What's New in VirusScan for Windows NT Version 2.5.1 (9607)
               Copyright 1994-1996 by McAfee, Inc.
                      All Rights Reserved.


Thank you for using McAfee's VirusScan for Windows NT. 
This What's New file contains important information 
regarding the current version of this product. It is 
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please 
use the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation  
- Documentation
- Frequently Asked Questions   
- Contact McAfee

____________
NEW FEATURES

* ENHANCEMENTS *

1.  Added on-access floppy file scanning.
2.  Added on-access floppy boot record scanning.
3.  Added local hard-disk boot record scanning.
4.  To Scan32, added LocalDrives in the Scan In
    location to scan all local drives.
5.  To Scan32, added NetworkDrives in the Scan In
    location to scan all mapped network drives.
6.  To Scan32, added feature to automatically scan
    ZIP files if compressed files are selected and ZIP
    is not specified as an extension type.

* FIXES *

The following issues were resolved in this release:
1.  Lock up of WinWord DOC file.
2.  User login issues with PDC.
3.  AutoUpdate as a scheduled task.
4.  Missing months in schedule-time options.
5.  Multiple notifications on detection.
6.  Low-memory error conditions.
7.  Non-compatibility with NT Service Pack 4.

  
* NEW VIRUSES DETECTED *
 
This DAT file (9607) detects the 258 new viruses
listed below. In addition, locations that have
experienced problems with a particular virus are
identified.
 
_751
3DEVIL.A
3DEVIL.B
ACE.1872
AGA.3000
AHAV.336
AIDS.872
ALEVIRUS.690        (Brazil)
ALEVIRUS.1613       (Brazil)
ALFONS.1536
ANARKEY.475
ANDREW
AOS.833
AOS.847
AOS.854
ASMO.1800
AT.1648
ATC-321
AVATAR.POSITRON.512
BABOSE
BADTOWN.684
BADTOWN.687
BE.451.B
BIGDEATH.1153
BISHDKEY.4160 (*)
BISHK.319
BISHKEKE.4240 (*)
BISHOP.4240 (*)
BLACKTIDE.2419
BLAD.1015
BLTD.2419
BODY.884
BUGS.282
CEIB.4629
CHER.2266
CIVIL IV.586
CMOS_DEATH.B
COMPIAC.379
CONCEPT.E
CONJURER
CONZOULE.240
CORDOBES.3334       (Uruguay)
COSENZA.3205
CRAZYFROG.1477
CREEPER.252
CRITTER.1015
CROATIA.683
DARK_APOCALYPSE.1600.B
DARK_REVENGE.1024
DAYTON.792
DEADWIN.1228        (Bolivia)
DEDA.1000
DEI.1780
DELTA.1163          (Brazil)
DFLKFD
DIALOGOS.1350
DIALOGOS.1522
DONB.444
DRD-4634
DRUID.1888
DVA.445
DVA.749
EATRITCH.946
EI-CUAREIM.800
ENJOY
EPSILON.513
EUSK.811
EVC.161.D
EXORCIST.212
FINDME
FINPOLY.2368 (*)
FIZZLE.313
FLYING.633
GATE
GOSH.1831
GRREP
H8.1173
HARE.7610 (*)       (Internet)
HARE.7750 (*)       (Internet)
HARE.7786 (*)
HH
HI.680
HI.764
HI.802
HLLC.4528 (*)
HLLC.5000 (*)
HLLC.8224 (*)
HLLC.12573 (*)
HLLC.14880 (*)
HLLC.AIDS.8064 (*)
HLLC.BOLEK.8096 (*)
HLLC.CRAWEN.8306 (*) (Italy)
HLLC.CRAWEN.8516 (*)
HLLC.CUMULUS (*)
HLLC.EIB.5000 (*)
HLLC.ENRICO (*)
HLLC.EVEN.PC (*)
HLLC.EVENBEEP.B (*)
HLLC.KRAD.4658 (*)
HLLC.LANC.7376 (*)
HLLC.TREE2.14186 (*)
HLLC.VSW.5936 (*)
HLLC.WORM.16412 (*)
HLLC.XMAS.15264 (*)
HLLO.3008 (*)
HLLO.3855 (*)
HLLO.4032 (*)
HLLO.4317.B (*)
HLLO.4734 (*)
HLLO.4830 (*)
HLLO.5760 (*)
HLLO.6144 (*)
HLLO.BIG&FAT.6561 (*)
HLLO.CRASH.7227 (*)
HLLO.F-SOFT.3521 (*)
HLLO.FU.8608 (*)
HLLO.HEPATITUS (*)
HLLO.KAMIKAZE (*)
HLLO.TU.4752 (*)
HLLO.VSW.3836 (*)
HLLO.VSW.4017 (*)
HLLP.3678 (*)
HLLP.5792 (*)
HLLP.5824 (*)
HLLP.7408 (*)
HLLP.7529 (*)
HLLP.7808 (*)
HLLP.15392 (*)
HLLP.BDAAGWA.4984 (*)
HLLP.BISHKEK.4160 (*)
HLLP.BISHKEK.4240 (*)
HLLP.BWA.4984 (*)
HLLP.CEIB.4629 (*)
HLLP.CHSU.4484 (*)
HLLP.DUPALEC (*)
HLLP.KASIENKA.8192 (*)
HLLP.NOTFOUND.6176 (*)
HLLP.RANGEL.5000 (*)
HLLP.RUNNER.9312 (*)
HLLP.SAURON.4568 (*)
HLLP.SON.4731 (*)
HLLP.UPI.4641 (*)
HLLP.VOVA.12560 (*)
HORSA.1185
HUE.482
ID.248
IMI.1536.H
IMMORTAL.2185
IVP.667
I_LOVE_D.3618
JASI.666
JULY_29TH
JUNKIE.1308
KALN.3225
KALN.3612
KASIUNIA
KBWI.1349
KERS.923
KONKOOR.3072
KOSKO.313
KUNS.168
KWX.1458
LAB
LEATH
LEDA.820
LINC.196
LINC.307
LOSL.535
LYUBA.381
MAD.2631
MADMAX.507
MAR.1972.D
MARVIN
MARYR
MDMA                (Texas, Illinois, Georgia)
MESSAN.B
MG.500.C
MICROB.431
MIPT-PHYSTECH.2000
MIREA.703
MOJHOO.1405
MRTI.576
MTZ-PINK
NADO.LOVE.602
NADO.REDV.584
NE.10634            (Australia)
NEXIV
NICHOLS
NO5.1235
NUCLEAR.B
PC KNIGHT.2083      (Europe)
PCW                 (Europe)
PEMPE.1811          (France)
PHANTOM1 (*)
PIZELUN.3599
PMM.575
PRES.7760
PRIMUS.512
PRIMUS.528
PS-MPC.AOS
QRES.224
RADYUM.503
RENE.4509
RETALIATOR.1535.A
RETALIATOR.1535.B
RIOT.304
RIOT.IR8.928
RIOT.MARI.1125
ROMA
RUSSEL.3072
SANDRA.1809
SENORITA.885        (Europe)
SEPULTURA:MTE
SHIRE.117
SILLYC.96
SILLYC.115.B
SILLYC.186
SILLYC.208
SILLYC.228
SILLYC.710
SINAI.1208
SIRIUS.ALIVE.4000
SMEG.V0_3.DEMO.B
STEALTH.F
STONED.KILL
STRAT.486
STRIKE
SZATAN
TANKAR.236
TCHECHNYA.1919
TIMID.497
TORNADO.759
TPED.1760
TRIVIAL.35.B
TRIVIAL.44.D
TRIVIAL.86
TRIVIAL.963
TRIVIALSMEG
UFO.1468
UNGAME.823
UPI.4641
VCL.O.610
VIV 524
VOYAGER.1134
VOYAGER2.508
VSV.3836
VSW.3966
VSW.4017
VSW.5063
VSW.5176
VSW.5936
WASP.1312
WRLK.1672
ZIBBERT.1268        (Brazil)
ZNOS.1730
ZNOSK.509
ZYX.5739


* NEW VIRUSES REMOVED *
 
This DAT file (9607) removes the 35 viruses listed
below. In addition, locations that have experienced
problems with a particular virus are identified.

_751
ALEVIRUS.690        (Brazil)
ALEVIRUS.1613       (Brazil)
ALFONS.1344
CONCEPT.E           (Belgium)
DARK_REVENGE.1024
DEADWIN.1228        (Bolivia)
DELTA.1163          (Brazil)
DEMON3B.5610 (*)    (Europe)
DIGI.3547 (*)       (Czech Republic)
EPSILON.513
FITW.7924/7448 (*)  (Europe)
H8.1173
HARE.7610 (*)       (Internet)
HARE.7750 (*)       (Internet)
HARE.7786 (*)
HLLC.CRAWEN.8306    (Italy)
IMMORTAL.2185
KARNIVALI.1972      (US - East Coast)
LEDA.820
MDMA                (Texas, Illinois, Georgia)
NATAS.4926
NUCLEAR.B
PC KNIGHT.2083      (Europe)
PCW
PEMPE.1811          (France)
RUSSEL.3072 (*)
SILLYC.96
SILLYC.186
SILLYC.710
SIRIUS.ALIVE.4000
SKATER.819          (Australia)
VCL.O.702           (Internet)
VOYAGER.1134
ZIBBERT.1268        (Brazil)
(*) Requires DOS/Win 2.5.1 engine
  
____________              
KNOWN ISSUES

1.  When a macro virus is detected in conjunction with 
    other viruses, the macro virus remover will not work. 
    If you encounter this, remove the other virus first or 
    work in a separate area.

2.  Files with the "-" (dash) character in the filename 
    that are compressed in zipped files will not be scanned 
    by the on-demand scanner.

3.  VirusScan appears to continue scanning endlessly even
    after pressing the Stop button. If you encounter this 
    situation, simply move the VirusScan window in any 
    direction to reveal the DynaZip UnZip Error window 
    behind it. Then click OK, responding as requested by 
    the dialog box.

____________
INSTALLATION

* PRIMARY PROGRAM FILES FOR VIRUSSCAN NT *

Files located in the Install directory:
=======================================

1.  Installed for VirusScan\Alert Manager:

VALIDATE.EXE = Authenticity validation program
GTPGET.CMD = Automatic updating script

2.  Installed for VirusScan:

UINSTALL.EXE = Uninstall program
MCUINSTL.EXE = Uninstall program
VIRUSCAN.MIF = MIF file
DEFAULT.VSC = VirusScan95 default configuration settings
MCINST32.DLL = Library file
IMPTASK.EXE = Task import tool
IMPTASK.TXT = Task import README file
MCCONSOL.EXE = Console manager
SHSTAT.EXE = Shield status monitor program
SCNSTAT.EXE = MS-DOS scanning engine
SCNCFG32.EXE = VirusScan configuration module
SHCFG32.EXE = VirusScan configuration module
VIRLIST.EXE = Virus list
DPMI16.DLL = 16-bit DOS protected mode interface library        
DPMI32.DLL = 32-bit DOS protected mode interface library
MCKRNL95.DLL = Library files
MCUTIL95.DLL = Library files
SHUTILNT.DLL = Library files
MCKRNLNT.DLL = Library files
MCSCAN32.DLL = Library files
MCUTILNT.DLL = Library files
UPDATE.MSG = Update message file
README.1ST = McAfee information
RELNOTES.WRI = Release notes
WHATSNEW.TXT = What's New document
PACKING.LST = Packing list
VALIDATE.EXE = Authenticity validation program
SHIELD.HLP = Shield online help file
SHIELD.CNT = Shield online context-sensitive help file
MCCONSOL.HLP = Online help file
VIRUSCAN.HLP = VirusScan online help file
VIRUSCAN.CNT = VirusScan online context-sensitive help file
NAMES.DAT = Virus definition data
SCAN.DAT = Virus definition data
CLEAN.DAT = Virus definition data
VirusScan Activity Log.TXT = VirusScan activity log
Scan Activity Log.TXT = VirusScan activity log
MODEMS.TXT = Modem initialization strings
SAMPLE.CMD = Sample alert file
SETUP.INI = Sample SMS file
DUNZIP32.DLL = File decompression library
DZIP32.DLL = File decompression library
TASKMGR.EXE = Task managing service
SCAN32.EXE = VirusScan for Windows program

3.  Installed for the Alert Manager:

SHUTILNT.DLL = Library files 
MCUPDATE.EXE = Update module
AMGRCNFG.EXE = Alert manager configuration program
AMGRSRVC.EXE = Alert manager service program
MCALSNMP.DLL = Alert manager SNMP
POWERP32.DLL = Alert manager support module

Files located in the WINN35\SYSTEM32:
===================================== 

1.  Installed for the VirusScan\Alert Manager:
  
CTL3D32.DLL = 32-bit 3D Windows controls library (*)

(*) File will be installed upon installation of
    VirusScan if the file does not already exist,
    or if an older version is found.


Files located in WINNT35\SYSTEM32\DRIVERS:
========================================== 

1.  Installed for VirusScan:

MCFILTER.SYS = System files
MCFSREC.SYS = System files
MCKRNL.SYS = System files
MCSCAN.SYS = System files
MCUTIL.SYS = System files
MCSHIELD.SYS = System files

          
* INSTALLING THE PRODUCT *

Prior to installation, take the following steps:

1.  Uninstall any previous versions of VirusScan for
    Windows NT.
2.  Make sure you have Administrator rights for the server
    on which you are installing VirusScan.
3.  Run SETUP.EXE and follow the prompts.  If the NT server
    is a BDC, make sure to check the appropriate box when
    prompted.


* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined effort 
by anti-virus vendors throughout the world to come up with one 
standard by which customers can verify their anti-virus 
installations. To test your installation, copy the following 
line into its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69 or 70 byte file.

When VirusScan is applied to this file, Scan will report 
finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations 
function correctly. The anti-virus industry, through the 
European Institute for Computer Antivirus Research, has 
adopted this standard to facilitate this need.

Please delete the file when installation testing is 
completed so unsuspecting users are not unnecessarily 
alarmed.

_____________
DOCUMENTATION

For more information, refer to the VirusScan User's Guide,
included on the CD-ROM versions of this program or available 
from McAfee's BBS and FTP site. This file is in Adobe Acrobat 
Portable Document Format (.PDF) and can be viewed using Adobe 
Acrobat Reader. This form of electronic documentation includes 
hypertext links and easy navigation to assist you in finding 
answers to questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the ACROREAD
subdirectory. Adobe Acrobat Reader also can be downloaded 
from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's BBS
or the World Wide Web at:

http://www.McAfee.com.

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
 
Q:  How do I manually uninstall VirusScan for Windows
    NT?

A:  To uninstall, take the following steps:
    1. Close product dialog windows.
    2. Delete the installation directory.
    3. Delete the HKLM\Software\McAfee key in the
       registry.
    4. Reboot.
    5. Delete the six McAfee device driver (Mc*.*)
       in %SystemRoot%\system32\drivers.
              
Q:  Why do I get errors in my event viewer after
    installing Service Pack 3 or Service Pack 4?

A:  Service Pack 3 and Service Pack 4 involved a
    change to the HAL.DLL file that is used by McAfee's
    device drivers. If you are using VirusScan for
    Windows NT Version 2.5.0, completely uninstall,
    then install Version 2.5.1 or higher.
                     
Q:  Why do I get an error in MCINST32.DLL when I
    attempt to install VirusScan for Windows NT?

A:  VirusScan for Windows NT was designed for an i86
    processor only. This error is usually caused by an
    attempt to install to an Alpha AXP-based machine.
  
Q:  Does VirusScan for Windows NT support the Alpha
    AXP Chip?

A:  No. VirusScan for Windows NT was designed for an
    i86 processor only.
              
Q:  Is there a conflict with the Novell written client
    for NT?

A:  No. However, there are some timing issues that
    arise when VirusScan for Windows NT is installed.
    If it is absolutely necessary for you to use the
    Novell client, then change the account that both
    the McAfee Task Manager and the Alert Manager use
    to log in to "System".

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III Fax 
		
3.  Fax-back automated response system (408) 988-3034

Send correspondence to any of the following McAfee
locations:
	
    McAfee Corporate Headquarters		
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral West Center
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    5944 Luther Lane, Suite 117		
    Dallas, TX 75225				
						
    McAfee Canada
    178 Main Street
    Unionville, Ontario
    Canada L2R 2G9

    McAfee Europe B.V.			
    Orlyplein 81 - Busitel 1		
    1043 DS Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom  
                                           
    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet E-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.134

4.  World Wide Web: http://www.mcafee.com or 205.227.129.97

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the following 
information. When sending correspondence, please include 
the same details.
                   
- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and E-mail

Other general feedback is also appreciated.


* FOR ONSITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of agents, see the file 
AGENTS.TXT or contact McAfee Customer Service for
agents near you.