VIRUS BUSTER LITE USER MANUAL Contents 1. Using Virus Buster Lite 1.1 Starting 1.2 Installing 1.3 Command line switches 1.4 Sound Effects 1.5 Error messages 1.6 Examples of use 2. Copyright, Licence and disclaimer 3. Virus Buster - the big brother to Lite 4. C:CURE - hardware protection 5. Price list and ordering 5.1 Private, non commercial use 5.2 Commercial use 5.3 Educational use 5.4 How to order, Payment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Using Virus Buster Lite ========================== 1.1 Starting ------------ Virus Buster Lite is a virus signature scanner. See the section on Virus Buster for information on other types of anti-virus tools. Virus Buster Lite is designed to be fast and positive. Use it if you want a good fast signature scan for known viruses. 1.2 Installing -------------- Basically, just copy the files to a convenient location and then run the program. If you are installing the registered version, the first time you run it, it asks for a registration name. This name will be displayed at the bottom of the screen and "brands" the program as yours. You only need to enter the name once, Lite will remember it. You could use Virus Buster Lite in a number of ways, here are two. + As a daily scan across a hard disk Copy all files to new directory on your hard disk and add a command line to your AUTOEXEC.BAT. + As a scanner on a utility diskette Copy all files to a freshly formatted system diskette. To check a machine, boot from the floppy and then run the program. 1.3 Command line switches ------------------------- Virus Buster Lite is made to run as fast as possible, so the main program is simply called "V". This is the format of the command line: V [drive:directories_to_scan...] [options] If you run V without any switches it will scan the current directory and any subdirectories for files and then terminate. If an infection is detected it will ask you what you want to do about it. To get it to check another disk or directory, just specify it after the "V". If you ask it to scan a floppy it will automatically repeat the scan as you insert new diskettes. To scan multiple drives or directories, just specify them one after the other on the command line, with spaces between. E.G. "v c d e" will scan all drives C:,D: and E: "v c:\dos c:\windows" will scan directories DOS & WINDOWS on C: If you want it to do more than that here are the switches you can use. Option switches are in format "[[/O[+|-]][..]....]". So if you add a "+" after the switch it means turn it on, a "-" means turn it off. Options can be given in any order. Separation spaces are unnecessary. /A (default is ON) Automatically repeat scan for floppy diskettes. (You don't need to press a key to continue). /B (default is off) Use sound effects with the Sound Blaster SBTALKER driver loaded or the SPKDRV driver loaded. (see section 1.4). /C (default is off) Continuous scanning, if infections are found they are logged but you are not prompted to delete the infected files. /D (default is off) Delete all files found to be infected, without confirmation. /F (default is off) Send a full report to the log file. Clean files are noted as well as infections. /H (default is off) Run in hidden mode, with no screen display. Use this with the /S or /P switch to protect a machine without users knowing about it. /Jppp (default is use current directory) You can use this switch to specify where Lite's data files are. Normally these are located in the same directory as V.EXE and Lite will find them if they are there. But you might, for example, want to keep the data files in a safe area of a network drive. E.G. "v /jf:\secure\data\virusinf" /L (default is ON) Log infections to file V.LOG /R (default is ON) Do recursive scan into all subdirectories. /S (default is off) Stop scanning (hang the PC) if any infection is found. /Tppp (default is use current directory) You can use this switch to specify where Lite's log file goes to. Normally this is written to the same directory as V.EXE. But you might, for example, want to log the results to a network drive. E.G. "v /tf:\audit\virusinf\user23" /Nnnn (default is off) Stop scanning if no infection is found after "nnn" files have been scanned. /O Only scan the MBR, boot record and memory (no files). /Pppp (default is off) If an is infection found, hang until the user enters password "ppp". /8 On early revisions of the 80386 chip, there is an intermittent bug which causes divide by zero errors. If you have an old 386 and you get occasional crashes with an error "200", use the /8 switch to force Lite into 286 mode. (For techos, the CDQ instruction sometimes fails to clear the upper word of EDX, leading to an overflow when doing a division. Apart from checking each time to see if it has cleared , the only possible workaround is to avoid use of doubleword DIV.) 1.4 Sound Effects ----------------- Virus Buster Lite supports the use of a Sound Blaster card, or it can use the PC speaker to give similar (but lower quality) sound effects. The use of sound effects has been made an optional extra as it will use another 20 to 50K of memory, depending on the driver used. To use Virus Buster Lite with sound effects, the appropriate driver needs to be loaded. You can simply run VB.EXE instead of V.EXE and the driver will be located, loaded and unloaded for you. You use the same command line switches for VB as for V. If you normally have the Sound Blaster driver SBTALKER loaded, you don't need to run VB.EXE (although doing so should still work fine). You can instead just run V.EXE and add a "/B" to the command line. Note: If you have a Sound Blaster but VB doesn't use it check the following: In your AUTOEXEC.BAT you should have a line like: SET SOUND=C:\SB This points VB to the sound blaster directory. VB expects that there will be a subdirectory C:\SB\SBTALKER containing the files SBTALKER.EXE and BLASTER.DRV. If you have installed the SBTALKER into a different directory you should add the following line to your AUTOEXEC.BAT: SET TALKER=d:\your_directory If all else fails, you can load SBTALKER manually and then run V /B. 1.5 Error messages ------------------ If something goes wrong you should get an error message. The DOS errorlevel will also be set to >0 and can be trapped. The following are the most common errors. Checksum error in file The program self check has failed. The scanner may be itself infected or is damaged in some way and so scanning is aborted. Obtain a fresh copy of the program from a reliable source. Requires DOS 2.0 or above The program will not operate on DOS 1.x, you need to upgrade to a real version of DOS. Cannot allocate memory There is not enough memory to run the scanner. Try to allow the program more memory by unloading some TSRs, or use the registered version of the program. Boot record cannot be read The boot record of the disk may be invalid. Directory not found The directory to scan specified on the command line was not found. Check that it exists and try again. As each file is checked it will be tagged. These are the tags. OK - the file is clean. infected - the file contains a virus signature hidden - the file is clean but is marked as hidden Usually only a few system files are hidden. If you find many files hidden, be suspicious. bad .EXE - the file has a .EXE extension but the format is incorrect. bad .COM - the file has a .COM extension but the format is incorrect. bad .SYS - the file has a .SYS extension but the format is incorrect. bad open - a file open error occurred before reading the file. The file may be damaged or the disk may contain a bad sector. bad read - a disk read error occurred while reading the file. The file may be damaged or the disk may contain a bad sector. bad seek - a file seek error occurred while reading the file. The file may be damaged or the disk may contain a bad sector. bad close - a file close error occurred after reading the file. The file may be damaged or the disk may contain a bad sector. size = 0 - the file size is zero. Scanning not performed. 1.6 Examples of use ------------------- V - Scans the current directory and any subdirectories. If an infection is found you are asked if you want to delete or rename the file, or ignore the warning. V C - Scan the entire C: disk. V A - Scan the diskette in A:. As new diskettes are inserted they are automatically scanned. V D /h/s - Scan the entire D: disk. There is no screen display. If any infection is found the machine hangs. 2. Copyright, licence and disclaimer ==================================== 2.1 Copyright ------------- Virus Buster Lite is copyrighted software by Leprechaun Software Pty Ltd. All rights are reserved. 2.2 Distribution and usage -------------------------- You are hereby granted a licence to distribute this shareware version of Virus Buster Lite subject to the following conditions: The package must be distributed its complete and original form. Leprechaun Software accepts no responsibility in case the program malfunctions or fails to function. Leprechaun Software can never be held responsible for damage, directly or indirectly resulting from the use of the package. Using the program means that you agree to these conditions. 2.3 Disclaimer -------------- Leprechaun Software Pty Ltd, its Directors, employees, agents and representatives grant no warranties in respect to the software or the documentation and each specifically disclaims any implied warranties of merchantability or fitness for any purpose. Leprechaun Software reserves the right to modify the software and documentation at any time without obligation to notify anybody. 2.4 Trademarks -------------- Virus Buster Lite and Virus Buster are registered trademarks of Leprechaun Software Pty Ltd. 2.5 Registration ---------------- THIS IS NOT FREE SOFTWARE! If you paid a 'public domain' vendor for this program, you paid for the service of copying the program, and not for the program itself. As a private user, you may continue to use the shareware version indefinitely. You may elect to pay for an update version. Registration is automatic with an update. As a corporate or professional user, you are granted a licence to use the software for evaluation only. Continued use of the software in a non private environment without a licence is a violation of copyright. 3. Virus Buster - the big brother to Lite ========================================= Virus Buster is a commercial (but inexpensive) anti-virus package. Virus Buster has been commercially distributed for 6 years, making it one of the longest established packages in the business. Over that time it has established a number of worldwide firsts in anti-virus technology, including: + generic virus detection + generic virus removal + automatic removal of boot and MBR viruses + add your own virus cures + anti-stealth disk scanning + one-pass signature scanning Virus Buster Lite continues the list of firsts. The "engine" in Lite is the first in the world to provide "see-through" detection of highly polymorphic viruses, such as those that use the Mte and the Trident engines. Virus Buster version 4 also uses the new "see-through" engine. In addition, Virus Buster provides a host of other features, including: - signature and file integrity virus scans (detect all file changes, even change in location on disk!) - extended, expanded and upper memory scan (and all memory between 640K and 1Mb, just to be safe) - TSR/device driver stops viruses before they activate (use either version, for generic virus detection and real-time signature checking) - virus removal, plus automatic removal of boot viruses (repair files damaged by most common file infectors and automatically check for and remove MBR and boot viruses from your hard disk each time you boot) - save & restore CMOS settings & critical disk sectors (saves entire CMOS, and MBR, boot, root directory and FAT to a diskette, for all hard disks) - scan disks at network, DOS and BIOS levels (use the lowest possible level for your disk to enhance your protection from stealth viruses) - add your own virus signatures and virus cures! (use the provided virus database engine to add new viruses, even the cures, and search for viruses by any characteristic) - completely configurable, password access control (multiple levels of password access control, separate text configuration file, user-configurable installation and more) - CUA compliant and easy-to-use interface (standard DOS-based windowed interface with full mouse support, VGA extensions, drop menus, tileable windows etc.) - full on-line help, plus much more... (context sensitive, with index, contents list and cross referencing, in addition to the 200 page user manual) 4. C:CURE - hardware protection =============================== If you need... - to leave your PC where others can access it... or - to have PCs in classroom locations... or - the highest level of virus security possible ...then C:CURE could be for you. C:CURE is a hardware device (not a card, so no slot is required) that fits between the disk drive and the controller card. It monitors all! commands issued by the controller and can block disk writes and formats to nominated areas of the disk. It sounds simple and it is, as well it; - Provides absolute protection from all boot and partition table viruses. Even when the PC is booted from a floppy the hard disk cannot be infected. - Protects against tampering and accidental corruption. You can prevent any disk writes to the entire C: drive if required. Imagine how easy that makes maintaining a classroom of PCs. - Has an in-built audible alarm, it does not need the PC speaker. - Does not affect disk performance in any way, all processing is done in the C:CURE chips. - Installs in basic mode in seconds, standard mode takes 5 minutes. - Is free of false alarms. - Is fully compatible with all operating systems. - Lasts forever, no updates are required. C:CURE provides the ultimate virus defence. Even the IC is protected against hacking. Used in conjunction with Virus Buster you can have a truly virus-proof PC. But C:CURE is also essential as a defence against accidental or malicious corruption. In particular, PCs in a classroom situation will benefit from the security C:CURE provides. 5. Price List ============= 5.1 Private, non commercial use ------------------------------- The shareware version of VIRUS BUSTER LITE is free of charge for any individual using it on his/her personally owned computer, which is not used for commercial purposes. Updates to the program may be obtained from BBSes or directly from Leprechaun Software Pty Ltd. An annual maintenance program is available. This includes an initial update disk and then 12 months during which you can upgrade at any time by disk exchange or from our BBS. Private use nil nil Single update US$ 25 A$ 30 Annual maintenance US$ 110 A$ 150 *** DISCOUNT PRICE *** Just quote your keyword "LEP" with your order for an additional discount. Private use nil nil Single update US$ 20 A$ 25 Annual maintenance US$ 100 A$ 130 5.2 Commercial use ------------------ The cost for a site license is calculated on the number of computers in the company covered by the license. Annual maintenance includes unlimited upgrades for a single year by disk exchange or from our BBS. Number 5 - 100 US$ 5.00 A$ 6.50 per PC of 101 - 200 US$ 3.00 A$ 4.00 per PC PCs 201 - 500 US$ 2.50 A$ 3.25 per PC 501 - 5000 US$ 1.50 A$ 2.00 per PC 5001 and up US$ 1.00 A$ 1.25 per PC Annual maintenance US$ 100 A$ 130 per year *** DISCOUNT PRICE *** Just quote your keyword "LEP" with your order for an additional discount of 5%. The customer is expected to provide a reasonable estimate of the number of PCs in the organisation. A site license includes a written license agreement and a diskette with the latest version. Licensed users can also phone or fax for technical support. 5.3 Educational use ------------------- A 25% educational discount applies to site license fees. 5.4 How to order, Payment ------------------------- You may pay with a cheque (payable to Leprechaun Software Pty Ltd), international money order or a VISA/MasterCard/Bankcard/Amex credit card (please specify card number, card holder's name and expiration date). We accept regular purchase orders from corporations and educational or government institutions. Orders should be sent to Leprechaun Software Pty Ltd PO Box 826 Capalaba Q 4157 Australia Phone: +61 7 3823 1300 or sent by fax: +61 7 3823 1233