home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC/CD Gamer UK 44
/
PCGAMER44.bin
/
utils
/
mcafee
/
win31
/
whatsnew.txt
< prev
Wrap
Text File
|
1996-12-19
|
22KB
|
823 lines
What's New in VirusScan for Windows 3.1x v2.5.3 (9611)
Copyright 1994-1996 by McAfee, Inc.
All Rights Reserved.
Thank you for using McAfee's VirusScan for Windows 3.1x.
This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.
McAfee welcomes your comments and suggestions. Please use
the information provided in this file to contact us.
___________________
WHAT'S IN THIS FILE
- New Features
- Known Issues
- Installation
- Documentation
- Frequently Asked Questions
- Contact McAfee
____________
NEW FEATURES
VirusScan now supports centralized alerting and
reporting to a remote NetWare or Windows NT server.
Using NetShield for NetWare v2.3.3 or NetShield for
Windows NT v2.5.3, client alerts and reports can be
redistributed or compiled at the central server
location for ease of management.
* ENHANCEMENTS *
1. VirusScan for Windows 3.1x now implements VShield
as a virtual device driver (VxD). This replaces the
VShield Terminate and Stay Resident (TSR), enhancing
features and reducing the memory footprint. VShield
operates directly in the Windows environment, no
longer relying on a DOS TSR.
2. A VxD is a filter to prevent the spread or
activation of Macro viruses attempting to
replicate within Windows applications, such as
Microsoft Word for Windows.
3. When a virus is found, VShield's VxD can be
pre-configured to prompt the user for action or
to automatically repair, quarantine, deny access
to, or delete infected files.
4. McAfee's VShield VxD allows the user to configure when
to conduct a scan (for example: on file run, copy,
create, or rename; on floppy disk access) and which
files to include.
5. During installation, the DOS scanner provides the
user with the options of scanning the drive at boot up
and appending the installed directory to the path.
6. During installation, the option of loading VShield into
memory upon starting Windows is provided to the user.
* NEW VIRUSES DETECTED *
This DAT file (9611) detects the following 129
new viruses. Locations that have experienced
particular problems with specific viruses are also
identified.
_922 Germany
_1000 US
_2673 Philippines
APOCALIPSE.1685 Portugal
APRIL1A.798
APRIL1B.797
AREQUIPA.1994 Peru
ASBV
ASH.302
ASMODEOUS.1437
ASSIGN.653
ATOM
BANDUNG.A US/Indonesia
BANDUNG.B
BARAN.2978
BARAN.3001
BNB.498
BR.1180
BW.790
CACO.3310 Peru
CHANDI US
CHAPA.447
CHAPA.448
CHERRY.2266
COMP.180
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
CRAWLER.545
CRIM_WW
CYBERTECH.668
DAN.1784
DELTREE TROJAN
DEMON3B.4313
DINA.271
DINA.283
DIR-II.1536.G
DIR-II.AS
DREAMER.8869
DST.330
DST.347
DST.396
DSTAR.223
EASY Internet
EDOL.832
EXEHEADER.VLAD.337
EXTRACTJPG.TROJAN
FATHER_MAC.1382
FAULT.9209
FORMATC:TROJAN
FSN.1279
GANGSTERZ Internet
H-ANDROMED.594
HELGA.666.B
HELPER US
HIDER.2143
INCH
INFERNO.781
JASON.626
JOVIAL.503
JUICE.305
KALO.1464
KOSKON.313
LATER.981.B
LD93.1217 Australia
LUNCH.783
MACGYVER.4112 (MBR) Taiwan
MAIDEN.891
MARKUS.5415
MBRK.714
MDMA.C US
MINZ.470
MIXTURA.1000
MOSCA.1278
MURCIA.4651
NPOX.1186
OKTUBRE.1784
OUTLAW Internet
PELIGRO.1206 Peru
PHARDERA Internet
PIRANIA.1617
PROTOVIRUS.720
PS-MPC.504 Peru
RESCUE 911.3774 Saudi Arabia
ROTATOR.864
SALAMANDER.888
SANLORENO.1025
SAVER:DE Internet
SCROLL.600
SHOWOFXX Australia
SIERRA.D US
SILLY.745
SMILEY:DE Germany
SPEC.907
SPOOKY:DE Internet
STEATODA.1623 Israel
STRYX:DE Internet
SUPERF.1175
SVC.3103 South America
SYSKLL.290
T555.556
TAURUS.1852
THEATRE:TW (*) Taiwan
THEATRE.A:TW (*) Taiwan
TREBUJENA.1094
TRIVIAL.44.F
TRIVIAL.45.H
TRIVIAL.52
TRIVIAL.53.A
TRIVIAL.119
TRIVIAL.284
TROOPER.2259
TWNO:TW (*) Taiwan
TWNO.B:TW (*) Taiwan
TWNO.C:TW (*) Taiwan
UNHAPPY.763.A
UNHAPPY.763.B
VCC.620
VCS.799
WAZZU.J
WAZZU.O
WAZZU.P US
WEATHER:TW(*) Taiwan
WAZZU.Q US
ZGENRAT.785 US
(*) Infects double-byte (omnicode) versions of Word,
which include Japanese, Korean, Chinese, and
Simplified Chinese.
* NEW VIRUSES REMOVED *
This DAT file (9611) removes the following 112 new
viruses. Locations that have experienced particular
problems with specific viruses are also identified.
666
_922 Germany
_1000 US
1946
_2673 Philippines
ARALE
AREQUIPA.1994 Peru
ASBV
AWAITS.500
BABY_L.674
BADSIZE.369
BANDUNG.B
BARAN.2978
BARAN.3001
BARROTES.840 Spain
BNB.498
BR.1180
BRBI.KOBRIN.492
CACO.2965
CACO.3310 Peru
CARRYON.534
CHANDI US
CHAPA.447
CHAPA.448
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
DEARFRIEND.524
DOPERLAND.490
DREAMER.4808
DREAMER.8869
DUNE.483
EASY Internet
EUPM.1731
F-YOU
FIFO.333
FORMAS.1146
FORMATC:FORMAT
GANGSTERZ Internet
GENE.1991
GENIUS
H-ANDROMED.594
HELPER US
INCH.386
INT4B.231
INT4B.242
IVP.BUBBLES.684 US
KALI-4
KOSKON.313
LD93.1217 Australia
LOVEBUZZ.591
LUNCH
MACGYVER.4112 Taiwan
MANTRA.719
MARKUS.5415
MDMA.C US
NPOX.1186
OMEGA
OUTLAW Internet
PELIGRO.1206 Peru
PHARDERA Internet
PS-MPC.504 Peru
PUPPETS.960
RESCUE 911.3774 Saudi Arabia
SAVER:DE Internet
SHOWOFXX Australia
SIERRA.D US
SILLYC.90
SILLYC.155.B
SILLYC.165
SILLYC.200.B
SILLYC.202
SILLYC.226
SILLYC.316
SILLYC.373
SILLYORCE.76.B
SILLYRC.214
SILLYRC.248
SILLYRC.303
SMILEY:DE Germany
SPOOKY:DE Internet
STEATODA.1623 Israel
STRYX:DE Internet
SUPERVISOR.2221
SVC.3103 South America
T555.556
THEATRE:TW (*) Taiwan
THEATRE.A:TW (*) Taiwan
TIE.619
TIP.554
TULA.1540
TULA.1656
TURBOEXE.854
TWNO:TW (*) Taiwan
TWNO.B:TW (*) Taiwan
TWNO.C:TW (*) Taiwan
UNHANDLED.495
UNHAPPY.763.A
UNHAPPY.763.B
VIAGGIO.1051
VOTADC.591
WAZZU.J
WAZZU.O
WAZZU.P US
WAZZU.Q US
WEATHER:TW (*) Taiwan
WILDY.354.B
WILDY.354.C
(*) Infects double-byte (omnicode) versions of Word,
which include Japanese, Korean, Chinese, and
Simplified Chinese.
* ISSUES ADDRESSED IN THIS RELEASE *
1. Log file validation has been added in the Report page.
2. When the Clean Infected Files Automatically option is
set in the Actions page, the user is now prompted if
a boot sector virus is found.
3. Additional virus detection for file overwriting.
4. VShield status is now displayed when double clicking
on the VShield icon from the program group.
5. VShield now validates the Virus Dat files before
loading.
6. Added Netx driver and Netware 3.X compatibility.
7. The user utility Chkvxd.exe now returns the proper exit
codes.
8. Various display issues with the McAfee detection screen
(Blue and Red) are resolved.
9. Log entries are now made with the "Deny access and
continue" setting in the Actions page.
____________
KNOWN ISSUES
1. This version will not detect previously installed
versions of VShield TSR (from 2.2.F and prior) and
will not remove the path entry made to the
AUTOEXEC.BAT file if the installation differed from
the default, c:\mcafee\viruscan.
2. In order to re-enable VShield after disabling it,
right-click and select Enable.
3. If Move Infected File is selected on the Actions page,
infected files will be moved to the directory specified.
However, if the Windows Copy command fails during this
procedure, a zero byte file size stamp may be left in
the destination directory when carrying out the Copy
command.
4. If using NetX drivers to connect to 3.x Netware servers,
carrying out applications located on the server may
result in a Windows' sharing violation message during a
VShield file scan.
Solution: To avoid the Window's sharing violation
message, add the following line to the default.vsh file
under the General section:
bUsingNetx=1
Or, change the application executed from the server to
Read Only.
____________
INSTALLATION
* INSTALLING THE PRODUCT *
If you would like to perform a "silent" installation of
VirusScan, requiring minimal user interaction and using all
default or "Typical" installation settings, add -s
(i.e. SETUP.EXE -s) to the setup command when you install
the product.
Please note that the silent install is designed to install
the product from a single source. If you have the floppy
disks version, please copy the files from both disks to a
temporary directory on the hard drive and run the setup
command with the -s switch.
Network Administrators can customize the silent
installation by following the steps below.
1. Check in the Windows directory to ensure that a
file named SETUP.ISS does not already exist. If it
does, rename it, back it up, or delete it.
2. Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).
3. Select the components you would like to be installed
during the silent installation. All responses will
be recorded.
4. Finish the installation, and locate the file SETUP.ISS
in the Windows directory.
5. Open the file using any ASCII editor (e.g., NOTEPAD.EXE)
and delete the section titled APPLICATION.
6. Rename, back up, or delete SETUP.ISS on the first
installation disk (floppies only). For CD-ROM versions
of the product, you must copy the installation files
onto the hard drive before taking this step.
7. Copy the new SETUP.ISS from the Windows directory
to the location of the installation files.
8. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).
9. When the silent installation is complete, you should
reboot the machine manually.
NOTE: If you do not specify a "recorded" answer for
all dialog boxes during the initial installation, the
silent installation will fail. Also, the file used
for the silent installation, SETUP.ISS, may not work
properly across different operating systems.
* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS 3.1x *
Files located in the Install directory:
=======================================
1. Installed for VShield/DOS/VirusScan:
README.1ST = McAfee information
CLEAN.DAT = Virus clean definition data
NAMES.DAT = Virus names definition data
SCAN.DAT = Virus scan definition data
VALIDATE.EXE = McAfee file validation program
WCMDR.EXE = Windows Commander program
WCMDR.INI = Windows Commander configuration
settings
PACKING.LST = Packing list
WHATSNEW.TXT = What's New document
2. Installed for VShield:
MCKRNL16.DLL = Tools library
MCUTIL16.DLL = Run-time support library
TABDLL11.DLL = Properties dialog library
VSHCFG16.EXE = VShield Configuration Manager
VSHWIN.EXE = VShield on-access engine
CHKVXD.EXE = VShield virtual device driver
checking utility
VSHCFG16.HLP = Online help
DEFAULT.VSH = Default VSH settings
3. Installed for DOS:
SCAN.EXE = MS-DOS scan program
4. Installed for VirusScan:
WSCAN.EXE = VirusScan for Windows 3.1x on-
demand scanner
WSCAN.HLP = VirusScan for Windows 3.1x online
help
WSCAN.INI = VirusScan for Windows 3.1x config-
uration file
PROFILE1.PRF = Sample WSCAN configuration profile
PROFILE2.PRF = Sample WSCAN configuration profile
Files located in WINDOWS\SYSTEM directory:
==========================================
1. Installed for VShield/VirusScan:
CTL3D.DLL = 16-bit 3D Windows controls
library (*)
CTL3D32.DLL = 32-bit 3D Windows controls
library (*)
(*) File will be installed upon installation of VirusScan
if it does not already exist, or if an older version
is found.
2. Installed for VShield:
MCFSHOOK.386 = File system hook
MCKRNL.386 = Scan engine device driver
MCSCAN32.386 = Scan engine device driver
MCUTIL.386 = Utility device driver
VSHIELD.386 = VShield device driver
* INSTALLING THE PRODUCT *
If you have not already installed the product,
create a folder and copy the files to it.
When the installation is complete, it is recommended
that you restart your system.
* TESTING YOUR INSTALLATION *
The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installations. To test your installation, copy the following
line into its own file and name it EICAR.COM.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When done, you will have a 69 or 70 byte file.
When VirusScan is applied to this file, Scan will report
finding the EICAR-STANDARD-AV-TEST-FILE virus.
It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.
Please delete the file when installation testing is
completed so unsuspecting users are not unnecessarily
alarmed.
_____________
DOCUMENTATION
For more information, refer to the User's Guide, included
on the CD-ROM versions of this program or available
from McAfee's BBS and FTP site. This file is in Adobe
Acrobat Portable Document Format (.PDF) and can be viewed
using Adobe Acrobat Reader. This form of electronic
documentation includes hypertext links and easy navigation
to assist you in finding answers to questions about your
McAfee product.
Adobe Acrobat Reader is available on CD-ROM in the ACROREAD
subdirectory. Adobe Acrobat Reader also can be downloaded
from the World Wide Web at:
http://www.adobe.com/Acrobat/readstep.html
VirusScan documentation can be downloaded from McAfee's BBS
or the World Wide Web at:
http://www.McAfee.com or 205.227.129.97
For more information on viruses and virus prevention,
see the McAfee Virus Information Library, included on
the CD-ROM version of this product or available from
McAfee's BBS and FTP site. A ViaGraphix Interactive
Anti-virus Training program also is available on the
CD-ROM version, or can be purchased from the McAfee
Web Site.
__________________________
FREQUENTLY ASKED QUESTIONS
Regularly updated lists of frequently asked questions
about McAfee products also are available on McAfee's
BBS, website, and CompuServe and AOL forums.
Q: How do I enable McAfee's Centralized Alerting and
Reporting?
A: VirusScan now supports Centralized Alerting and
Reporting to a remote NetWare or Windows NT server
running NetShield for Windows NT v2.5.3 or NetShield
for NetWare v2.3.3.
To set up this option on your VirusScan client, modify
VirusScan's DEFAULT.VSH, and/or your custom settings
file to read the following:
Note: Administrators will need to configure the WSCAN.INI
and/or DEFAULT.VSH file for complete Centralized Alerting
& Reporting.
Add the following lines to the WSCAN.INI file under
AlertOptions:
PS_S_NETWORKALERTPATH=<UNC or NetWorkAlertPath>
PS_O_ALERT=1
Add the following lines to the DEFAULT.VSH file under
AlertOptions:
szNetworkAlertPath=<UNC or NetWorkAlertPath>
bNetworkAlert=1
Where the <UNC or NetWorkAlertPath> is the path to the
remote NetWare volume or NT directory. From this
directory, NetShield can broadcast or compile the alerts
and reports according to its established configuration.
NOTE: The client must have write access to this
<UNC or NetWorkAlertPath> location and the directory
must contain the NetShield-supplied CENTALRT.TXT file.
To send a complete alerting file identifying the
system user, establish the following environment
variables or add them to the AUTOEXEC.BAT file.
Set COMPUTERNAME=<name of computer>
Set USERNAME=<user name>
The alert file sent to the server is an .alr text
file. Upon receipt of the alert file, NetShield NT or
NetShield for NetWare sends an alert message to an
administrator and/or appropriate personnel.
Q: I have created my own Emergency diskette, how
can I optimize it's performance?
A: For optimal performance, create a CONFIG.SYS file on
the boot diskette and add the following lines:
[CONFIG.SYS]
DEVICE=HIMEM.SYS
DOS=HIGH
Add the HIMEM.SYS file from the DOS directory to the
boot diskette.
Note: For detailed instructions on creating an
Emergency diskette, refer to the instructions
outlined in your online documentation.
Q: When I have an infected file, why does the
infected counter increase by increments greater
than one?
A: The file system will typically access a file more
than once. On each access, VirusScan scans the file
and detects the infection.
Q: Does VShield detect Word Macro infections?
A: Yes. VShield detects and cleans Word Macro infections.
Q: Can I update VirusScan's data files to detect
new viruses?
A: Yes. If you have Internet access, you can download
updated VirusScan data files from the McAfee Web
Site, BBS, or other online resources. To download
from the McAfee Web Site, follow these steps:
1. Go to the McAfee Web Site (http://www.mcafee.com
or 205.227.129.97).
2. Click on the Download McAfee button in the upper
left hand column or frame.
3. Click on Update Your DAT Files to update DAT files.
4. View the information provided on new DAT files
and downloading.
5. Click on Download this Month's DAT.
6. Data file updates are stored in a compressed form
to reduce transmission time. Unzip the files into
a temporary directory, then copy the files to the
appropriate directory, replacing your old files.
7. Before performing any scans, shut down your
computer, wait a few seconds, and turn it on again.
If you need additional assistance with downloading,
contact McAfee Download Support at (408) 988-3832.
______________
CONTACT McAFEE
* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *
Contact McAfee's Customer Care department:
1. Call (408) 988-3832
Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
2. Fax (408) 970-9727
24-hour, Group III Fax
3. Fax-back automated response system (408) 988-3034
24-hour fax
Send correspondence to any of the following McAfee locations:
McAfee Corporate Headquarters
2710 Walsh Avenue
Santa Clara, CA 95051-0963
McAfee East Coast Office
Jerral West Center
766 Shrewsbury Avenue
Tinton Falls, NJ 07724-3298
McAfee Central Office
5944 Luther Lane, Suite 117
Dallas, TX 75225
McAfee Canada
178 Main Street
Unionville, Ontario
Canada L2R 2G9
McAfee Europe B.V.
Orlyplein 81 - Busitel 1
1043 DS Amsterdam
The Netherlands
McAfee (UK) Ltd.
Hayley House, London Road
Bracknell, Berkshire RG12 2TH
United Kingdom
McAfee France S.A.
50 rue de Londres
75008 Paris
France
McAfee Deutschland GmbH
Industriestrasse 1
D-82110 Germering
Germany
Or, you can receive online assistance through any of the
following resources:
1. Bulletin Board System: (408) 988-4004
24-hour US Robotics HST DS
2. Internet e-mail: support@mcafee.com
3. Internet FTP: ftp.mcafee.com or 205.227.129.70
4. World Wide Web: http://www.mcafee.com or 205.227.129.97
5. America Online: keyword MCAFEE
6. CompuServe: GO MCAFEE
7. The Microsoft Network: GO MCAFEE
Before contacting McAfee, please make note of the
following information. When sending correspondence,
please include the same details.
- Program name and version number
- Type and brand of your computer, hard drive, and any
peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and
system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where
applicable
- Relevant browsers/applications and version number,
where applicable
- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand
- Your contact information: voice, fax, and e-mail
Other general feedback is also appreciated.
* FOR ON-SITE TRAINING INFORMATION *
Contact McAfee Customer Service at (800) 338-8754.
* FOR PRODUCT UPGRADES *
To make it easier for you to receive and use McAfee's
products, we have established an Agents program to
provide service, sales, and support for our products
worldwide. For a listing of agents, see the file
AGENTS.TXT, where applicable, or contact McAfee
Customer Service for agents near you.