What's New in McAfee VirusScan Command Line for Windows NT Version 2.5.1 (9607) Copyright 1994-1996 by McAfee, Inc. All Rights Reserved. Thank you for using McAfee's VirusScan Command Line for Windows NT. This What's New file contains important information regarding the current version of this product. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. ___________________ WHAT'S IN THIS FILE - New Features - Known Issues - Installation - Documentation - Frequently Asked Questions - Contact McAfee ____________ NEW FEATURES * NEW VIRUSES DETECTED * This DAT file (9607) detects the 258 new viruses listed below. In addition, locations that have experienced problems with a particular virus are identified. _751 3DEVIL.A 3DEVIL.B ACE.1872 AGA.3000 AHAV.336 AIDS.872 ALEVIRUS.690 (Brazil) ALEVIRUS.1613 (Brazil) ALFONS.1536 ANARKEY.475 ANDREW AOS.833 AOS.847 AOS.854 ASMO.1800 AT.1648 ATC-321 AVATAR.POSITRON.512 BABOSE BADTOWN.684 BADTOWN.687 BE.451.B BIGDEATH.1153 BISHDKEY.4160 (*) BISHK.319 BISHKEKE.4240 (*) BISHOP.4240 (*) BLACKTIDE.2419 BLAD.1015 BLTD.2419 BODY.884 BUGS.282 CEIB.4629 CHER.2266 CIVIL IV.586 CMOS_DEATH.B COMPIAC.379 CONCEPT.E CONJURER CONZOULE.240 CORDOBES.3334 (Uruguay) COSENZA.3205 CRAZYFROG.1477 CREEPER.252 CRITTER.1015 CROATIA.683 DARK_APOCALYPSE.1600.B DARK_REVENGE.1024 DAYTON.792 DEADWIN.1228 (Bolivia) DEDA.1000 DEI.1780 DELTA.1163 (Brazil) DFLKFD DIALOGOS.1350 DIALOGOS.1522 DONB.444 DRD-4634 DRUID.1888 DVA.445 DVA.749 EATRITCH.946 EI-CUAREIM.800 ENJOY EPSILON.513 EUSK.811 EVC.161.D EXORCIST.212 FINDME FINPOLY.2368 (*) FIZZLE.313 FLYING.633 GATE GOSH.1831 GRREP H8.1173 HARE.7610 (*) (Internet) HARE.7750 (*) (Internet) HARE.7786 (*) HH HI.680 HI.764 HI.802 HLLC.4528 (*) HLLC.5000 (*) HLLC.8224 (*) HLLC.12573 (*) HLLC.14880 (*) HLLC.AIDS.8064 (*) HLLC.BOLEK.8096 (*) HLLC.CRAWEN.8306 (*) (Italy) HLLC.CRAWEN.8516 (*) HLLC.CUMULUS (*) HLLC.EIB.5000 (*) HLLC.ENRICO (*) HLLC.EVEN.PC (*) HLLC.EVENBEEP.B (*) HLLC.KRAD.4658 (*) HLLC.LANC.7376 (*) HLLC.TREE2.14186 (*) HLLC.VSW.5936 (*) HLLC.WORM.16412 (*) HLLC.XMAS.15264 (*) HLLO.3008 (*) HLLO.3855 (*) HLLO.4032 (*) HLLO.4317.B (*) HLLO.4734 (*) HLLO.4830 (*) HLLO.5760 (*) HLLO.6144 (*) HLLO.BIG&FAT.6561 (*) HLLO.CRASH.7227 (*) HLLO.F-SOFT.3521 (*) HLLO.FU.8608 (*) HLLO.HEPATITUS (*) HLLO.KAMIKAZE (*) HLLO.TU.4752 (*) HLLO.VSW.3836 (*) HLLO.VSW.4017 (*) HLLP.3678 (*) HLLP.5792 (*) HLLP.5824 (*) HLLP.7408 (*) HLLP.7529 (*) HLLP.7808 (*) HLLP.15392 (*) HLLP.BDAAGWA.4984 (*) HLLP.BISHKEK.4160 (*) HLLP.BISHKEK.4240 (*) HLLP.BWA.4984 (*) HLLP.CEIB.4629 (*) HLLP.CHSU.4484 (*) HLLP.DUPALEC (*) HLLP.KASIENKA.8192 (*) HLLP.NOTFOUND.6176 (*) HLLP.RANGEL.5000 (*) HLLP.RUNNER.9312 (*) HLLP.SAURON.4568 (*) HLLP.SON.4731 (*) HLLP.UPI.4641 (*) HLLP.VOVA.12560 (*) HORSA.1185 HUE.482 ID.248 IMI.1536.H IMMORTAL.2185 IVP.667 I_LOVE_D.3618 JASI.666 JULY_29TH JUNKIE.1308 KALN.3225 KALN.3612 KASIUNIA KBWI.1349 KERS.923 KONKOOR.3072 KOSKO.313 KUNS.168 KWX.1458 LAB LEATH LEDA.820 LINC.196 LINC.307 LOSL.535 LYUBA.381 MAD.2631 MADMAX.507 MAR.1972.D MARVIN MARYR MDMA (Texas, Illinois, Georgia) MESSAN.B MG.500.C MICROB.431 MIPT-PHYSTECH.2000 MIREA.703 MOJHOO.1405 MRTI.576 MTZ-PINK NADO.LOVE.602 NADO.REDV.584 NE.10634 (Australia) NEXIV NICHOLS NO5.1235 NUCLEAR.B PC KNIGHT.2083 (Europe) PCW (Europe) PEMPE.1811 (France) PHANTOM1 (*) PIZELUN.3599 PMM.575 PRES.7760 PRIMUS.512 PRIMUS.528 PS-MPC.AOS QRES.224 RADYUM.503 RENE.4509 RETALIATOR.1535.A RETALIATOR.1535.B RIOT.304 RIOT.IR8.928 RIOT.MARI.1125 ROMA RUSSEL.3072 SANDRA.1809 SENORITA.885 (Europe) SEPULTURA:MTE SHIRE.117 SILLYC.96 SILLYC.115.B SILLYC.186 SILLYC.208 SILLYC.228 SILLYC.710 SINAI.1208 SIRIUS.ALIVE.4000 SMEG.V0_3.DEMO.B STEALTH.F STONED.KILL STRAT.486 STRIKE SZATAN TANKAR.236 TCHECHNYA.1919 TIMID.497 TORNADO.759 TPED.1760 TRIVIAL.35.B TRIVIAL.44.D TRIVIAL.86 TRIVIAL.963 TRIVIALSMEG UFO.1468 UNGAME.823 UPI.4641 VCL.O.610 VIV 524 VOYAGER.1134 VOYAGER2.508 VSV.3836 VSW.3966 VSW.4017 VSW.5063 VSW.5176 VSW.5936 WASP.1312 WRLK.1672 ZIBBERT.1268 (Brazil) ZNOS.1730 ZNOSK.509 ZYX.5739 (*) Requires DOS/Win 2.5.1 engine * NEW VIRUSES REMOVED * This DAT file (9607) removes the 35 new viruses listed below. In addition, locations that have experienced problems with a particular virus are identified. _751 ALEVIRUS.690 (Brazil) ALEVIRUS.1613 (Brazil) ALFONS.1344 CONCEPT.E (Belgium) DARK_REVENGE.1024 DEADWIN.1228 (Bolivia) DELTA.1163 (Brazil) DEMON3B.5610 (*) (Europe) DIGI.3547 (*) (Czech Republic) EPSILON.513 FITW.7924/7448 (*) (Europe) H8.1173 HARE.7610 (*) (Internet) HARE.7750 (*) (Internet) HARE.7786 (*) HLLC.CRAWEN.8306 (Italy) IMMORTAL.2185 KARNIVALI.1972 (US - East Coast) LEDA.820 MDMA (Texas, Illinois, Georgia) NATAS.4926 NUCLEAR.B PC KNIGHT.2083 (Europe) PCW PEMPE.1811 (France) RUSSEL.3072 (*) SILLYC.96 SILLYC.186 SILLYC.710 SIRIUS.ALIVE.4000 SKATER.819 (Australia) VCL.O.702 (Internet) VOYAGER.1134 ZIBBERT.1268 (Brazil) (*) Requires DOS/Win 2.5.1 engine ____________ KNOWN ISSUES 1. When a macro virus is detected, the message "No remover currently available for this virus" is displayed. Disregard this message and clean the file using the /CLEAN option. 2. When a macro virus is detected in conjunction with other viruses, the macro virus remover does not work. If you encounter this, remove the other virus first or work in a separate area. 3. When VirusScan NT scans the PAGEFILE.SYS, the system beeps and an Access Denied message is displayed. 4. VirusScan NT is not able to access the boot sectors and the Master Boot Record unless you have administrative rights. To scan the boot sectors and the Master Boot Record, log in as a user with administrative rIghts. You may need the DOS version of Scan if your system has a boot sector virus. ____________ INSTALLATION * PRIMARY PROGRAM FILES FOR VIRUSSCAN COMMAND LINE * Files located in the Install directory: ======================================= NTSCAN.EXE = VirusScan for Windows NT Command Line program README.1ST = McAfee information SCAN.DAT = Virus definition data NAMES.DAT = Virus definition data CLEAN.DAT = Virus definition data SCAN.EXE = VirusScan for DOS Command Line program VALIDATE.EXE = Authenticity validation program WHATSNEW.TXT = What's New document PACKING.LST = Packing list * INSTALLING THE PRODUCT * To install, create a directory and copy the files to it. * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installations. To test your installation, copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69 or 70 byte file. When VirusScan is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. _____________ DOCUMENTATION For more information, refer to the DOS section of the VirusScan User's Guide, included on the CD-ROM versions of this program or available from McAfee's BBS and FTP site. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your McAfee product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html VirusScan documentation can be downloaded from McAfee's BBS or the World Wide Web at: http://www.McAfee.com or 205.227.129.97 __________________________ FREQUENTLY ASKED QUESTIONS Regularly updated lists of frequently asked questions about McAfee products also are available on McAfee's BBS, website, and CompuServe and AOL forums. Q: What is VirusScan Command Line for Windows NT (NTSCAN)? A: VirusScan Command Line for Windows NT is a commandline scanner that was ported from our DOS VirusScan product many months ago. We have maintained the line because it uses the same commandline options as the DOS product and some large clients still like to have a uniform script that scans client machines as they log in. Q: Is this the only commandline based NT product for scanning? A: Yes and no. VirusScan Command Line for Windows NT is the only commandline program, but the SCAN32 program that is included with NetShield and the VirusScan for NT products will accomplish the same goal using a custom VirusScan Configuration (VSC) file instead of commandline parameters. Since SCAN32 is not offered as a stand-alone product, we maintain the older commandline product. Q: How do I use VirusScan Command Line for Windows NT? A: You use it similar to the way you use VirusScan for DOS or OS/2. While in NT, open up a DOS commandline session and run NTSCAN / / /. The product documentation contains information about the different commandline parameters. Q: What if my DOS session is infected? How would I boot clean? A:#l If the file on your computer is file allocation table (FAT) based, boot with a DOS system disk, and then scan all the files. A.#2 If your system is NT file system (NTFS) based, follow these procedures: a. If your command shell is not infected (CMD.EXE), then open a new DOS session. Run Scan. Since all DOS sessions share the same file area but different protected memory locations, this is a clean boot. b. If the command shell is infected, perform one of the following procedures: (1) Use Control Panel to change your system command shell to COMMAND.COM, or (2) Use File Manager to copy a new uninfected copy of CMD.EXE to the machine and delete the infected copy. Q: Can I use the same datafiles to update VirusScan Command Line for Windows NT as I would to update VirusScan for DOS? A: Yes. All McAfee anti-virus products use the same virus definition files for scanning. ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax: (408) 970-9727 24-hour, Group III Fax 3. Fax-back automated response system: (408) 988-3034 Send correspondence to any of the following McAfee locations: McAfee Corporate Headquarters 2710 Walsh Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral West Center 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 5944 Luther Lane, Suite 117 Dallas, TX 75225 McAfee Canada 178 Main Street Unionville, Ontario Canada L2R 2G9 McAfee Europe B.V. Orlyplein 81 - Busitel 1 1043 DS Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany Or, you can receive online assistance through any of the following resources: 1. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS 2. Internet E-mail: support@mcafee.com 3. Internet FTP: ftp.mcafee.com or 205.227.129.134 4. World Wide Web: http://www.mcafee.com or 205.227.129.97 5. America Online: keyword MCAFEE 6. CompuServe: GO MCAFEE 7. The Microsoft Network: GO MCAFEE Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script - Microsoft service pack, where applicable - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs - Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. * FOR ONSITE TRAINING INFORMATION * Contact McAfee Customer Service (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established an Agents program to provide service, sales, and support for our products worldwide. For a listing of agents, see the file AGENTS.TXT or contact McAfee Customer Service for agents near you.