-- THE INVESTIGATION --
(How the Virus Detector works)


THE DETECTIVE is 3000 lines of assembler language code
(and thus very fast) that takes a snapshot of the disk
environment for up to 5 disk drives, each directory in each
drive, and each file in each directory. Up to 10 different
file extensions can be specified (I recommend EXE, COM, and
SYS as a minimum) or an asterisk can be used to snapshot all
files. The information is retained in read-only file
DETECT.NEW and consists of the following:

o Selection criteria (drive letters and file extensions)
o Each directory found on each drive
o Each file in each directory that matches the file
extensions specified
o The size, date, and time of each file
o A Standard CRC of each file
o An altered CRC of each file


In subsequent runs of THE DETECTIVE, the DETECT.NEW file is
renamed to DETECT.OLD and new DETECT.NEW is created using the
options from the previous run. After DETECT.NEW is created, a
comparison between DETECT.OLD and DETECT.NEW is done and all
differences are written to DETECT.RPT. The data in this
report file consists of the following:

o Reports all directories deleted
o Reports all files deleted
o Reports all directories added
o Reports all files added
o Reports the before and after statistics for all files
that have been modified


The CRC (cyclic redundancy check) is the key to knowing when a
virus has been detected. In order for viruses to remain
un-detected, they must not modify the file size or date. At
the time of this writing, we have heard of no viruses that do
not change the CRC of the file. Specifically, the CRC is a
process of taking the first byte within a file and through an
algorithm, apply a value of the next byte in the file to
derive a hexadecimal representation as of that byte in the
file. This process repeats until each byte of the file has
been applied to the algorithm.















VIRUS DETECTION PAGE 9
---------------


-- THE INVESTIGATION -- (con't)


THIS PRODUCT USES 2 DIFFERENT CRC ALGORITHMS. If, in the
unlikely chance, some virus gets through one, it will be
caught in the second. For those of you that are familiar with
the virus problem, Gilmore Systems of Beverly Hills California
has a program that will create a modified version of a file
that is different, but has the same CRC. They use this to show
you that a standard CRC is not good enough for true virus
detection. We ran their program called PROVECRC and then ran
THE DETECTIVE. THE DETECTIVE DID show that the file was
changed! One CRC was the same, but the second was not.

It would be ideal to install THE DETECTIVE on a system known
to be virus free, but this is most often not the case (your
system is most likely to be virus free, but you cannot be
sure). In this case you will use DETECT.RPT to let you know
if a program has been changed that should not have. Once
knowing this you will obviously want to re-install the
infected programs, and then run THE DETECTIVE more often while
logging the programs used. This process will narrow down the
possible programs that may contain the virus and possibly
narrow it down to the specific program if you are diligent in
your efforts. Regardless of whether your system is known to
be virus free or not, and once suspecting you have been
infected, the very first course of action is to look at
DETECT.RPT and see if any new programs have been installed and
determine if they came from a reliable source. Software
purchased from reliable sources and vendors should be virus
free. Software from a bulletin board, friends, or the black
market is much less reliable.






























VIRUS DETECTION PAGE 10
---------------

-- THE INVESTIGATION -- (con't)

The way THE DETECTIVE differs from most other anti-viral
products that we have seen (other than using 2 different CRC
algorithms as described earlier), is that it automatically
keeps itself up-to-date every time you run it. Other products
make you run their program one time to setup a base file, and
a subsequent run to check if any differences have occurred.
At this point you then have to run the program to setup a new
base file. Other products written in some higher level
languages such as C or PASCAL, are actually quite slow. THE
DETECTIVE is written in assembler and on an 8mhz machine with
a 60ms, 20 megabyte disk drive will process the entire 20
megabytes in about 20 minutes. On an IBM PS/2 Model 60, it
will process the 20 megabytes in roughly 5-6 minutes (Keep in
mind that every byte of every file has to be read).















































VIRUS DETECTION PAGE 11
---------------

-- ON THE CASE --
(How to Invoke the Virus Detector)

After installing THE DETECTIVE, the first invocation is done
by simply typing "DETECT" from the DOS prompt. Subsequent
runs are done by typing "DETECT C" from the DOS prompt. The
'C' indicates that THE DETECTIVE should perform a check
against the DETECT.NEW file that exists in the current
directory. If the "C" is not supplied, THE DETECTIVE will
only create a new base file (DETECT.NEW).

Whenever THE DETECTIVE is run, it will search for DETECT.NEW
and rename it to DETECT.OLD. If the program would be
interrupted by control-c, a power outage, or an abort issued
by THE DETECTIVE, you can rename DETECT.OLD to DETECT.NEW so
you will not lose the snapshot from the last run.

It may be important to know exactly when THE DETECTIVE issues
this rename:

If invoked as "DETECT": DETECT.NEW is not renamed to
DETECT.OLD until after all options have been entered and
processing against the drives has started.

If invoked as "DETECT C": DETECT.NEW is not renamed to
DETECT.OLD until after the options from the last run have
been extracted from DETECT.NEW. If DETECT.NEW has been
corrupted, THE DETECTIVE will abort.


THE DETECTIVE will create the report file DETECT.RPT only
during the checkout process (DETECT C). If DETECT.RPT exists,
it will be deleted and a new one created, again in directory
from where THE DETECTIVE was invoked.

THE DETECTIVE can be run from a batch file. THE DETECTIVE
has to go through the entire tree structure of each drive, but
will always return to the directory where it started from. So
if invoked from a batch file, no special commands are required
to reposition yourself to a specific directory. THE DETECTIVE
will also set the ERRORLEVEL to 1 if any errors are detected
so your batch file can pause, exit or do anything you specify
if a problem occurs.




















VIRUS DETECTION PAGE 12
---------------


-- THE EVIDENCE --
(Report Generated from Virus Detection)


The report generated in the DETECT.RPT file under virus
detection is very similar to that of file tracking. The only
difference is that the report will show file changes
discovered by the 2 CRC checks as well as all the others.


DETECT.RPT has the following format:

THE DETECTIVE STARTED AT 15:54 ON 08-14-1988 VERSION 1.2

Report of differences since last run

FILE EXT SIZE DATE TIME CRC1 CRC2

DIRECTORY: C:\ARC
DELETED FILE: A86STUFF ARC 429056 7-22-88 12:44p A7B8 49A1

DIRECTORY: C:\MCQCOMM
ADDED FILE: W0001001 WRK 15196 5-25-88 8:53p 71C7 05BA

DIRECTORY: C:\MCQXXX\DATAFILE
ADDED FILE: MC DAT 1258 8-14-88 3:49p BD0C 6BDF
ADDED FILE: MC IDX 63 8-14-88 3:49p 3566 249F
DELETED FILE MCALT IDX 84 8-14-88 3:49p 1D0D A5D0
ADDED FILE: MF DAT 1206 8-14-88 12:32a 27B4 5117
ADDED FILE: MF IDX 90 8-14-88 3:47p 7408 A9C0
CHGE FILE FROM: SCREEN DAT 81031 8-13-88 5:23p 5F80 4DCC
TO: SCREEN DAT 84621 8-13-88 11:07p A7B3 A300

DIRECTORY: C:\MCQXXX\PROCS
CHGE FILE FROM: INDEXES 742 5-12-88 10:08p C524 D41E
TO: INDEXES 1059 8-14-88 3:47p 811F 9AC0

DIRECTORY: C:\MCQXXX\PROGRAMS
CHGE FILE FROM: FILEBLD WB 2998 5-12-88 9:45p 1CCE 4EA1
TO: FILEBLD WB 3835 8-14-88 12:23a AB26 044F
ADDED FILE: MCMAINT WB 9565 8-14-88 12:31a F955 3EFA
ADDED FILE: MCRPTA WB 4639 8-14-88 1:11a E575 910F
ADDED FILE: MCRPTB WB 12617 8-14-88 1:15a 7B1B 2F08
ADDED FILE: MCRPTC WB 6034 8-14-88 1:30a 2911 B8A4
DELETED FILE: MCRPTD WB 12688 8-14-88 1:42a 2499 DFAA
CHGE FILE FROM: MENU WB 5944 7-25-88 8:52p 82F2 3A44
TO: MENU WB 6159 8-13-88 10:16p E46E D09C

THE DETECTIVE ENDED AT 16:10 ON 08-14-1988













APPENDICES APPENDIX A
----------

-- SYSTEM REQUIREMENTS --


THE DETECTIVE has been successfully run using DOS 2.0 through
DOS 3.3 and has been run on the following machines (not all
versions of DOS on all machines):

o IBM PC
o IBM XT
o IBM XT/286
o IBM AT
o IBM PS/2 Model 50, 60 and 80
o Compac Deskpro
o Leading Edge Model D
o Panasonic Business Partner

THE DETECTIVE has a color display while running and works
well using Monochrome, CGA, EGA, and VGA adapters/monitors.













































APPENDICES APPENDIX B
----------


-- A WORD FROM THE AUTHOR --


We had been looking for quite some time to find a virus
protection package that would be most suitable for our needs.
Three problems were evident in nearly all other software we
had tried:

1. The software would not update its base file on subsequent
runs. This meant that after running the checkout
process, we would have to re-run the program to re-create
the base file and keep our system up to date.

2. Most other software was actually quite slow. Time is
money and since we use our computer to support other
clients, we found it bothersome to tie up the computer
for well over an hour.

3. Most other software packages (and other non-virus
detecting software) would work on one drive at a time
only. This is one of our pet peeves and it really bothers
us that so much software is like that. With DOS's limit
of 30 meg per drive and with so many larger drives and
multi-drive systems, software that functions on more than
one drive is a must. (A popular and quite useful file
find utility works on the current drive only. We will be
making our own version of this that will search all drives
on the system.)


Since we could not find a satisfactory product, we decided to
write our own. We took the extra time and effort to write it in
assembler and feel that the result was well worth the time and
aggravation spent.


We also thought long and hard as to what other by-products
could be gained while performing the virus detection and found
that virus detection itself was the by-product. For us,
knowing what files and programs have been added, deleted, or
changed in any way is most important. This may not be the
case for you, but after using THE DETECTIVE for some time,
you will find it to be quite useful for a variety of other
tasks.


















APPENDICES APPENDIX C
----------


-- DISCLAIMER --


The following disclaimer should be viewed as a legal
obligation on our part to protect ourselves. We by no means
imply that THE DETECTIVE is flawed in any way. We have every
intention to make modifications and enhancements to ensure
that THE DETECTIVE is the best possible product. If you are
having problems with THE DETECTIVE or suspect that it may be
flawed in any way, notify us and we will make the necessary
changes as soon as possible, and distribute it accordingly.




THE DETECTIVE is distributed as is, with no guarantee that it
will work correctly in all situations. In no event will the
Author be liable for any damages, including lost profits, lost
savings or other incidental or consequential damages arising
out of the use of or inability to use this program, even if
the Author has been advised of the possibility of such
damages, or for any claim by any other party.


THE DETECTIVE distribution package, consisting of the
program and documentation file are copyright (c) 1988 by Tim
OBrien and PC SOFT-TECH. The author reserves the exclusive
right to distribute this product, or any part thereof, for
profit.


Under NO CIRCUMSTANCES may modified versions or dis-assembled
versions be distributed, either for profit or in the public
domain.


User's groups, clubs, libraries and clearing houses are
authorized to distribute the FREE version of THE DETECTIVE
pursuant to the following conditions:

1. No charge is made for the software or documentation. A
nominal distribution fee may be charged, provided that it
is no more that $5 total.
2. The program and documentation are distributed together
and are not modified in ANY way.

















APPENDICES APPENDIX D
----------


-- REGISTRATION --


Once you become a registered user of THE DETECTIVE, you will
receive a new version of THE DETECTIVE which will include
root directory files in the virus detection process. You will
also receive the following benefits:

o Support by phone, mail, or through our bulletin
board system. Support will only be provided to
registered users.

o Notice of significant upgrades and bug fixes. You will
be notified by mail for any such updates. There will be
no charge for updates as long as you send us a diskette
and return postage. You can also receive a free update
through our private bulletin board.


Each copy of THE DETECTIVE is registered for use on one
computer only and a registered copy is required for each
additional computer. The price breakdown is given below:


Copies Price Per Copy
--------- ----------------
1-50 $25.00
51-100 $21.00
101-500 $17.00
500+ $14.00


The registered version of THE DETECTIVE can be used in
commercial, educational, and governmental institutions.


The free version of THE DETECTIVE is expressly prohibited for
use in commercial, educational, and governmental institutions
except for the purpose of evaluation.
























APPENDICES APPENDIX D
----------


-- REGISTRATION FORM --


Please send me a copy of the current full version of THE
DETECTIVE and add me to the list of registered users, to be
eligible for support and update notices.


Computer Model: ___________________________________________

Quantity by
Diskette Type: _______ 5.25 in. ________ 3.5 in.




Company Name: ________________________________________________

Your Name: ________________________________________________

Title: ________________________________________________

Address: ________________________________________________

City, State, Zip: ________________________________________________

Phone: ________________________________________________




Any initial comments about THE DETECTIVE? _______________________
_________________________________________________________________
_________________________________________________________________

Where did you hear about THE DETECTIVE? _________________________
_________________________________________________________________
_________________________________________________________________



Send registration form and check or money order to:

PC SOFT-TECH
P.O. Box 742
Mequon, Wi. 53092
(414) 241-9119















APPENDICES APPENDIX E
----------

-- SAMPLE FILES CREATED BY THE DETECTIVE --


DETECT.NEW and DETECT.OLD both have the following format:


THE DETECTIVE STARTED AT 17:24 ON 08-13-1988 VERSION 1.2

**Building New Base File**

DRIVES BEING CHECKED: C D

VIRUS DETECTION Y OR N: Y

FILE EXTENSIONS BEING CHECKED: *

DIR FILE EXT SIZE DATE TIME CRC1 CRC2

DIR: C:\
FILE: AUTOEXEC BAT 441 8-11-88 3:36p 2E58 3E5A
FILE: COMMAND COM 23791 12-30-85 12:00p 0661 007A
FILE: CONFIG SYS 250 8-11-88 5:28p 6A61 F3E1
FILE: IBMBIO COM 16369 12-30-85 12:00p 2C75 4902
FILE: IBMDOS COM 28477 12-30-85 12:00p E8E8 A49C
FILE: TREE QCD 1890 8-11-88 9:34p EA2F 44B4

DIR: C:\A86
FILE: A86 COM 22006 6-06-88 9:52p DC1C 18D4
FILE: D86 COM 17293 6-06-88 10:13p 9924 A6CB
FILE: EDIT BAT 13 7-25-88 4:15p F517 3EF1
FILE: MAKE BAT 14 8-09-88 4:22p 5771 F0A5

DIR: C:\A86\A86DOCS
FILE: DOCS ARC 223587 7-24-88 12:31a 8B94 341D

DIR: C:\A86\A86FILES
FILE: A86FILES ARC 54107 8-09-88 12:25a 818C 4A9F

. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .


















APPENDICES APPENDIX E
----------

-- SAMPLE FILES CREATED BY THE DETECTIVE -- (con't)

DIR: D:\UTIL
FILE: ANSWER COM 308 2-03-86 9:33a 3CEE 5FEA
FILE: ASK COM 512 10-30-84 10:09a 236E DB02
FILE: B COM 4352 3-19-86 11:27a C030 3D0A
FILE: BEEP EXE 5324 3-01-87 4:00p 3B47 CB29
FILE: TREE COM 512 10-07-87 5:49p 1438 E628
FILE: VPRINT COM 4500 3-23-88 8:56p 7F39 5E2C
FILE: VSI COM 16678 4-13-86 3:23p 854C 44A0

THE DETECTIVE ENDED AT 17:40 ON 08-13-1988




DETECT.RPT has the following format:

THE DETECTIVE STARTED AT 15:54 ON 08-14-1988 VERSION 1.2

Report of differences since last run

FILE EXT SIZE DATE TIME CRC1 CRC2

DIRECTORY: C:\ARC
DELETED FILE: A86STUFF ARC 429056 7-22-88 12:44p A7B8 49AE

DIRECTORY: C:\MCQCOMM
ADDED FILE: W0001001 WRK 15196 5-25-88 8:53p 71C7 05B3

DIRECTORY: C:\MCQXXX\DATAFILE
ADDED FILE: MC DAT 1258 8-14-88 3:49p BD0C 6BD9
ADDED FILE: MC IDX 63 8-14-88 3:49p 3566 249D
DELETED FILE MCALT IDX 84 8-14-88 3:49p 1D0D A5D3
ADDED FILE: MF DAT 1206 8-14-88 12:32a 27B4 5112
ADDED FILE: MF IDX 90 8-14-88 3:47p 7408 A9C0
CHGE FILE FROM:SCREEN DAT 81031 8-13-88 5:23p 5F80 4DC4
TO: SCREEN DAT 84621 8-13-88 11:07p A7B3 A30F

DIRECTORY: C:\MCQXXX\PROCS
CHGE FILE FROM:INDEXES 742 5-12-88 10:08p C524 D41B
TO: INDEXES 1059 8-14-88 3:47p 811F 9ACC

DIRECTORY: C:\MCQXXX\PROGRAMS
CHGE FILE FROM:FILEBLD WB 2998 5-12-88 9:45p 1CCE 4EA4
TO: FILEBLD WB 3835 8-14-88 12:23a AB26 044D
ADDED FILE: MCMAINT WB 9565 8-14-88 12:31a F955 3EF9
ADDED FILE: MCRPTA WB 4639 8-14-88 1:11a E575 9101
ADDED FILE: MCRPTB WB 12617 8-14-88 1:15a 7B1B 2F0A
ADDED FILE: MCRPTC WB 6034 8-14-88 1:30a 2911 B8AA
DELETED FILE: MCRPTD WB 12688 8-14-88 1:42a 2499 DFAD
CHGE FILE FROM:MENU WB 5944 7-25-88 8:52p 82F2 3A44
TO: MENU WB 6159 8-13-88 10:16p E46E D091










APPENDICES APPENDIX E
----------

-- SAMPLE FILES CREATED BY THE DETECTIVE -- (con't)


ADDED DIRECTORY: C:\MCQXXX\TIM
ADDED FILE: LISTPGM WB 1691 7-20-88 9:03p 8632 22F3

DELETED DIRECTORY: C:\NEW
DELETED FILE: VIRUS COM 20340 8-09-88 4:44p B158 B8AA
DELETED FILE: VIRUS NEW 1200 8-10-88 7:41p 9DB2 399C
DELETED FILE: VIRUS OLD 1200 8-09-88 6:25p 63E0 D2AA
DELETED FILE: VIRUS RPT 480 8-10-88 7:41p 75BF 0A7F

DIRECTORY: C:\OBDOS
CHGE FILE FROM:UNARC BAT 63 8-13-88 9:06p C5EA 3EA2
TO: UNARC BAT 63 8-13-88 9:06p 1DCB 5AE0

THE DETECTIVE ENDED AT 16:10 ON 08-14-1988





 December 12, 2017  Add comments

Leave a Reply