What's New in VirusScan Version 2.2.9 (9601) Copyright 1994, 1995 by McAfee, Inc. All Rights Reserved. These release notes cover what is new in VirusScan 2.2.9 and the December DAT replacement (9601) of VirusScan for DOS, VirusScan for Windows, VirusScan for OS/2, VirusScan for Windows 95, VirusScan for NT and VShield. ------------------------------------------------------------------------ Why this emergency release: The versions released as 2.2.8 was discovered to have a couple of false ids: SHZ on some COM files used in association with CPTOOLS. PROBABLE UNKNOWN BOOT SECTOR VIRUS on Disk Manager MBRs. This release of 2.2.9 (9601) fixes those issues. ------------------------------------------------------------------------ Vshield 2.2.9 You will need VShield 2.2.8 or 2.2.9 in order to use these DAT files with VShield for DOS. ------------------------------------------------------------------------ New features for VirusScan 2.2.9 and OS/2 Scan 2.2.9: /CLEAN /FORCE When confronted with a boot sector virus, /CLEAN /FORCE tells VirusScan to forcibly remove the virus using its generic remover capabilities. For MBR infecting viruses, this is similar to the use of FDISK /MBR. /CONTACTFILE Display contents of when a virus is found. Previously it worked only for viruses found during disk scan. Now, it also applies to viruses found during memory scan. /FREQUENCY DAILY Will scan once each day based on the date and not by hours. /NODOC In 2.2.7, we introduced .DOT and .DOC into the default list of files checked when you run Scan. /NODOC forces DOT and DOC files not to be checked. Some of our users requested this flexibility. ------------------------------------------------------------------------ OS2SCAN 2.2.9 The OS/2 code has been changed to fix a disk corruption problem. It's implementation has created a change in the way OS/2 Scan works. When OS/2 Scan finds that the system has loaded IBM LAN drivers, it will not Scan the MBR of the system, however, if you are using those particular Requesters, you need to boot the OS/2 box from the two Diskettes provided by IBM and then Scan your System. Booting this way will not load the drivers and OS/2 Scan will Scan your MBR. It has been our experience that most Boot Sector Viruses will not let your OS/2 machine boot and you would need to boot from the Diskettes anyway to find the machine's problem. Creating a Clean Boot Disk: When creating a clean OS/2 boot disk, it is necessary to copy the file NLS.DLL to the disk as well as OS2SCAN.EXE and *.DAT. The file NLS.DLL is part of standard OS/2. The path where it can be found is: \OS2\DLL\NLS.DLL ------------------------------------------------------------------------ About Macro viruses... Included in this ZIP file is a self-extracting archive, MVTOOL10.EXE, being distributed by Microsoft. It is a way to protect yourself against the Concept virus, as well as to warn you against document files that contain macros without your knowledge. To make use of it, execute the program: MVTOOL10.EXE 40732 bytes It will create these files: README.DOC 36864 10-02-95 1:08p SCANPROT.DOT 49152 10-02-95 3:44p Enter Word and read the README.DOC to see if the package is suitable for your environment. Removal of macro viruses directly from within VirusScan will soon be made available. If you wish to help us test the beta, please check our beta area on our Web Site (www.mcafee.com) in the download area. ------------------------------------------------------ Detectors added or updated in the 9601 DAT file from 9511 (105): AC.1400 ACIDWARP AEP.2518 AMZ.1100 ANARCHIST.478 ANARKEY.1179 ANTI PASCAL.400.A ANTI PASCAL.400.B ANTI PASCAL.407 ANTI PASCAL.440.A/B ANTI PASCAL.480.A/B ANTITB AUSTRALIAN PARASITE.306.A AUSTRALIAN PARASITE.482.A BEDA.1530 BROTHER CIVILWAR.RATBOY.303 COITO.644 COP-COM.286 COP-COM.287 CREATIVE.877 DAEMAEN.2041.B DARK_AVENGER.OLIVER DEI.1526 DSME.DEMO EAF.656 EMF END-OF.788 ERRORINC.465 EVOLUTION.2770 EVOLVE.2770 EXEHEADER.FUNKED.425.C EXEHEADER.PURE.DE'BUGER.427 FAIRZ.2340 FOGGY.91 FOGGY.129 FOGGY.149 FOGGY.188 FOGGY.220 FOGGY.228 FOGGY.256.A FOGGY.256.B FOGGY.292 FOGGY.300 FOGGY.382 FOGGY.420 FOGGY.444 GIRL.2273 HIPERION.249 HLL.4075 HLL.4629 HLL.6167 HLL.8902 HLL.12304 HLL.BIRTHDAY.5824 HLL.KASIENKA HLL.MERCURY HLL.SAURON HLL.VOVA.8896 HLL.VOVA.9904 HLLC.4768.B HLLO.4032.B HLLO.7227 HLLO.41714 HOME SWEAP.658 HYDRA.1657 IMI.1536.G ITTI.161 IVP.939 IVP.FLIPPER.872 KOHNTARK.KOMPANION.268 LEPROSO.1221 MAGIC DOLLAR MIREA_II.4157 MNEMONIX.NEUROPATH.928 MOSQUITO.768 MRTINY.155 MZBOOT.B PC FLU.763 PS-MPC.670 REKLAMA.2723 RTL SCRATCH.554 SEMTEX.686 SEPULTURA.2136 SHARK.1027 SHARK.B SHIFTER.983 SILLYRC.414 SIRIUS.640 SISTER SMALL COMPANION.160 SMALL.65 SMASH SPM.A STONED.IVT STONED.PC-AT TRIVIAL.123 VACSINA.VACSINA-LOADER.A VCL.DIAL.600 VIENNA.BYTEWARRIOR VIENNA.M1.B VME_1.DEMO VRD WEREWOLF.658 ---------------------------------------------------- Removers added or updated in the 9601 DAT file from 9511 (37): ANTI PASCAL.400.A ANTI PASCAL.400.B ANTI PASCAL.407 ANTI PASCAL.440.A/B ANTI PASCAL.480.A/B DARK_AVENGER.OLIVER DVD.455 FOGGY.91 FOGGY.129 FOGGY.149 FOGGY.188 FOGGY.220 FOGGY.228 FOGGY.256.A FOGGY.256.B FOGGY.292 FOGGY.300 FOGGY.382 FOGGY.420 FOGGY.444 FREDDY_2.1 HI.802 HOME SWEAP.658 HYDRA.1657 MRTINY.155 OVER1644 PS-MPC.670 QUICKSILVER.1376 (Needs 2.2.8 Executable) SAYAWATP SHEHAS SMALL COMPANION.160 STONED.ZAPPA SVC.2936.C SVC.2936.D TRIVIAL.123 VIENNA.648.LISBON WEREWOLF.658 ----------------------- False Alarms fixed: HLL.4984 KILROY NOKERNEL (BOOT) OVER1644 PS-MPC.ARCV.3 THIEF ----------------------- Significant virus name change: Breasts -> SheHas Yale -> Alameda ---------------------------------------------------- Top active viruses other than those presented above: AntiCmos (alias: Lixi) Byway.A (*) Byway.B (*) Concept Da'Boys (**) Junkie MonkeyA MonkeyB Natas NYB (alias: B1) Ripper Sampo (*) To remove Byway, boot up with the virus in memory. Copy all executable files to floppy, with a non-executable extension. Copy all the data files off. Format harddisk. Replace files. (**) To remove Da'Boys from a hard disk infection, one needs to boot from a clean corresponding DOS version and execute the command "SYS C:".