home *** CD-ROM | disk | FTP | other *** search
- VCOPY Version 0.5V74
- Copyright 1990, 1991 by McAfee Associates.
- All rights reserved.
- Documentation by Aryeh Goretsky
-
-
-
-
- McAfee Associates (408) 988-3832 office
- 4423 Cheeney Street (408) 970-9727 fax
- Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps
- U.S.A. (408) 988-5138 BBS HST 9600
- (408) 988-5190 BBS v32 9600
-
-
-
- TABLE OF CONTENTS
-
-
-
-
- SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . .2
- - What VCOPY is, system requirements
-
- AUTHENTICITY . . . . . . . . . . . . . . . . . . . . . . . . .2
- - Verifying the integrity of VCOPY
-
- WHAT'S NEW . . . . . . . . . . . . . . . . . . . . . . . . . .3
- - Features, new viruses added in this release
-
- OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . .4
- - Detailed description of VCOPY
-
- OPERATION. . . . . . . . . . . . . . . . . . . . . . . . . . .4
- - How to use VCOPY
-
- EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . .5
- - Samples of frequently-used options
-
- REGISTRATION . . . . . . . . . . . . . . . . . . . . . . . . .6
- - How to register VCOPY
-
- TECH SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . .6
- - Information you should have ready when calling
-
- VERSION NOTES. . . . . . . . . . . . . . . . . . . . . . . . .
- - Program history
- VCOPY Version 0.5V74 Page 2
-
-
- SYNOPSIS
-
- VCOPY is a replacement for the DOS COPY command for IBM PC and
- compatible machines. VCOPY will search a PC for known computer
- viruses in memory, then search the partition table and boot sector
- of the source and destination disks, in addition to the files being
- copied. This prevents viruses from entering your system and
- identifies infected diskettes. VCOPY functions identically to the
- MS-DOS 3.30 COPY command, with the exception of the COPY CON
- function. For a list of viruses detected by VCOPY see the
- accompanying VIRLIST.TXT file.
- VCOPY requires DOS 2.0 or above, and 256Kb of memory.
-
-
- AUTHENTICITY
-
- VCOPY does a self-test when executed. If VCOPY has been
- modified, a warning will be displayed. The program will still
- continue to check for viruses and copy files, though. If VCOPY
- reports that it has been damaged, a clean copy should be
- obtained.
- VCOPY is packaged with VALIDATE, a program to authenticate
- the VCOPY.EXE file. Refer to VALIDATE.DOC for instructions on
- how to use VALIDATE.
- The validation results for Version 74 should be:
-
- FILENAME: VCOPY.EXE
- SIZE: 47,829
- DATE: 02-14-1991
- FILE AUTHENTICATION
- Check Method 1: A4A8
- Check Method 2: 14B2
-
- If your VCOPY.EXE file differs, it has been changed. Always obtain
- your copy of VCOPY from a known source. The latest version of
- VCOPY and validation data for VCOPY.EXE can be obtained from
- McAfee Associates Bulletin Board at (408) 988-4004.
- Beginning with Version 72, all McAfee Associates programs for
- download are archived with PKWare's PKZIP Authentic File
- Verification. If you do not see the "-AV" message after every file
- is unzipped and receive the message "Authentic Files Verified!
- # NWN405 Zip Source: McAFEE ASSOCIATES" when you unzip the files
- then do not run them. If your version of PKUNZIP does not have
- verification ability, then this message may not be displayed.
- Please contact McAfee Associates if your .ZIP file has been
- tampered with.
- VCOPY Version 0.5V74 Page 3
-
-
- WHAT'S NEW
-
- Version 74 of VCOPY adds 51 new viruses, bringing the total
- number of known computer viruses to with 217 viruses, or counting
- strains, 475 viruses.
- The 1591 virus was sent to us from multiple sites in Quebec,
- Canada, Oslo, Norway, and the United States. It is a
- memory-resident file infector that attaches to .COM and .EXE files
- when a disk is accessed via internal DOS commands.
- The 903 virus was sent to us by Djennad Nasser from France.
- It is a .COM file infector.
- The Holocaust virus was sent to us by David Llamas of
- Barcelona, Spain. It is a .COM file infector that uses "stealth"
- type techniques.
- The BeBe, Kuka, Kuka/Turbo, Lozinsky, MGTU, Nina, Off Stealth,
- Polish-532, Sverdlov, Tiny-133, USSR-series, and Voronezh viruses
- were discovered in the Soviet Union and Eastern Europe and sent to
- us from numerous sources there and in Western Europe. They are not
- believed to exist in the West.
- The Christmas Violator, F-Word, Parity, Beeper, Best Wish,
- Leapfrog, Destructor, Happy New Year Hymm, Justice, Label, V961,
- Swiss-143, Sentinel, Plague, Monxla-B, Little Pieces, IKC528,
- Hybrid, Dir-Vir, Stone90, Saddam, and Iraqui Warrior viruses were
- sent to us from various sources around the globe.
- For more information about these viruses, please refer to the
- enclosed VIRLIST.TXT file
-
- VCOPY Version 0.5V74 Page 4
-
-
- OVERVIEW
-
- VCOPY is a replacement for the DOS COPY command that adds
- virus checking to the copying process. VCOPY checks the source and
- destination diskettes for boot sector and partition table viruses,
- as well as the files being copied for file-infecting viruses.
- VCOPY prevents infected viruses from entering your system and
- identifies infected disks during copying.
- VCOPY processes commands identically to the MS-DOS 3.30 COPY
- command. Refer to your MS-DOS 3.30 Users Guide for usage of the
- COPY command.
- When copying, VCOPY will search a PC for known computer
- viruses in memory, search the partition table and boot sector
- of the source and destination disks, and then the files being
- copied. If a virus is found, VCOPY will report which virus it has
- detected, and its location. VCOPY will check for viruses inside
- LZEXEd files. For a list of viruses intercepted by VCOPY, please
- refer to the accompanying VIRLIST.TXT file.
- If VCOPY finds a virus, a message will be displayed stating
- the name of the infected file and the virus infecting it. The user
- will be presented with the option to either skip the file, or copy
- it. If a virus is detected in an LZEXEd file, VCOPY will tell if
- the infection is internal or external to the file.
- If a virus is discovered, all media should be scanned for
- viruses with the VIRUSCAN program to determine the extent of the
- infection. The VIRUSCAN program, and its companion, the CLEAN-UP
- virus disinfection program, are available from McAfee Associates
- Bulletin Board at (408) 988-4004.
-
- NOTE: Due to the fact that VCOPY must check for viruses in
- addition to copying, it functions about 10% slower than the DOS
- COPY command, on the average.
-
-
- OPERATION
-
- VCOPY should be placed in your DOS directory or any other
- directory listed in your PATH statement. If you do not have a PATH
- statement, then place VCOPY in your DOS directory and add the line
-
- PATH=C:\name
-
- to your AUTOEXEC.BAT file. Replace "name" with the directory where
- all DOS commands are kept.
-
- To copy files using VCOPY type:
-
- VCOPY filespec1 filespec2 /E
-
-
- To concatenate (join) files using VCOPY type:
-
- VCOPY firstfile + lastfile sumfile /E
- VCOPY Version 0.5V74 Page 5
-
-
-
- Options are:
-
- /E - check all files be copied, regardless of extension.
- filespec1 - this is the source drive and path
- filespec2 - this is the destination drive and path
- firstfile - first file to concatenate
- lastfile - last file to concatenate
- sumfile - file created by concatenation of file1...file
-
- NOTE: The DOS COPY /A, /B, and /V flags are supported by VCOPY,
- refer to the DOS Users Manual for information on how to use them.
-
-
- EXAMPLES
-
- The following examples are shown as they would be typed in.
-
- VCOPY A:*.* C:\FRITZ
- To copy all files on drive A: to subdirectory FRITZ on drive
- C:
-
- VCOPY C:SMMRFELD\*.DOC A: /E
- To copy all files from subdir SMMRFELD with the extension .DOC
- to drive A:, checking them for viruses as they are copied.
-
- VCOPY VL199 + VL200 + VL201 C:\SCRATCH\MONKEY.BAK
- To join the files VL199, VL200, and VL201 as one file called
- MONKEY.BAK in subdirectory SCRATCH on drive C:
-
-
- REGISTRATION
-
- A registration fee of $15.00US is requested for the use of
- VIRUSCAN by individual home users. Registration is for one year
- and entitles the holder to unlimited free upgrades off of McAfee
- Associates BBS. Diskettes are not mailed unless requested. Add
- $9.00US for diskette mailings.
- Registration is for home users only and does not apply to
- businesses, corporations, organizations, government agencies, or
- schools, who must obtain a license for use. Contact McAfee
- Associates for more information.
- Outside of North America, registration and support may be
- obtained through the agents listed in the accompanying AGENTS.TXT
- text file.
- VCOPY Version 0.5V74 Page 6
-
-
- TECH SUPPORT
-
- In order to facilitate speedy and accurate support, please
- have the following information ready when you contact McAfee
- Associates:
-
- - Program name and version number.
-
- - Type and brand of computer, hard disk, plus any
- peripherals.
-
- - Version of DOS you are running, plus any TSRs or device
- drivers in use.
-
- - The exact problem you are having. Please be specific as
- possible. Having a print out of the screen and/or being
- at your computer will help also.
-
- McAfee Associates can be contacted by BBS or fax twenty-four hours
- a day, or call our business office at (408) 988-3832, Monday
- through Friday, 8:30AM to 6:00PM Pacific Standard Time.
-
- McAfee Associates (408) 988-3832 office
- 4423 Cheeney Street (408) 970-9727 fax
- Santa Clara, CA 95054-0253 (408) 988-4004 BBS 2400 bps
- U.S.A (408) 988-5138 BBS HST 9600
- (408) 988-5190 BBS v32 9600
-
- If you are overseas, the please refer to our AGENTS.TXT file for
- a listing of International Agents for McAfee Associates product
- support or sales.
-
-
- VERSION NOTES
-
- Version 72 of VCOPY adds four new viruses.
- The ZeroHunt virus was uploaded to Homebase BBS by Paul
- Ferguson of Washington, D.C., USA. It is a memory-resident
- infector that attaches itself to the stack space in .COM files.
- Since the virus is attaching itself inside a file, as opposed to
- adding itself to the beginning or end, the size of the file will
- not change.
- The Bloody! virus has been reported in Massachusetts, USA as
- well as Taiwan and Europe. It infects the boot sector of a floppy
- disk and the partition table of the hard disk. After approximately
- 128 reboots, the virus displays the message "Bloody! Jun. 4, 1989"
- which is the date of the Tiananmen Square Massacre in Beijing,
- China.
- The Jeff virus is a .COM file infector that destroys data by
- writing garbage to the hard disk. It contains the text "Jeff is
- visiting your hard disk."
- The Music Bug virus has been reported in Woodland Hills,
- California and Orlando, Florida as well as Taiwan. It infects the
- boot sector of a a floppy disk and the partition table of the hard
- disk. The Music Bug plays child nursery tunes after a specified
- time. It contains the text "MusicBug v1.06. MacroSoft Corp."
-