****************************************************************** Norton AntiVirus Command-Line Scanner (NAVC) README.TXT Copyright (c) 1998 Symantec Corporation March 1999 ****************************************************************** HOW TO USE THIS DOCUMENT ****************************************************************** To view README.TXT on screen in Notepad or WordPad, maximize the Notepad or WordPad window. To print README.TXT in Notepad or WordPad, choose Print from the File menu. If you use another word processor, select the entire document and format the text in 10-point Courier before printing to ensure proper spacing. To print README.TXT from the DOS prompt, type COPY README.TXT PRN: and press Enter. ****************************************************************** Norton AntiVirus Command-Line Scanner ****************************************************************** This README.TXT file explains how to use the Norton AntiVirus Command-Line Scanner (NAVC). The following topics are discussed: * System requirements * Installation * NAVC command-line switches * Creating a NAVC Emergency Disk set * Using the NAVC Emergency Disk set * Using the NAVC Emergency Disk set to scan FAT32, NTFS and HPFS * Virus definitions files update sources * Installing virus definitions files updates * Updating virus definitions on the NAVC Emergency Disk set * GPF Error 35 System requirements ------------------- NAVC has the following system requirements: * DOS 3.3 or higher * PC/AT 286 compatible or more advanced * 2 MBs of available disk space * 2 MBs of RAM NAVC does not support long filenames (LFNs). NAVC command-line switches -------------------------- You can run NAVC from the DOS prompt, from a DOS shell in Windows, or from the Run dialog box in Windows. All NAVC operation is controlled by command-line switches. Some switches are used alone, while others are followed by either a plus (+) or minus (-) sign. You can use more than one switch and more than one parameter on a command line. The vertical bar (|) means that you should use either parameter, but not both. Do not type the square brackets, which indicate optional parameters, on the command line. NAVC pathname [options] pathname Drive, directory, file, or combination of items separated by spaces. /? Display the help screen. /A Scan all drives (A: and B: are skipped.) /L Scan local drives (A: and B: are skipped.) /B[+|-] Enable or disable scanning of boot records. If /B[+|-] is omitted, /B+ is the default. /BOOT Scan only the boot sectors of specified drives. /M[+|-] Enable or disable scanning of memory. If /M[+|-] is omitted, /M+ is the default. /MEM Scan only memory. /S[+|-] Enable or disable scanning subdirectories. If /S[+|-] is omitted, /S- is the default. /REPAIR Repair infected files automatically. /DELETE Delete infected files automatically. /HALT Halt the system if a virus is found. /CFG:[directory] Specify the directory containing NAVC configuration files. /LOG:file Create and log to the specified file. /APPENDLOG:file Append to an existing log file. /DOALLFILES Scan all files, not just executables. /ZIPS Scan files contained in compressed files. /NOBEEP Run silently (no beeps). /HELPERROR List possible DOS errorlevels returned by NAVC. If desired, you can run NAVC from a batch file and process the errorlevel with IF ERRORLEVEL constructions. By default, unless the /DOALLFILES switch is specified, executable files with the following extensions are scanned: 386, BIN, CLA, COM, CPL, DLL, DOC, DOT, DRV, EXE, NCP, NED, NNL, OCX, OV?, SCR, SYS, VBX, VXD, and XL? The following examples demonstrate command-line syntax for a variety of situations. To scan all .EXE files in the WINDOWS directory and descending subdirectories: NAVC C:\WINDOWS\*.EXE /S+ To scan all .EXE files in the WINDOWS directory only: NAVC C:\WINDOWS\*.EXE /S- To scan a drive and a directory on another drive: NAVC C: D:\NEWFILES To scan a directory on the network drive P: called PROGRAMS, but none of its subdirectories: NAVC P:\PROGRAMS /S- To scan only the boot records of drives C: and A: NAVC C: A: /BOOT Creating a NAVC Emergency Disk set ---------------------------------- You can create a NAVC disk set to start your computer and eliminate viruses in emergency situations. Certain boot viruses, for example, prevent booting properly from the hard disk or seeing the hard disk at all. To fit the virus definitions files on a floppy disk, you must create a subset of the installed virus definitions. This subset protects against common viruses, master boot record, boot record, and floppy disk infectors. The reduced set does not, however, detect macro viruses. Note: If you are using a Windows NT computer, you must boot in MS-DOS or use an MS-DOS computer to create the NAVC Emergency Disk set. You need two 1.44 MB floppy disks and two disk labels. To create a NAVC Emergency Disk: 1 On a virus free machine, create a folder called NAVC. 2 Copy all the files extracted from the downloaded NAVC10.EXE file, or from the NAVC directory on your Norton AntiVirus Solutions CD, to the NAVC folder on your hard drive. 3 From the NAVC directory on your hard disk, scan your computer to make sure it is virus-free. At the DOS prompt type: NAVC /L and press Enter. 4 Format the first floppy disk with the DOS system files. At the DOS prompt type: FORMAT A: /S and press Enter. Label it Disk 1. This disk is the NAVC bootable disk. 5 Format the second floppy disk without the system files. At the DOS prompt type: FORMAT A: and press Enter. Label this Disk 2. This is the virus definitions disk. 6 At the DOS prompt type: GENWILD and press Enter. (You should still be in the NAVC directory.) This creates a subset of the most common virus definitions files so that the definitions with fit on a diskette. 7 Insert Disk 1 into the A: drive, then enter the following commands at the DOS prompt: COPY NAVC.EXE A: COPY NAVC.OVL A: 8 Insert Disk 2 into the A: drive, then enter the following commands at the DOS prompt: COPY NAVCOPTS.DAT A: COPY EXCLUDE*.* A: COPY INWILD*.* A: COPY NAVEX.EXP A: COPY VIRWILD.DAT A: COPY VIRSCAN2.DAT A: 9 Slide open the plastic tab on the back of each disk to write-protect it. Store the disks in a safe place. Note: Each time you download new virus definitions files, make sure you update your Emergency Disk set. See "Updating Virus Definitions" below for directions. Using the NAVC Emergency Disk set --------------------------------- Use the following procedure to scan a computer with a standard DOS FAT partition using the NAVC Emergency Disk set. To scan with the NAVC Emergency Disk set: 1 Insert Disk 1 of the NAVC Emergency Disk set in the A: drive and restart the computer. 2 At the DOS prompt type: NAVC /CFG:A: /REPAIR and press Enter to begin the scan. Be patient. It takes a few moments for the program to load from the floppy disk. 3 When prompted, insert Disk 2 of the NAVC Emergency Disk set (virus definitions) in the A: drive and press Enter. 4 After the definitions load into memory, NAVC will scan all local hard drives and repair all file infector and boot infector viruses detected. The NAVC Emergency Disk set does not scan for macro viruses. Using the NAVC Emergency Disk set to scan FAT32, NTFS and HPFS -------------------------------------------------------------- Use the following procedure to scan a computer with a FAT32, NTFS or a HPFS partition. On these types of partitions it is not possible to scan the files but it is still possible to scan and clean the master boot record of the primary hard drive. To scan with the NAVC Emergency Disk set: 1 Insert Disk 1 of the NAVC Emergency Disk set in the A: drive and restart the computer. 2 At the DOS prompt type: NAVC C: /CFG:A: and press Enter to begin the scan. Be patient. It takes a few moments for the program to load from the floppy disk. 3 When prompted, insert Disk 2 of the NAVC Emergency Disk set (virus definitions) in the A: drive and press Enter. 4 After the definitions load into memory, NAVC will scan the primary hard drive and repair all boot infector viruses detected. Updating virus definitions -------------------------- NAVC relies on up-to-date information to detect and eliminate viruses. Symantec provides regularly updated virus definitions files for download from many sources. The file you download, called Intelligent Updater, is a special update program that will locate NAVC on your computer automatically and install the new virus definitions files. NAVC uses the 16-bit definitions set (Windows 3.1/DOS). It uses the file name structure of mmddi16.exe where mm represents the month and dd represents the day of the month. Intelligent Updater is available for download from the following sources: Internet: www.sarc.com Click the link for Download Updates Internet: ftp.symantec.com /public/LANGUAGE/antivirus_definitions /norton_antivirus/ (for English, LANGUAGE is english_us_canada) Symantec BBS (541) 484-6669 8 data bits, 1 stop bit, no parity America Online Keyword SYMANTEC CompuServe GO SYMNEW Installing updated virus definitions files ------------------------------------------ Intelligent Updater installs the new virus definitions files on your computer automatically. To install the new virus definitions: 1 Download the Intelligent Updater program to any directory on your computer. 2 Run the Intelligent Updater program and specify the folder location for NAVC, for example "mmddi16 C:\NAVC" without the quotes. Answer Yes when prompted whether you would like to update your virus definitions files. 3 Follow all prompts displayed by Intelligent Updater. 4 Intelligent Updater installs the new virus definitions files in the proper directory. If prompted to overwrite, choose Yes. Your old virus definitions files are being replaced with the new ones. 5 Read the new Text Documents (*.TXT) in your NAVC directory for late-breaking information about newly discovered viruses and any special precautions that you should take. Updating virus definitions on the NAVC Emergency Disk set --------------------------------------------------------- Once you have downloaded the Intelligent Updater and installed the new virus definitions on your hard drive using the instructions above, make sure you update your Emergency Disk set. 1 At the DOS prompt from the NAVC directory on your hard drive type: GENWILD and press Enter. Answer YES when prompted to overwrite files. This creates the newest subset of the most common virus definitions files so that the definitions with fit on a diskette. 2 Close the plastic tab on the back of Disk 2 of your Emergency Disk set to allow updating the disk. 3 Insert Disk 2 of the NAVC Emergency Disk set into the A: drive, then enter the following commands at the DOS prompt: COPY INWILD*.* A: COPY NAVEX.EXP A: COPY VIRWILD.DAT A: COPY VIRSCAN2.DAT A: Answer YES when prompted to overwrite files. 4 Slide open the plastic tab on the back of Disk 2 to write-protect it again. Store the Emergency Disk set in a safe place. GPF Error 35 ------------ If you receive a GPF error "Error 35" when attempting to run NAVC you must load the DOS utility HIMEM.SYS into memory before running NAVC with the machine type explicitly set to one. The HIMEM.SYS utility is usually found in the DOS directory on systems running MS-DOS 5.0 or 6.0. You may also find it in the Windows directory on systems running Windows 95 or Windows 98. 1 Close the plastic tab on the back of Disk 1 of your Emergency Disk set to allow updating the disk. 2 Insert Disk 1 of the NAVC Emergency Disk set into the A: drive of a known virus free workstation, and copy the DOS Utility HIMEM.SYS to Disk 1. For example, if the utility is in the C:\WINDOWS directory, enter the following at the DOS prompt: COPY C:\WINDOWS\HIMEM.SYS A: 2 Create a text file on Disk 1 with the name CONFIG.SYS. 3 Place the following line of text in the CONFIG.SYS file: DEVICE=HIMEM.SYS /M:1 Save the change and exit the file. 4 Reboot the problem machine from Disk 1 and run NAVC again. 5 After running NAVC on the problem machine re-edit the CONFIG.SYS file and place a semi-colon at the beginning of the DEVICE line. This will disable this line until it is needed again. ;DEVICE=HIMEM.SYS /M:1 Save the change and exit the file. 6 Slide open the plastic tab on the back of Disk 1 to write-protect it again. ****************************************************************** END OF FILE ******************************************************************