You are on page 1of 13

What's New in VirusScan for Windows 3.1x v3.0.

1 (3000)
Copyright 1994-1997 by McAfee, Inc.
All Rights Reserved.

Thank you for using McAfee's VirusScan for Windows 3.1x.


This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please use


the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation
- Documentation
- Frequently Asked Questions
- Contact McAfee

____________
NEW FEATURES

1. VirusScan for Windows 3.1x now provides the exceptional


virus detection rates and fast scanning performance of
the 3.0 engine series.

VirusScan version 3.0 offers users maximum defense


against the newest threats to data. VirusScan 3.0
detects all virus types including Word and Excel macros,
boot-sector infections, file infections, multi-partite,
stealth, polymorphic and encrypted viruses.

2. VirusScan for Windows 3.1x now offers an Emergency Disk


creation utility. With this utility, you can create an
Emergency Disk during and after VirusScan installation
with your own high density floppy disk. This disk is an
important part of a complete security program.

3. McAfee Documentation installer is now included on the


VirusScan CD. The McAfee Documentation installer can
automatically install electronic documentation for your
VirusScan product to a hard drive on your system.

Once installed, the documents for your VirusScan product


will be a mouse click away, in the same Start menu
program group as the other VirusScan components. For
more information on the McAfee Documentation installer,
see the Frequently Asked Questions listed below.

4. VirusScan supports Microsoft Office97.

5. VirusScan for Windows 3.1x now implements VShield


as a virtual device driver (VxD). This will replace the
VShield Terminate and Stay Resident (TSR) in Windows,
enhancing features and reducing the memory footprint.
VShield operates directly in the Windows environment, no
longer relying on a DOS TSR.

VShield's VxD is a filter used to prevent the spread


or activation of Macro viruses attempting to replicate
within Windows applications, such as Microsoft Word
for Windows.

* ENHANCEMENTS *

1. When a virus is found, VShield's VxD can prompt


the user for action or automatically repair,
quarantine, deny access to, or delete infected files.

2. McAfee's VShield VxD allows the user to configure when


to conduct a scan (for example: on file run, copy,
create, or rename; on floppy disk access) and which
files to include.

3. During installation, the DOS scanner provides the


user with the options of scanning the drive at boot up
and appending the installed directory to the path.

4. During installation, the option of loading VShield into


memory upon starting Windows is provided to the user.

5. Significantly increased Master Boot Record and


Boot Sector virus detection and removal.

6. New and improved polymorphic detection.

7. VirusScan now detects and removes the LAROUX Excel macro


virus.

* NEW VIRUSES DETECTED *

This DAT file (3000) detects and removes an additional


2000 viruses. The Macro viruses listed below are detected
and removed with this DAT file.

New Macro viruses detected and removed:

ABC.A
ALIEN (.A-.B)
ALLIANCE.A
ANTICONCEPT.A
APPDER.A
ATOM (.A-.H)
BADBOY (.A-.B)
BALU.A
BANDUNG (.A-.J)
BIRTHDAY.A
BOOM.A
BEURO.A
CEEFOUR.A
CHAOS.A
CLOCK (.A-.D)
COLORS (.A-.J)
CONCEPT (.A-.N, .P, .S-.Z)
COUNT10 (.A-.B)
DANIEL (.A-.C)
DARK.A
DATE.A
DIETZEL.A
DIVINA (.A-.D)
DMV (.A-.B)
DOGGIE.A
DZT.A
EASY.A
EPIDEMIC.A
FORMATC TROJAN
FRIDAY.A
FRIENDLY.A
FURY.A
GANGSTERZ.A
GOLDFISH.A
HASSLE.A
HELLGATE.A
HELPER.A
HOT.A
HYBRID.A
IMPOSTER (.A-.B)
IRISH (.A-.C)
ITALIAN.A
JOHNNY (.A-.B)
KILLDLL.A
KILLPROT.A
KOMPU.A
LAROUX
LOOK (.A-.C)
LUNCH (.A-.B)
MADDOG (.A-.B)
MAGNUM.A
MDMA (.A-.E, .G)
MINIMAL (.A-.B)
MVDK1 (Macro Virus Development Kits; .A-.B)
NF.A
NICEDAY (.A-.B)
NIKI.A
NIKITA.A
NJ-CVK2 (Another Development Kit; .A-.B)
NJ-DLK1A (.A-.D)
NOMVIR (.A-.B)
NOP (.A,.B,.D)
NPAD (.A-.O)
NUCLEAR (.A-.E)
OLYMPIC (.A-.B)
OUTLAW (.A-.C)
PAPER.A
PHANTOM.A
PHARDERA (.A-.B)
POLITE.A
RAPI (.A-.H, .A1, .A2, .B1, .B2, ...)
RATS (.A-.C)
REFLEX.A
SATANIC.A
SAVER.A
SHOWOFF (.A-.E)
SMILEY (.A-.B)
SPOOKY.A
STRYX.A
SWITCHES TROJAN
TARGET.B
TEDIOUS.A
TELE.A
THEATRE (.A-.C)
TWISTER.A
TWNO (.A-.F, .H)
TWOLINES.A
WAZZU (over 40)
WEATHER (.A-.C)
WIEDEROFFEN TROJAN
XENIXOS (.A-.B)

New Excel viruses detected and removed:

DELTA (.A-.B)
DMV.A
LAROUX (.A-.B)
LEGEND.A
ROBOCOP.A
SOFA.A
YOHIMBE.A

* ISSUES ADDRESSED IN THIS RELEASE *

1. The VShield TSR Awareness feature has been temporarily


removed from VirusScan due to reported issues regarding
conflicts with other TSR programs. Reports of system
lock-ups associated with this feature have been resolved.
The VShield TSR Awareness feature will be enhanced and
fully implemented in the next release of VirusScan.

____________
KNOWN ISSUES

1. After the Emergency Disk is created and you use the


Enter key to continue VirusScan installation, you may
be prompted again to insert a blank formatted diskette.

Solution #1: Do not use the Enter key to continue the


Emergency Disk creation after inserting the first disk.
Use the Space Bar or the mouse button instead.

Solution #2: When you are prompted to insert another


blank formatted diskette, click OK. You will be asked
if you want to overwrite the information on the disk.
Click No.

2. If a write-protected diskette is used during Emergency


Disk creation while installing VirusScan, the utility
will return an error message and no Emergency Disk will
be created. This issue is with Windows 3.1 only.

You can create an Emergency Disk after installation by


clicking on the Emergency Disk Creation Utility icon in
your McAfee VirusScan program group.

3. If Move Infected File is selected on the Actions page,


infected files will be moved to the directory specified.
However, if the Windows Copy command fails during this
procedure, a zero byte file size stamp may be left in
the destination directory when carrying out the Copy
command.

4. If using NetX drivers to connect to 3.x Netware servers,


carrying out applications located on the server may
result in a Windows' sharing violation message during a
VShield file scan.

Solution: To avoid the Window's sharing violation


message, add the following line to the default.vsh file
under the General section:

bUsingNetx=1

Or, change the application executed from the server to


Read Only.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

If you would like to perform a "silent" installation


of VirusScan, requiring minimal user interaction and
using all default or "Typical" installation settings,
add -s (i.e. SETUP.EXE -s) to the setup command when
you install the product.

Network Administrators can customize the silent


installation feature by following the steps outlined
below.

1. Check in the Windows directory to ensure that a


file named SETUP.ISS does not already exist. If it
does, rename it, back it up, or delete it.

2. Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).

3. Select the components you would like to be installed


during the silent installation. All responses will
be recorded.

4. Finish the installation, and locate the file SETUP.ISS


in the Windows directory.

5. Locate the section [SdSetupType-0] in the SETUP.ISS


file and go to the line:

Result=x

where x is equal to
301 (Typical installation)
302 (Compact installation)
303 (Custom installation)

6. Add 100 to the above value, so that the Result


variable is equal to 401, 402, or 403. Modifying
this file will allow the installation to copy the
VirusScan files to the drive where the operating
system resides instead of defaulting to the C:
drive.

7. For CD-ROM or diskette versions of the product, you


must copy the installation files onto the hard drive
before taking this step.

8. Copy the new SETUP.ISS from the Windows directory


to the location of the installation files.

9. Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

NOTE: If you do not specify a "recorded" answer for


all dialog boxes during the initial installation, the
silent installation will fail. Also, the file used
for the silent installation, SETUP.ISS, may not work
properly across different operating systems.

NOTE: System Administrators can add win setup -s


to SETUP.ISS to create a silent install.

10. When the silent installation is complete, you should


reboot the machine manually.

* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS 3.1x *

Files located in the Install directory:


=======================================

1. Installed for VShield/DOS/VirusScan:

README.1ST = McAfee information


CLEAN.DAT = Virus clean definition data
NAMES.DAT = Virus names definition data
SCAN.DAT = Virus scan definition data
VALIDATE.EXE = McAfee file validation program
WCMDR.EXE = Windows Commander program
WCMDR.INI = Windows Commander configuration
settings
PACKING.LST = Packing list
WHATSNEW.TXT = What's New document
MCFDU.EXE = McAfee floppy disk utility (for Zenith
machines only)
2. Installed for VShield:

MCKRNL16.DLL = Tools library


MCUTIL16.DLL = Run-time support library
TABDLL11.DLL = Properties dialog library
VSHCFG16.EXE = VShield Configuration Manager
VSHWIN.EXE = VShield on-access engine
CHKVXD.EXE = VShield virtual device driver
checking utility
VSHCFG16.HLP = Online help
DEFAULT.VSH = Default VSH settings

3. Installed for DOS:

EDISK16.EXE = Emergency Disk creation utility


EDISK.SCR = Emergency Disk file
EDAT.1 = Emergency Disk data file
EDAT.2 = Emergency Disk data file
EDAT.3 = Emergency Disk data file
GETREPLY.EXE = Emergency diskette program component
SCAN.EXE = MS-DOS scan program

4. Installed for VirusScan:

WSCAN.EXE = VirusScan for Windows 3.1x on-


demand scanner
WSCAN.HLP = VirusScan for Windows 3.1x online
help
WSCAN.INI = VirusScan for Windows 3.1x config-
uration file
PROFILE1.PRF = Sample WSCAN configuration profile
PROFILE2.PRF = Sample WSCAN configuration profile

Files located in WINDOWS\SYSTEM directory:


==========================================

1. Installed for VShield/VirusScan:

CTL3D.DLL = 16-bit 3D Windows controls


library (*)
CTL3DV2.DLL = 32-bit 3D Windows controls
library (*)

(*) File will be installed upon installation of VirusScan


if it does not already exist, or if an older version
is found.

2. Installed for VShield:

MCFSHOOK.386 = File system hook


MCKRNL.386 = Scan engine device driver
MCSCAN32.386 = Scan engine device driver
MCUTIL.386 = Utility device driver
VSHIELD.386 = VShield device driver
* INSTALLING THE PRODUCT *

If you have not already installed the product,


create a folder and copy the files to it.

When the installation is complete, it is recommended


that you restart your system.

* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined effort


by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installations. To test your installation, copy the following
line into its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69 or 70 byte file.

When VirusScan is applied to this file, Scan will report


finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS. However,


users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.

Please delete the file when installation testing is


completed so unsuspecting users are not unnecessarily
alarmed.

_____________
DOCUMENTATION

For more information, refer to the User's Guide, included


on the CD-ROM versions of this program or available
from McAfee's BBS and FTP site. This file is in Adobe
Acrobat Portable Document Format (.PDF) and can be viewed
using Adobe Acrobat Reader. This form of electronic
documentation includes hypertext links and easy navigation
to assist you in finding answers to questions about your
McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the ACROREAD


subdirectory. Adobe Acrobat Reader also can be downloaded
from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's BBS


or the World Wide Web at:

http://www.McAfee.com or 205.227.129.164
For more information on viruses and virus prevention,
see the McAfee Virus Information Library, included on
the CD-ROM version of this product or available from
McAfee's BBS and FTP site. A ViaGraphix Interactive
Anti-virus Training program also is available on the
CD-ROM version, or can be purchased from the McAfee
Web Site.

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions


about McAfee products also are available on McAfee's
BBS, website, and CompuServe and AOL forums.

Q: How do I install McAfee Documentation installer?

A: You can install McAfee Documentation installer directly


from the VirusScan CD by running SETUP.EXE from the
Manuals directory.

Q: How do I enable McAfee's Centralized Alerting and


Reporting?

A: VirusScan now supports Centralized Alerting and


Reporting to a remote NetWare or Windows NT server
running NetShield v2.5.3 or later for Windows NT or
NetShield v2.3.3 or later for NetWare.

To set up this option on your VirusScan client, modify


VirusScan's DEFAULT.VSH, and/or your custom settings
file to read the following:

Note: Administrators will need to configure the


WSCAN.INI and/or DEFAULT.VSH file for complete
Centralized Alerting & Reporting.

Add the following lines to the WSCAN.INI file under


AlertOptions:

PS_S_NETWORKALERTPATH=<UNC or NetWorkAlertPath>
PS_O_ALERT=1

Add the following lines to the DEFAULT.VSH file under


AlertOptions:

szNetworkAlertPath=<UNC or NetWorkAlertPath>
bNetworkAlert=1

Where the <UNC or NetWorkAlertPath> is the path to the


remote NetWare volume or NT directory. From this
directory, NetShield can broadcast or compile the alerts
and reports according to its established configuration.

NOTE: The client must have write access to this


<UNC or NetWorkAlertPath> location and the directory
must contain the NetShield-supplied CENTALRT.TXT file.

To send a complete alerting file identifying the


system user, establish the following environment
variables or add them to the AUTOEXEC.BAT file.

Set COMPUTERNAME=<name of computer>


Set USERNAME=<user name>

The alert file sent to the server is an .alr text


file. Upon receipt of the alert file, NetShield NT or
NetShield for NetWare sends an alert message to an
administrator and/or appropriate personnel.

Q: How can I create an Emergency Disk after VirusScan


installation?

A: You can create an Emergency Disk after installation


by clicking on the Emergency Disk Creation Utility icon
in your McAfee VirusScan program group.

Q: When I have an infected file, why does the


infected counter increase by increments greater
than one?

A: The file system will typically access a file more


than once. On each access, VirusScan scans the file
and detects the infection.

Q: Does VShield detect Word Macro infections?

A: Yes. VShield detects and cleans Word Macro infections.

Q: Can I update VirusScan's data files to detect


new viruses?

A: Yes. If you have Internet access, you can download


updated VirusScan data files from the McAfee Web
Site, BBS, or other online resources. To download
from the McAfee Web Site, follow these steps:

1. Go to the McAfee Web Site (http://www.mcafee.com


or 205.227.129.164.

2. Select Update DAT File in the left hand column


or frame.

3. Scroll down, and click Update Your DAT Files to


update your virus definition files.

4. Data file updates are stored in a compressed form


to reduce transmission time. Unzip the files into
a temporary directory, then copy the files to the
appropriate directory, replacing your old files.

5. Before performing any scans, shut down your


computer, wait a few seconds, and turn it on again.

If you need additional assistance with downloading,


contact McAfee Download Support at (408) 988-3832.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department:

1. Corporate-licensed customers, call (408) 988-3832


Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

Retail-licensed customers, call (972) 278-6100


Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2. Fax (408) 970-9727


24-hour, Group III fax

3. Fax-back automated response system (408) 988-3034


24-hour fax

Send correspondence to any of the following McAfee


locations.

McAfee Corporate Headquarters


2710 Walsh Avenue
Santa Clara, CA 95051-0963

McAfee East Coast Office


Jerral Center West
766 Shrewsbury Avenue
Tinton Falls, NJ 07724-3298

McAfee Central Office


4099 McEwen
Suites 500 and 700
Dallas, TX 75244

McAfee Canada
139 Main Street
Suite 201
Unionville, Ontario
Canada L3R2G6

McAfee Europe B.V.


Gatwickstraat 25
1043 GL Amsterdam
The Netherlands

McAfee (UK) Ltd.


Hayley House, London Road
Bracknell, Berkshire RG12 2TH
United Kingdom

McAfee France S.A.


50 rue de Londres
75008 Paris
France

McAfee Deutschland GmbH


Industriestrasse 1
D-82110 Germering
Germany

McAfee Japan KK
4F Toranomon Mori bldg. 33
3-8-21 Toranomon
Minato-Ku
Tokyo, 105
Japan

Or, you can receive online assistance through any of the


following resources:

1. Bulletin Board System: (408) 988-4004


24-hour US Robotics HST DS

2. Internet e-mail: support@mcafee.com

3. Internet FTP: ftp.mcafee.com or 205.227.129.168

4. World Wide Web: http://www.mcafee.com


or http://205.227.129.164

5. America Online: keyword MCAFEE

6. CompuServe: GO MCAFEE

7. The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the


following information. When sending correspondence,
please include the same details.

- Program name and version number


- Type and brand of your computer, hard drive, and any
peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and
system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where
applicable
- Relevant browsers/applications and version number,
where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.

Documentation feedback is welcome. Send e-mail to


documentation@cc.mcafee.com.

* FOR ON-SITE TRAINING INFORMATION *

Contact McAfee Customer Service at (800) 338-8754.

* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's


products, we have established an Agents program to
provide service, sales, and support for our products
worldwide. For a listing of McAfee agents near you, click
Contact McAfee under the Information section on the
McAfee website.

* MCAFEE BETA SITE *

Get pre-release software, including DAT files, through


http://beta.mcafee.com/public/datafiles. You will have
access to Public Beta and External Test Areas. Your
feedback CAN make a difference.