²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²² ²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²² ²²ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·²²²²²² ²²³ º°°²²²² ²²³ ADVANCED DISKINFOSCOPE (ADinf) º°°²²²² ²²³ by º°°²²²² ²²³ (c) Dr. Dmitry Mostovoy º°°²²²² ²²³ º°°²²²² ²²³ Keldysh Institute of Applied Mathematics º°°²²²² ²²³ The Russian Academy of Sciences º°°²²²² ²²³ Moscow, Russia º°°²²²² ²²ÔÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ°°²²²² ²²²²°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°²²²² ²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²² ²²ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·²²²²²² ²²³ A Guide to Frequently Asked Questions º°°²²²² ²²ÔÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ°°²²²² ²²²²°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°²²²² ²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²² This file answers in detail several questions that users quite frequently ask about ADinf. All questions pertaining to a subject have been unified and arranged topically. The menu tree structure described below may not fully agree with the menu structure of the ADinf previous versions as I have answered the questions with specific reference to ADinf version 8.00 and higher. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q Can ADinf check a disk compacted with DoubleSpace, Stacker or Sstor? A ADinf does check a compacted disk, scanning not through BIOS but using Int 25h. Normally, ADinf itself gains access to such disks via Int 25 h. For a compacted DOS logical drive having the same name as the original drive where compressed disk file is saved, you must set Int 25h as the drive access type (choosing the DISK ACCESS TYPE command from the SETUP PARAMETERS submenu of OPTIONS menu). For scanning a Sstor-compacted disk, you must tell ADinf not to check for new bad clusters (choosing DON'T CHECK from BAD CLUSTERS menu of the INFO UNDER CHECK submenu). ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q I, being a programmer, naturally change a large number of files on my disk everyday. How can I tell ADinf to keep quite about these legal modifications in its morning reports? A You can easily mark directories as working directories. For this, choose SKIP TREE from the INFO UNDER CHECK submenu. Then choosing a drive from the on-screen panel, pop up its structure tree, mark the directories and subdirectories where you are likely to change the fi- les everyday. ADinf will not report about unharmful changes in a file under a marked directory. But if it suspects any change (in size or CRC of a file) as fatal, ADinf will alert you. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q I have only one partition spread over my 120 Mb disk. Whenever I start checking, ADinf aborts its mission and reports "more than 2620 files in your disk". How can I fix up this error? A Unfortunately, this is a constraint inherent in the program. To speed up checking, ADinf piles up disk structure information in the computer memory; this obviously puts a limit on the size of diskinfo table. To come round this problem, tell ADinf to confine its checks to COM, EXE, SYS, BAT, OVL, LIB and DRV files by editing the file extension list (choosing EXTENSIONS from the LIST menu). The number of such files in your disk is not likely to more than the built-in threshold for ADinf to abort its checks. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q What is ADinf Cure Module? If this is a curing module, is it better or worse than V-Hunter? Where can I buy it? A ADinf Cure Module (ADinfExt.exe) is a curing module tailored to enhance the powers of Advanced DiskInfoscope. It differs radically from V-Hunter: it kills existing and as yet unknown viruses with equal efficacy. It maintains a small database containing full information about all files in your disk. When ADinf detects a virus, the curing module can be used to kill it. Database is automatically updated by ADinf when disk information changes in your system. V-Hunter and ADinfExt cannot be compared: each deploys a different strategy to antivirus problem: they ideally supplement each other. First, ADinfExt does not kill all but only about 97% viruses (not bad, isn't it?). Particularly, admitting its capabilities to clean your computer from as yet unknown viruses. Second, it is helpless when you are handling someone else's diskettes because it requires the database containing disk information. V-Hunter, on the other hand, applies the traditional defence principle: to every attack it designs a counterattack and can therefore kill only the viruses known to it, but is helpless against new viruses. It is therefore a good idea to have both these programs available in your machine. ADinf Cure Module was tested on a collection of 750 most widespread infectors unknown to the program and successfully removed 97% of them. You can buy ADinf Cure Module from any dealer distributing V-Hunter, both are the products from DialogueScience Inc., Moscow, Russia. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q What is fast CRC that ADinf computes? When I modified a few bytes at the end of an EXE file, ADinf ignored them while checking under fast CRC mode. Why? A ADinf conducts its checks in one of three alternative modes: fast CRC (cyclic redundancy checks), full CRC and No CRC. The method by which ADinf computes fast CRC is closely related to the internal structure of an executable file. Therefore fast CRC is best suited for COM and EXE files as it guarantees reliable virus detection without the need for computing the CRC of the whole file. So, all changes in certain file areas, unless they are generated by a virus, are ignored by ADinf while checking under fast CRC mode. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q Why is ADinf very sluggish in checking a write-cached disk? Why does ADinf hang up on a cached machine or disk? A ADinf efficiently checks a read-cached disk but may face problems on write-cached disk when both ADinf and the cache simultaneously address BIOS, creating conflicts. There are two ways of avoiding such conflicts: first disable the write-cache prior to starting ADinf and toggle it on when checking is complete. For example, SmartDrv.exe is toggled on and off from drives C and D by the com- mands SmartDrv C D, and SmartDrv C+ D+. Alternatively, tell ADinf to check all drives except C via Int 13h, choosing DRIVE ACCESS TYPE from the OPTIONS menu. But such a checking mode is less reliable. Starting from version 9.00, ADinf is fully compatible with HyperDisk write-cache ver. 4.50 or later. No problems arise with this utility any longer. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q Can I put net drives under ADinf control? A Unfortunately, you can't. ADinf checks a drive, reading it sector by sector. Therefore it can check local drives only and must be installed on each LAN workstation separately. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q Can Adinf run under MS Windows and DESQview? A Yes, it can. ADinf works under MS Windows and DESQview and can scan drives directly via BIOS while working under Windows or DESQview. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q What is the purpose of personal tables? A ADinf supports two types of tables, common & personal, for storing disk information. They don't differ in structure. Common tables are saved in the root directory of logical drives and personal table in the directory where adinf.exe is installed. Common tables are helpful in regularly checking a limited number of program files of particular extensions. Whereas personal tables are better suited for in-depth checking. You may even choose all types of files on your disk and specify FULL for CRC type. Such a check is all-inclusive though time consuming. ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Q I feel my machine is infected but ADinf is keeping silent. Can a virus dodge detection by ADinf? A This is a commonly asked question, and there is only one answer to it. Unfortunately, there is no panacea for PC virus infection, nor can there be ever one. ADinf is one of the most powerful virus detectors today. But you must keep in mind its capabilities and limitations. Let us examine the situations where ADinf may keep quite. If you have installed ADinf on an already infected machine, it will not notice any virus because it detects viruses through the changes in file information. And in our case there are no changes in file information and so it does not alert you. If the virus is hiding its presence, i.e., you have a stealth virus in the machine; ADinf will certainly detect it, if you run under the STEALTH SEARCH mode (see Stealth Search in the file ADinf.txt). This is a very useful mode and run ADinf from time to time under this mode. Second, ADinf may fail to notice the viruses tailored specifically to infect a file only at the time of its creation. If they are at the same time hiding themselves, you may trap them, running ADinf in STEALTH SEARCH mode. If they are NOT hiding their presence, you can easily detect them with your naked eyes. For example, suppose you are copying a file from drive A to drive C and you notice that the size of the source file does not tally with the size of the target file. You can easily detect such infectors, running ADinf as follows: write a batch (call it say TRAP) which copies several executable files, say, to your RAM drive and then copies them from the RAM drive back to the source drive. Add a PARK command at its last line. Run the special TRAP batch file before turning off your computer. When you start the computer next time, ADinf will report about such viruses, if any. For greater reliability, you better include files to be copied in STABLE FILES list (its menu path is OPTIONS-> SETUP PARAMETERS -> INFO UNDER CHECK -> STABLE FILES). Finally, because of its beneficent policy - aggressive strategy and ingenious tactics - ADinf is irritating virus designers. One fine morning it is not excepted that you may find in your machine a new virus specially tailored to dodge detection by ADinf. Today only one virus belonging to DIR group is known that tries to delete the files with a name beginning with "ADIN" from your disk. What is broiling in the minds of these evil-mongers, God alone knows! ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ACKNOWLEDGMENTS ADinf is a registered trademark of DialogueScience Inc., Moscow, Russia. MS-DOS and WINDOWS are registered trademarks of Microsoft Corporation, USA. DR-DOS is a registered trademark of Digital Research Corporation, USA. IBM PC XT/AT PS2 and PC DOS are registered trademarks of International Business Machines Corporation. SCAN is a registered trademark of McAfee Associates, USA. NORTON UTILITIES is a registered trademark of Symantec Corporation, USA. V-Hunter is a registered trademark of DialogueScience Inc., Moscow, Russia. SHERIFF is a trademark of DialogueScience Inc., Moscow, Russia. STACKER is a trademark of Stac Electronics, USA. HERCULES is a registered trademark of Hercules Computer Technology Inc., USA. Other names are the registered trademarks or trademarks of the respective companies. DialogueScience, Inc., Ul. Vavilov 40, Room No.103-a, Moscow 117967 GSP-1, Russia. Tel/Fax: (+7-095) 938-2970, 137-0150 BBS: (+7-095) 938-2856 (14400/V.32bis, 19200/ZyXEL) - common access (+7-095) 938-2969 (14400/V.32bis, 19200/ZyXEL) - subscribers only FidoNet: 2:5020/69 , 2:5020/69.4 E-mail : lyu@dials.msk.su - Sales and Support Department root@dials.msk.su - Modem link service dmost@dials.msk.su - ADinf author