What's New in VirusScan for Windows 3.1x v3.0.1 (3000) Copyright 1994-1997 by McAfee, Inc. All Rights Reserved.

Thank you for using McAfee's VirusScan for Windows 3.1x. This What's New file contains important information regarding the current version of this product. It is highly recommended that you read the entire document. McAfee welcomes your comments and suggestions. Please use the information provided in this file to contact us. ___________________ WHAT'S IN THIS FILE New Features Known Issues Installation Documentation Frequently Asked Questions Contact McAfee

____________ NEW FEATURES 1. VirusScan for Windows 3.1x now provides the exceptional virus detection rates and fast scanning performance of the 3.0 engine series. VirusScan version 3.0 offers users maximum defense against the newest threats to data. VirusScan 3.0 detects all virus types including Word and Excel macros, boot-sector infections, file infections, multi-partite, stealth, polymorphic and encrypted viruses. 2. VirusScan for Windows 3.1x now offers an Emergency Disk creation utility. With this utility, you can create an Emergency Disk during and after VirusScan installation with your own high density floppy disk. This disk is an important part of a complete security program. McAfee Documentation installer is now included on the VirusScan CD. The McAfee Documentation installer can automatically install electronic documentation for your VirusScan product to a hard drive on your system. Once installed, the documents for your VirusScan product will be a mouse click away, in the same Start menu program group as the other VirusScan components. For more information on the McAfee Documentation installer, see the Frequently Asked Questions listed below. 4. 5. VirusScan supports Microsoft Office97. VirusScan for Windows 3.1x now implements VShield as a virtual device driver (VxD). This will replace the VShield Terminate and Stay Resident (TSR) in Windows,


enhancing features and reducing the memory footprint. VShield operates directly in the Windows environment, no longer relying on a DOS TSR. VShield's VxD is a filter used to prevent the spread or activation of Macro viruses attempting to replicate within Windows applications, such as Microsoft Word for Windows. * ENHANCEMENTS * 1. When a virus is found, VShield's VxD can prompt the user for action or automatically repair, quarantine, deny access to, or delete infected files. McAfee's VShield VxD allows the user to configure when to conduct a scan (for example: on file run, copy, create, or rename; on floppy disk access) and which files to include. During installation, the DOS scanner provides the user with the options of scanning the drive at boot up and appending the installed directory to the path. During installation, the option of loading VShield into memory upon starting Windows is provided to the user. Significantly increased Master Boot Record and Boot Sector virus detection and removal. New and improved polymorphic detection. VirusScan now detects and removes the LAROUX Excel macro virus.



4. 5. 6. 7.

* NEW VIRUSES DETECTED * This DAT file (3000) detects and removes an additional 2000 viruses. The Macro viruses listed below are detected and removed with this DAT file. New Macro viruses detected and removed: ABC.A ALIEN (.A-.B) ALLIANCE.A ANTICONCEPT.A APPDER.A ATOM (.A-.H) BADBOY (.A-.B) BALU.A BANDUNG (.A-.J) BIRTHDAY.A BOOM.A BEURO.A CEEFOUR.A


RATS (.A-.C) REFLEX.A SATANIC.A SAVER.A SHOWOFF (.A-.E) SMILEY (.A-.B) SPOOKY.A STRYX.A SWITCHES TROJAN TARGET.B TEDIOUS.A TELE.A THEATRE (.A-.C) TWISTER.A TWNO (.A-.F, .H) TWOLINES.A WAZZU (over 40) WEATHER (.A-.C) WIEDEROFFEN TROJAN XENIXOS (.A-.B) New Excel viruses detected and removed: DELTA (.A-.B) DMV.A LAROUX (.A-.B) LEGEND.A ROBOCOP.A SOFA.A YOHIMBE.A * ISSUES ADDRESSED IN THIS RELEASE * 1. The VShield TSR Awareness feature has been temporarily removed from VirusScan due to reported issues regarding conflicts with other TSR programs. Reports of system lock-ups associated with this feature have been resolved. The VShield TSR Awareness feature will be enhanced and fully implemented in the next release of VirusScan.

____________ KNOWN ISSUES 1. After the Emergency Disk is created and you use the Enter key to continue VirusScan installation, you may be prompted again to insert a blank formatted diskette. Solution #1: Do not use the Enter key to continue the Emergency Disk creation after inserting the first disk. Use the Space Bar or the mouse button instead. Solution #2: When you are prompted to insert another blank formatted diskette, click OK. You will be asked if you want to overwrite the information on the disk. Click No. 2. If a write-protected diskette is used during Emergency

Disk creation while installing VirusScan, the utility will return an error message and no Emergency Disk will be created. This issue is with Windows 3.1 only. You can create an Emergency Disk after installation by clicking on the Emergency Disk Creation Utility icon in your McAfee VirusScan program group. 3. If Move Infected File is selected on the Actions page, infected files will be moved to the directory specified. However, if the Windows Copy command fails during this procedure, a zero byte file size stamp may be left in the destination directory when carrying out the Copy command. If using NetX drivers to connect to 3.x Netware servers, carrying out applications located on the server may result in a Windows' sharing violation message during a VShield file scan. Solution: To avoid the Window's sharing violation message, add the following line to the default.vsh file under the General section: bUsingNetx=1 Or, change the application executed from the server to Read Only. ____________ INSTALLATION * INSTALLING THE PRODUCT * If you would like to perform a "silent" installation of VirusScan, requiring minimal user interaction and using all default or "Typical" installation settings, add -s (i.e. SETUP.EXE -s) to the setup command when you install the product. Network Administrators can customize the silent installation feature by following the steps outlined below. 1. Check in the Windows directory to ensure that a file named SETUP.ISS does not already exist. If it does, rename it, back it up, or delete it. Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r). Select the components you would like to be installed during the silent installation. All responses will be recorded. Finish the installation, and locate the file SETUP.ISS in the Windows directory. Locate the section [SdSetupType-0] in the SETUP.ISS


2. 3.

4. 5.

file and go to the line: Result=x where x is equal to 301 (Typical installation) 302 (Compact installation) 303 (Custom installation) 6. Add 100 to the above value, so that the Result variable is equal to 401, 402, or 403. Modifying this file will allow the installation to copy the VirusScan files to the drive where the operating system resides instead of defaulting to the C: drive. For CD-ROM or diskette versions of the product, you must copy the installation files onto the hard drive before taking this step. Copy the new SETUP.ISS from the Windows directory to the location of the installation files.



9. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s). NOTE: If you do not specify a "recorded" answer for all dialog boxes during the initial installation, the silent installation will fail. Also, the file used for the silent installation, SETUP.ISS, may not work properly across different operating systems. NOTE: System Administrators can add win setup -s to SETUP.ISS to create a silent install. 10. When the silent installation is complete, you should reboot the machine manually. * PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS 3.1x * Files located in the Install directory: ======================================= 1. Installed for VShield/DOS/VirusScan: McAfee information = Virus clean definition data = Virus names definition data = Virus scan definition data = McAfee file validation program Windows Commander program Windows Commander configuration settings PACKING.LST = Packing list WHATSNEW.TXT = What's New document MCFDU.EXE = McAfee floppy disk utility (for Zenith machines only) README.1ST = CLEAN.DAT NAMES.DAT SCAN.DAT VALIDATE.EXE WCMDR.EXE = WCMDR.INI =


Installed for VShield: MCKRNL16.DLL = MCUTIL16.DLL = TABDLL11.DLL = VSHCFG16.EXE = VSHWIN.EXE = CHKVXD.EXE Tools library Run-time support library Properties dialog library VShield Configuration Manager VShield on-access engine = VShield virtual device driver checking utility VSHCFG16.HLP = Online help DEFAULT.VSH = Default VSH settings


Installed for DOS: EDISK16.EXE EDISK.SCR EDAT.1 EDAT.2 EDAT.3 GETREPLY.EXE SCAN.EXE = = = = = = = Emergency Disk creation utility Emergency Disk file Emergency Disk data file Emergency Disk data file Emergency Disk data file Emergency diskette program component MS-DOS scan program


Installed for VirusScan: WSCAN.EXE = VirusScan for Windows 3.1x ondemand scanner WSCAN.HLP = VirusScan for Windows 3.1x online help WSCAN.INI = VirusScan for Windows 3.1x configuration file PROFILE1.PRF = Sample WSCAN configuration profile PROFILE2.PRF = Sample WSCAN configuration profile

Files located in WINDOWS\SYSTEM directory: ========================================== 1. Installed for VShield/VirusScan: CTL3D.DLL = 16-bit 3D Windows controls library (*) CTL3DV2.DLL = 32-bit 3D Windows controls library (*) (*) File will be installed upon installation of VirusScan if it does not already exist, or if an older version is found. 2. Installed for VShield: MCFSHOOK.386 MCKRNL.386 MCSCAN32.386 MCUTIL.386 VSHIELD.386 = = = = = File system hook Scan engine device driver Scan engine device driver Utility device driver VShield device driver

* INSTALLING THE PRODUCT * If you have not already installed the product, create a folder and copy the files to it. When the installation is complete, it is recommended that you restart your system. * TESTING YOUR INSTALLATION * The Eicar Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to come up with one standard by which customers can verify their anti-virus installations. To test your installation, copy the following line into its own file and name it EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* When done, you will have a 69 or 70 byte file. When VirusScan is applied to this file, Scan will report finding the EICAR-STANDARD-AV-TEST-FILE virus. It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that their installations function correctly. The anti-virus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need. Please delete the file when installation testing is completed so unsuspecting users are not unnecessarily alarmed. _____________ DOCUMENTATION For more information, refer to the User's Guide, included on the CD-ROM versions of this program or available from McAfee's BBS and FTP site. This file is in Adobe Acrobat Portable Document Format (.PDF) and can be viewed using Adobe Acrobat Reader. This form of electronic documentation includes hypertext links and easy navigation to assist you in finding answers to questions about your McAfee product. Adobe Acrobat Reader is available on CD-ROM in the ACROREAD subdirectory. Adobe Acrobat Reader also can be downloaded from the World Wide Web at: http://www.adobe.com/Acrobat/readstep.html VirusScan documentation can be downloaded from McAfee's BBS or the World Wide Web at: http://www.McAfee.com or

For more information on viruses and virus prevention, see the McAfee Virus Information Library, included on the CD-ROM version of this product or available from McAfee's BBS and FTP site. A ViaGraphix Interactive Anti-virus Training program also is available on the CD-ROM version, or can be purchased from the McAfee Web Site. __________________________ FREQUENTLY ASKED QUESTIONS Regularly updated lists of frequently asked questions about McAfee products also are available on McAfee's BBS, website, and CompuServe and AOL forums. Q: A: How do I install McAfee Documentation installer? You can install McAfee Documentation installer directly from the VirusScan CD by running SETUP.EXE from the Manuals directory. How do I enable McAfee's Centralized Alerting and Reporting? VirusScan now supports Centralized Alerting and Reporting to a remote NetWare or Windows NT server running NetShield v2.5.3 or later for Windows NT or NetShield v2.3.3 or later for NetWare. To set up this option on your VirusScan client, modify VirusScan's DEFAULT.VSH, and/or your custom settings file to read the following: Note: Administrators will need to configure the WSCAN.INI and/or DEFAULT.VSH file for complete Centralized Alerting & Reporting. Add the following lines to the WSCAN.INI file under AlertOptions: PS_S_NETWORKALERTPATH=<UNC or NetWorkAlertPath> PS_O_ALERT=1 Add the following lines to the DEFAULT.VSH file under AlertOptions: szNetworkAlertPath=<UNC or NetWorkAlertPath> bNetworkAlert=1 Where the <UNC or NetWorkAlertPath> is the path to the remote NetWare volume or NT directory. From this directory, NetShield can broadcast or compile the alerts and reports according to its established configuration. NOTE: The client must have write access to this

Q: A:

<UNC or NetWorkAlertPath> location and the directory must contain the NetShield-supplied CENTALRT.TXT file. To send a complete alerting file identifying the system user, establish the following environment variables or add them to the AUTOEXEC.BAT file. Set COMPUTERNAME=<name of computer> Set USERNAME=<user name> The alert file sent to the server is an .alr text file. Upon receipt of the alert file, NetShield NT or NetShield for NetWare sends an alert message to an administrator and/or appropriate personnel. Q: A: How can I create an Emergency Disk after VirusScan installation? You can create an Emergency Disk after installation by clicking on the Emergency Disk Creation Utility icon in your McAfee VirusScan program group. When I have an infected file, why does the infected counter increase by increments greater than one? The file system will typically access a file more than once. On each access, VirusScan scans the file and detects the infection. Does VShield detect Word Macro infections? Yes. VShield detects and cleans Word Macro infections. Can I update VirusScan's data files to detect new viruses? Yes. If you have Internet access, you can download updated VirusScan data files from the McAfee Web Site, BBS, or other online resources. To download from the McAfee Web Site, follow these steps: 1. 2. 3. 4. Go to the McAfee Web Site (http://www.mcafee.com or Select Update DAT File in the left hand column or frame. Scroll down, and click Update Your DAT Files to update your virus definition files. Data file updates are stored in a compressed form to reduce transmission time. Unzip the files into a temporary directory, then copy the files to the



Q: A: Q: A:

appropriate directory, replacing your old files. 5. Before performing any scans, shut down your computer, wait a few seconds, and turn it on again.

If you need additional assistance with downloading, contact McAfee Download Support at (408) 988-3832. ______________ CONTACT McAFEE * FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS * Contact McAfee's Customer Care department: 1. Corporate-licensed customers, call (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time Retail-licensed customers, call (972) 278-6100 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. 3. Fax (408) 970-9727 24-hour, Group III fax Fax-back automated response system (408) 988-3034 24-hour fax

Send correspondence to any of the following McAfee locations. McAfee Corporate Headquarters 2710 Walsh Avenue Santa Clara, CA 95051-0963 McAfee East Coast Office Jerral Center West 766 Shrewsbury Avenue Tinton Falls, NJ 07724-3298 McAfee Central Office 4099 McEwen Suites 500 and 700 Dallas, TX 75244 McAfee Canada 139 Main Street Suite 201 Unionville, Ontario Canada L3R2G6 McAfee Europe B.V. Gatwickstraat 25 1043 GL Amsterdam The Netherlands McAfee (UK) Ltd. Hayley House, London Road Bracknell, Berkshire RG12 2TH

United Kingdom McAfee France S.A. 50 rue de Londres 75008 Paris France McAfee Deutschland GmbH Industriestrasse 1 D-82110 Germering Germany McAfee Japan KK 4F Toranomon Mori bldg. 33 3-8-21 Toranomon Minato-Ku Tokyo, 105 Japan Or, you can receive online assistance through any of the following resources: 1. 2. 3. 4. 5. 6. 7. Bulletin Board System: (408) 988-4004 24-hour US Robotics HST DS Internet e-mail: support@mcafee.com Internet FTP: ftp.mcafee.com or World Wide Web: http://www.mcafee.com or America Online: keyword MCAFEE CompuServe: GO MCAFEE The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the following information. When sending correspondence, please include the same details. - Program name and version number - Type and brand of your computer, hard drive, and any peripherals - Operating system type and version - Network name, operating system, and version - Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN script - Microsoft service pack, where applicable - Network card installed, where applicable - Modem manufacturer, model, and baud, where applicable - Relevant browsers/applications and version number, where applicable - Problem - Specific scenario where problem occurs

- Conditions required to reproduce problem - Statement of whether problem is reproducible on demand - Your contact information: voice, fax, and e-mail Other general feedback is also appreciated. Documentation feedback is welcome. Send e-mail to documentation@cc.mcafee.com. * FOR ON-SITE TRAINING INFORMATION * Contact McAfee Customer Service at (800) 338-8754. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use McAfee's products, we have established an Agents program to provide service, sales, and support for our products worldwide. For a listing of McAfee agents near you, click Contact McAfee under the Information section on the McAfee website. * MCAFEE BETA SITE * Get pre-release software, including DAT files, through http://beta.mcafee.com/public/datafiles. You will have access to Public Beta and External Test Areas. Your feedback CAN make a difference.

Sign up to vote on this title
UsefulNot useful