Category : System Diagnostics for your computer
Archive   : VIRX27.ZIP
Filename : VIREXPC.DOC

 
Output of file : VIREXPC.DOC contained in archive : VIRX27.ZIP










VIREX FOR THE PC

DATAWATCH CORPORATION

TRIANGLE SOFTWARE DIVISION











TABLE OF CONTENTS
=================

CHAPTER 1 : HOW TO CONTACT DATAWATCH

CHAPTER 2 : DOWNLOADING PRODUCT UPDATES FROM THE DATAGATE BBS

CHAPTER 3 : VIREX FOR THE PC OVERVIEW

CHAPTER 4 : INSTALLING VIREX FOR THE PC

CHAPTER 5 : USING THE VPCSCAN PROGRAM

CHAPTER 6 : USING THE VIREX TSR

CHAPTER 7 : USING VIREX FOR THE PC IN A NETWORK ENVIRONMENT

CHAPTER 8 : USING VIREX FOR THE PC IN A WINDOWS ENVIRONMENT

CHAPTER 9 : SAFE COMPUTING PRACTICES

CHAPTER 10 : REMOVING A BOOT SECTOR VIRUS

APPENDIX A : THE EXTERNAL VIRUS SIGNATURE FILE











C H A P T E R 1 :
HOW TO CONTACT DATAWATCH

If you find a new virus, it is important that we learn about it, so that
we can update Virex for the PC to provide treatment for it. You can reach
Datawatch at:

Datawatch Corporation
Triangle Software Division
P.O. Box 51489
Durham, NC, 27717
Telephone: (919)490-1277
Fax: (919)490-6672

You can contact Datawatch on the following services:
AppleLink DATAWATCH
CompuServe 73407, 1751
America Online VIREX1 & DWTECH
Genie DATAWATCH
BBS 919-419-1602 (8-N-1)
INTERNET [email protected]

Please indicate a daytime telephone number where you can be
reached. For technical assistance, or if you find a new virus, please
contact us. Techical support requires a valid registration number.





C H A P T E R 2 :
DOWNLOADING PRODUCT UPDATES FROM THE DATAGATE BBS

You can download Virex for the PC updates from from our dial-in service
called DataGate. DataGate is a BBS (Bulletin Board Service) and you may
dial into it by using any communications program on your PC and a modem.
Set up your communications program for 8 data bits, no parity, 1
stop bit and ANSI or TTY emulation. DataGate supports speeds from 300 to
14,400 bps.

DataGate's primary purpose is support to YOU. As soon as you enter the
board you can find answers to your technical questions in our Questions
and Answers Bulletin area, download product updates and new
programs, and much more.

In addition to Datawatch customer support, DataGate also has many DOS,
Windows and other utility files available for download. To download the
latest version of Virex for the PC, type the following at the Main Menu:

d VIRX??.ZIP

Select your download protocol and the download process will begin.
Help is always available by typing: H where ever you get
stuck and need assistance.

Your comments and suggestions on the service that this BBS provides
are always welcome, and we look forward to reading your
suggestions. You may leave us a message by typing C at
the Main Menu, outlining your ideas.


PLEASE REMEMBER THAT VIREX FOR THE PC IS NOT FREEWARE! You can purchase and
register this software directly through Datawatch or or you may obtain it from
any authorized retailer.


C H A P T E R 3 :
VIREX FOR THE PC OVERVIEW

The two programs of the Virex for the PC package that provide comprehensive
protection against viruses are VPCScan and Virex.

VPCScan:
Identifying Known Viruses and Repairing Files

VPCScan (VPCSCAN.EXE), is a utility program that scans files and memory for
known viruses. VPCScan recognizes the code signatures of known PC viruses and
alerts the user if it finds one.

Repairing Files
VPCScan repairs files infected by common viruses. If VPCScan has
a disinfector for a virus that it finds, it will offer to repair the infected
file. If it has no disinfector, it will offer to delete the infected file.
Though VPCScan does not have disinfectors for all of the viruses it
can detect, the viruses it can disinfect are estimated to cause the majority of
the infections in PC software.

Inoculation Feature
VPCScan also repairs files with its inoculate feature. The inoculate
feature can disinfect all known boot sector viruses and almost all file
infectors, as well as many unknown viruses.

Virex:
Efficient, Continuous Monitoring of the PC System

Virex (VIREX.COM) is a terminate and stay resident (TSR) program that
provides continuous virus protection. Virex alerts the user:

1: when an attempt is made to run a program that is infected
with a known virus.

2: when an attempt is made to run a program that has had a
change to its unique checksum signature.

These two features provide efficient protection against unknown
viruses by checksum monitoring, and against known viruses by scanning
programs on execution. This virus protection uses less than 1KB of
RAM memory.





C H A P T E R 4 :
INSTALLING VIREX FOR THE PC

The installation procedure places VPCScan and the VIREX.COM
TSR on your hard drive, and automatically creates your Inoculation set.
You need not install Virex for the PC if you wish only to use VPCScan, as
this application can be used from any drive, directory or floppy.

Installation procedure
You should install Virex for the PC on a virus free system. Prior to
installing Virex for the PC, scan your existing files for known viruses
with VPCScan. (See Chapter 5 for detailed instructions on how to use
the VPCScan program.)

1: Have the Virex for the PC files uncompressed and available on a clean
write protected diskette.

2: Boot your machine from a clean, write protected system floppy disk.
(THIS IS VERY IMPORTANT!!!)

Change to floppy drive where you will insert the Virex for the PC
diskette (e.g., type A: and press RETURN)

3: Scan all hard drives for known viruses with VPCScan.

Type: VPCSCAN \ -L
For example: VPCSCAN C:\ D:\ -L to scan the entire C: and D: drives


Once you have scanned and disinfected all of the files on your hard drives,
restart your computer by switching if off, waiting 10 seconds, and then
switching it on again to make sure that viruses in memory have been
eliminated. Do not simply press CTRL-ALT-DEL to reboot. Some viruses have
the ability to survive this type of reboot.

Running the Install program
Use the batch file Install program to install Virex for the PC. The
installation procedure creates the inoculation set and copies the necessary
programs to a \VPC directory on your C: drive. The Install program will
install only to a C: drive.

To install Virex for the PC:

1: Place a working copy of all Virex for the PC files that were downloaded
onto a diskette or into a temporary directory.

2: Change to the install drive or to the directory containing the Virex
for the PC files

e.g. A: if you have the information on a diskette in
the A: drive.

or

CD\TEMP to change to the directory \TEMP on your
current drive

3: Type INSTALL and press the RETURN key

The Install program automatically creates the \VPC directory on the C:
drive and copies all the needed file into it. If an old version of Virex
for the PC exists in C:\VPC, it will rename the old program names to *.OLD. If
files named *.OLD already exist, they will be deleted.

Once the Install program has finished copying files to C:\VPC it creates your
Inoculation set. The Inoculation set consists of two files that contain
valuable information about your hard drive and is used to restore information to
your hard drive in the event of a crash as a result of a virus. We STRONGLY
suggest copying these files to an emergency diskette, and then keeping that
diskette in a safe, accessible place. Please see the section "Making an
Emergency Diskette" in Chapter 5.

If you have additional hard drives (D:, E:, etc.), those drives should be
included in your inoculation set. To create an inoculation set for all drives:

1: Change to the \VPC directory on your C: drive by typing CD\VPC then
pressing the RETURN key when you are at the C: prompt.

2: Use VPCScan to create your inoculation set by typing:

VPCSCAN \ \ -I+

e.g. VPCSCAN C:\ D:\ E:\ -I+
assuming you have a C: D: & E: drive


If you intend to use the VIREX.COM TSR, there is an additional step
necessary to complete the installation.

Creating your VIREX.COM protection file.

The protection file used by the Virex TSR provides continous monitoring
of your machine against viruses. To create your protection file:

1: Change to the \VPC directory on your C: drive by typing CD\VPC then
pressing the RETURN key when you are at the C: prompt.

2: Use VPCScan to create the protection file for all drives by typing:

VPCSCAN \ \ -V+

e.g. VPCSCAN C:\ D:\ E:\ -V+
assuming you have a C: D: & E: drive


This procedure will scan and checksum the files on your drives and create the
VIREX.DAT file in C:\VPC. Once created, VIREX.COM will address this file as a
checksum base and monitor your drive for changes. This feature enables Virex to
diagnose an infection from an unknown virus.

Manual Installation

You can also install Virex for the PC manually by doing the following:

1. You must install to the C: drive. Create a directory on your C: drive
named "VPC" (you must use this name).

2. Copy VPCSCAN.EXE and VIREX.COM to the VPC directory. You may also copy
the document files if you wish.

3. Create an inoculation set using -I+, and then create a protection file
using -V+, as described above and in Chapter 5. You should create these
sets for as many hard drives as you have (D:, E:, etc.).

IMPORTANT: Both VIREX.COM and VPCSCAN.EXE must remain in the \VPC directory to
function properly together. You may rename the VIREX.COM file to another name
with a .COM extension, but VPCSCAN.EXE must not be renamed.

Loading VIREX.COM

You can load VIREX from the command line by typing: C:\VPC\Virex
Alternatively, you can have VIREX automatically start up whenever you turn
on your computer. To do this you will need to be familiar with a command line
editor such as DOS's EDLIN or EDIT. If in doubt, consult your DOS manual.

1: Change to the root directory of C: drive.
e.g CD\ RETURN at the C: prompt

2: Edit the AUTOEXEC.BAT file using your editor and add the following
lines towards the end of the file, but before any shell or user
interface, such as Windows.

C:\VPC\VIREX.COM

3: Save your changes to the AUTOEXEC.BAT and exit the editor.

4: Restart your computer





C H A P T E R 5 :
USING THE VPCSCAN PROGRAM

The Virex for the PC Install program copies the VPCScan program to
the \VPC directory on your C: drive. You can also copy this file to any
location using the DOS COPY command.

Scanning Existing Files for Known Viruses
To scan a file for the existence of known viruses:

1. Make the drive onto which you have copied VPCScan is the
current drive by typing : and pressing the RETURN key (for
example, if you copied VPCScan to the C: drive, type C: ).

2. Change to the directory where VPCScan is located by typing
CD\ and pressing RETURN (e.g., CD \VPC ).

3. Type VPCScan :, where
: indicates the drive, directory path, and
name of the file to be scanned (for example, VPCScan
C:GAMES\TOPSHELF.COM would scan the "TOPSHELF" file in the
"GAMES" directory on the "C:" drive). DOS wild card characters are
valid

4. Press the RETURN key.

If VPCScan finds a known virus it will alert the user and provide the
following options:

1. Disinfect - attempt to remove the virus from the original file
(if VPCScan knows how to disinfect files infected by this particular
virus)

2. Remove - erase the infected file

3. Ignore - leave the file as is

WARNING: A FILE BECOMES IRREVERSIBLY ALTERED DURING REPAIR AND ON OCCASION
CAN BE DAMAGED! Therefore, we strongly recommend that before attempting to
repair a file that VPCScan has identified as infected, you make a backup of
that file onto a floppy disk.

....... To scan a directory, specify :. For example,
VPCScan C:\GAMES
....... To scan a disk, specify :\. For example, VPCScan B:\
....... To scan multiple disks specify :\ :\. For example,
VPCScan C:\ D:\ E:\

VPCScan scans from the current directory down. It only
scans the entire disk if you start from the root directory or if you
specify :\. For example, VPCScan C:\.

Once you have scanned and disinfected all of the files on your hard
disk, restart your computer by switching it off, waiting ten seconds,
and then switching it on again (do not simply press CTRL-ALT-DEL to
reboot) to make sure that viruses in memory have been eliminated.

Reports
When VPCScan has finished examining your files for the presence of
known viruses it generates a report that details the results of its
examination. It indicates how many directories and files were
examined, how many files were found infected, how many files were
repaired, and how many files were deleted. It also indicates which
files were infected, and what viruses were found in those files.
The report can be sent to a printer or redirected to a file.

VPCScan Options
VPCScan has additional features that control how scanning is
conducted. These options are executed from the command line:

VPCSCAN : - (for example, VPCSCAN C:\ -M).

1. -L [LONG scan], scans the entire contents of a file. In its
usual operation, VPCScan limits its search to the areas
of a file that are most likely to be infected. The more
thorough search, however, takes more time.

2. -M [Disable MEMORY check], prevents VPCSCAN from searching
the system MEMORY of the computer for the presence of
viruses. This is a time saving feature.

3. -X [Scans first meg of memory], scans the entire first megabyte
of memory. Normally, VPCScan limits memory scanning to the
first 640K of memory that is accessible to DOS. Although
unlikely, a virus could infect the memory between 640K and
1 megabyte.

4. -A [ALL scan], instructs VPCScan to scan ALL file types,
including non-executable files such as text or spreadsheet
files. In its normal operation, VPCScan only searches
executable files (*.EXE, *.COM, *.SYS, and *.OV?). Viruses
can only cause damage when they are in executable files or
have infected a disk's boot sector. By using the -A option,
however, you can be sure that there are no known viruses in
any files on your computer. When the -A option is not specified
and VPCScan is instructed to scan a directory containing only
data files, it will return the message 0 files scanned. This
means that it did not find any executable files.

5. -O [DIR only scan], scans the specified directory ONLY and does
not examine any sub-directories.

6. -F [Single floppy scan], instructs VPCScan to scan a single floppy
disk. After VPCScan completes a scan of a floppy disk, the user
will be asked whether he/she wants to scan additional diskettes
The request to scan additional disks can be turned off with -F.
This feature is useful when operating VPCScan in batch
mode to scan a single disk.

7. -# [Virus list], lists all the viruses that VPCScan is currently
capable of detecting. Repair capability is noted by the term
"disinfector" in parentheses next to the virus name. To print
the virus listing type: VPCSCAN C:\ -#>PRN.

8. -R [Scan log], creates an audit file, named VPCSCAN.LOG, which
lists all VPCScan alerts and responses. This is to be used in
used in combination with the batch mode described below. You
may also specify a filename for the log by typing
-R (e.g., VPCSCAN -Rvirus creates a
file named VIRUS.LOG). The default log file is named
VPCSCAN.LOG.

9. -T [Warning disable], turns off the warning message that this
version scanner is more than 6 months old.

10. -!R [Registration], allows you to create personal registration file
with information provided by Datawatch after you have purchased
Virex for the PC. This will disable the screens that indicate
an unregistered copy. [See REGISTER.DOC]

11. -I(+) [Inoculate], creates or verifies an inoculation set and is
described fully under the section "The Inoculate Feature" in
this chapter.

12. -V(+) [Checksum Data], creates or verifies the file necessary for the
VIREX.COM TSR to monitor checksum changes. See "Creating a New
Protection File" and "The Checksum Verify Feature" in this
chapter.

To further customize scanning, the preceding options can be combined. For
example, to perform a long scan of the files in the current directory, type
VPCSCAN C:\ -O -L. The exception to this rule is that -V and -I cannot be used
together; they must be used individually. Note that there must be a space
between option codes.

Batch-mode Operation
When scanning a disk, VPCScan will alert the user every time a
virus is found, present several options (for example, Disinfect the file,
Remove the file, or Ignore the warning), and wait for a response.
VPCScan can also be operated in a batch mode, i.e., non-interactively. VPCScan
can be instructed to respond automatically to virus warnings in a predetermined
way during scanning. This feature is useful for system administrators who are
scanning large hard disks and do not want to be interrupted every time a virus
is discovered. Users who want to scan their computer at startup will also find
this feature useful. An optional audit trail provides a log of the viruses
found and action taken.

The VPCScan batch mode is executed from the command line:

VPCSCAN C:\ -B

  3 Responses to “Category : System Diagnostics for your computer
Archive   : VIRX27.ZIP
Filename : VIREXPC.DOC

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: http://www.os2museum.com/wp/mtswslnk/