VNmacro v1.01d - 1 October 1996 Copyright (c) 1996 Safetynet, Inc. Portions (c) Frisk Software Int'l. ---------------------------------------------------------------------- VNmacro provides virus detection and disinfection of MS Word macro viruses. According to recent Virus Bulletin statistics, a macro virus is now the most prevalent virus type, with the Winword Concept virus accounting for 14.2% of all virus infections (July 1996 survey). VNmacro supports Microsoft Word 6+ and Excel file formats, and will quickly detect and remove macro viruses. Its Windows interface makes its operation simple, even for novice users. VNmacro is part of the VirusNet anti-virus solution from Safetynet, Inc. VirusNet protects Windows NT, Windows 95, Windows 3.x and DOS PCs. Its network version centrally manages and distributes virus protection to all workstations. Supported networks include Netware, NT Advanced Server, Vines, Pathworks and Warp Server. Complete evaluations of VirusNet PC and VirusNet LAN are available for downloading from our WWW site. In addition, for your security concerns, our StopLight family of software protects Windows 95, Windows 3.x and DOS PCs. Stand-alone and network versions are available for downloading from our WWW site. Test Results ------------ A comprehensive Macro Virus scanner test was completed by Norman Hirsch and Associates on 9/18/1996. It tested anti-virus products from McAfee, Symantec, Safetynet, Dr. Solomon and TouchStone/Trend. The scanner detection and cleaning results for 39 macro viruses are as follows: Scanner Detected % Cleaned (out of 39) ---------------- --------------------- Safetynet - VirusNet VNmacro 38 98% (38) Dr. Solomon - AntiVirus Toolkit 32 87% (34) McAfee - VirusScan 35 82% (32) Symantec - Norton AV 29 74% (29) TouchStone - PC-Cillin 38 23% (9) Full test results are available at http://www.safe.net. Installation Notes ------------------ 1. Copy the VNmacro files to a directory on your hard drive or network. 2. Copy CTL3DV2.DLL to the Windows SYSTEM directory 3. Remove CTL3DV2.DLL from the VNmacro directory Note: If CTL3DV2.DLL remains in the VNmacro directory, it will display the following error message: "This application uses CTL3DV2.DLL, which has not been correctly installed. CTL3DV2.DLL must be installed in the Windows system directory." Operating Instructions ---------------------- Note: Before using VNmacro to scan for viruses, close any DOC files that are open in Word for Windows. Otherwise, a "Sharing Violation" message will be displayed in the report and the file will not be scanned. 1. Start VNmacro by running VNMACRO.EXE. 2. Select the "Scan" button to display a screen of scanner options. 3. Type in or choose the "Scan Directory" button to select the location to scan. 4. Choose whether to scan subdirectories under this directory. 5. Select to scan "Word documents" or "All files". Usually "Word documents" is sufficient unless you have saved DOC files with different file extensions. 6. If a virus is found, select whether to prompt before disinfecting each file, disinfecting automatically or simply generating a report. 7. Select "Report all scanned documents" to show a list of all files scanned. 8. Select the "Report File" button to locate the directory to save the report file, or type the location and file name manually. 9. Select whether an existing report file should be overwritten with the new report or appended. That's it! Select OK to begin the scan or Cancel to return to the main VNmacro screen. Technical Support ----------------- If you have questions about VNmacro, please visit our WWW site for contact information. We'll be happy to help. ------------------------------------------------ Safetynet, Inc. - Our Specialty is Your Security http://www.safe.net ===================================================================== Known problems -------------- - The Daniel, Gangsterz, Phardera, Outlaw.A and Outlaw.B viruses are not disinfected perfectly: after disinfection, the user has to open every disinfected document with Word, select Tools/Customize/Keyboard/Reset All, then Tools/Customize/Menus/Reset All, and save the document back to disk. This is because these viruses make somewhat unusual modifications to the documents they infect. We know how to make the disinfection perfect but just didn't have the time to implement it for this release. - VNmacro causes a GPF when scanning some documents. This is not our problem. The documents are corrupted and Word (or any other OLE2-enabled application) will crash when opening them too. The bug is in Microsoft's STORAGE.DLL. A future version of VNmacro will avoid using this DLL. - VNmacro scans only OLE2 files. As a consequence, it will not detect WordMacro viruses or Trojans in Word 2.0 documents. The format of these documents is different than the format of the documents produced by Word 6.0 and above, especially concerning the macro structures. Microsoft still has not provided us with information about these differences. If you don't like that VNmacro cannot scan for Word 2.0 viruses - complain to Microsoft. Word 2.0 viruses like Polite can migrate to Word 6.x documents, however. Once this happens, VNmacro will be able to detect the virus. If any bugs are found, please report them to support@safe.net, and if you have any suggestions for improvements - feel free to e-mail to the above address. Version history --------------- Version 1.02 - Added the ability to process documents produced by the Asian versions of Word (Chinese, Taiwanese, Japanese, and Korean). - Under Windows 95, VNmacro could not open long file names which included non-English characters. Fixed. - Added detection, recognition, identification and removal of the following new macro viruses: Bandung.B Colors.F Concept.I Concept.J Concept.K Concept.L Concept.L.Drp (Trojan) Concept.M (Intended) Concept.M.Drp (Trojan) Concept.N Concept.O:Tw Concept.P Daniel Divina.B Easy Look.A:Tw Look.B:Tw Olympic.A:Tw Olympic.B:Tw Outlaw.A Outlaw.B SaveCount Saver:De Spooky:De Stryx:De Theather:Tw Twno.A:Tw Twno.B:Tw (Intended) Twno.C:Tw MDMA.B Nuclear.D Phardera Stryx:De Wazzu.G Wazzu.H Wazzu.I Wazzu.J Wazzu.K Weather.A:Tw Weather.B:Tw Version 1.01: - The report file changed to indicate how many infected files are still left, how many files have been disinfected, and whether the user has aborted the scanning process. - A newer version of CTL3DV2.DLL included and the documentation describing the installation process - updated. - Some documents were reported as causing "Critical error". Fixed. - Added detection, recognition, identification and removal of the following new macro viruses: Atom.B Bandung.A Colors.E Gangsterz Hassle Nuclear.C Wazzu.E Wazzu.F Version 1.00 (Beta): First version released for public testing. 6. List of viruses detected by VNmacro. FormatC (Trojan) Reflex.Dropper (Trojan) Laroux (Excel) Aliance Atom.A Atom.B Bandung.A Bandung.B Boom:De Buero:De Colors.A Colors.B Colors.C Colors.D Colors.E Colors.F Clock:De Concept.A Concept.B:Fr Concept.C Concept.D Concept.E Concept.F Concept.G Concept.H Concept.I Concept.J Concept.K Concept.L Concept.M Concept.N Concept.O:Tw Concept.P Daniel Date Dietzel:De Divina.A Divina.B DMV Doggie Easy Friendly:De Gangsterz Goldfish Guess Hassle Hot Imposter.A Imposter.B Irish KillDLL LBYNJ:De Look.A:Tw Look.B:Tw MadDog MDMA.A MDMA.B NF NOP.A:De NOP.B:De Npad Nuclear.A Nuclear.B Nuclear.C Nuclear.D Olympic.A:Tw Olympic.B:Tw Outlaw.A Outlaw.B Phardera PCW:De Pheeew:NL Polite Reflex Satanic SaveCount Saver:De Spooky:De Stryx:De Tedious Theather:Tw Twno.A:Tw Twno.B:Tw (Intended) Twno.C:Tw Wazzu.A Wazzu.B Wazzu.C Wazzu.D Wazzu.E Wazzu.F Wazzu.G Wazzu.H Wazzu.I Wazzu.J Wazzu.K Weather.A:Tw Weather.B:Tw Xenixos:De