Home » McAfee Manuals » Computer Software » McAfee AVDCDE-BA-CA » Manual Viewer

McAfee AVDCDE-BA-CA User Guide - Page 10

File infector viruses - benefits

View all McAfee AVDCDE-BA-CA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 10 highlights

Preface For a time, sophisticated descendants of this first boot-sector virus represented the most serious virus threat to computer users. Variants of boot sector viruses also infect the Master Boot Record (MBR), which stores the partition information your computer needs to figure out where to find each of your hard disk partitions and the boot sector itself. Realistically, nearly every step in the boot process, from reading the MBR to loading the operating system, is vulnerable to virus sabotage. Some of the most tenacious and destructive viruses still include the ability to infect your computer's boot sector or MBR among their repertoire of tricks. Among other advantages, loading at boot time can give a virus a chance to do its work before your anti-virus software has a chance to run. Many McAfee anti-virus products anticipate this possibility by allowing you to create an emergency disk you can use to boot your computer and remove infections. But most boot sector and MBR viruses had a particular weakness: they spread by means of floppy disks or other removable media, riding concealed in that first track of disk space. As fewer users exchanged floppy disks and as software distribution came to rely on other media, such as CD-ROMs and direct downloading from the Internet, other virus types eclipsed the boot sector threat. But it's far from gone-many later-generation viruses routinely incorporate functions that infect your hard disk boot sector or MBR, even if they use other methods as their primary means of transmission. Those same viruses have also benefitted from several generations of evolution, and therefore incorporate much more sophisticated infection and concealment techniques that make it far from simple to detect them, even when they hide in relatively predictable places. File infector viruses At about the same time as the authors of the Brain virus found vulnerabilities in the DOS boot sector, other virus writers found out how to use other software to help replicate their creations. An early example of this type of virus showed up in computers at Lehigh University in Pennsylvania. The virus infected part of the DOS command interpreter COMMAND.COM, which it used to load itself into memory. Once there, it spread to other uninfected COMMAND.COM files each time a user entered any standard DOS command that involved disk access. This limited its spread to floppy disks that contained, usually, a full operating system. Later viruses quickly overcame this limitation, sometimes with fairly clever programming. Virus writers might, for instance, have their virus add its code to the beginning of an executable file, so that when users start a program, the virus code executes immediately, then transfers control back to the legitimate software, which runs as though nothing unusual has happened. Once it activates, the virus "hooks" or "traps" requests that legitimate software makes to the operating system and substitutes its own responses. x McAfee VirusScan Anti-Virus Software

Section	Page
Preface	7
What happened?	7
Why worry?	7
Where do viruses come from?	8
Virus prehistory	8
Viruses and the PC revolution	9
Boot-sector viruses	9
File infector viruses	10
Stealth, mutation, encryption, and polymorphic techniques	11
Macro viruses	12
On the frontier	12
Java, ActiveX, and scripted objects	13
Where next?	14
How to protect yourself	15
How to contact McAfee and Network Associates	16
Customer service	16
Technical support	17
Download support	18
Network Associates training	18
Comments and feedback	18
Reporting new items for anti-virus data file updates	19
International contact information	20
1 About VirusScan Software	23
Introducing VirusScan anti-virus software	23
How does VirusScan software work?	25
Fast, accurate virus detection	25
Encrypted polymorphic virus detection	25
“Double heuristics” analysis	26
Wide-spectrum coverage	26
What comes with VirusScan software?	27
What’s new in this release?	31
Installation and distribution features	31
Interface enhancements	32
Changes in product functionality	33
New update options for your VirusScan software	33
2 Installing VirusScan Software	35
Before you begin	35
System requirements	35
Other recommendations	35
Preparing to install VirusScan software	36
Installation options	36
Installation steps	37
Using the Emergency Disk Creation utility	49
Determining when you must restart your computer	54
Testing your installation	55
Modifying or removing your VirusScan installation	56
3 Removing Infections From Your System	59
If you suspect you have a virus...	59
Deciding when to scan for viruses	62
Recognizing when you don’t have a virus	63
Understanding false detections	64
Responding to viruses or malicious software	65
Responding when the VShield scanner detects malicious software	65
Responding when the System Scan module detects a virus	65
Responding when the E-mail Scan module detects a virus	68
Responding when the Download Scan module detects a virus	69
Responding when Internet Filter detects a virus	70
Responding when the VirusScan application detects a virus	70
Responding when the E-Mail Scan extension detects a virus	72
Viewing virus information	74
Viewing file information	75
Submitting a virus sample	76
Using the SendVirus utility to submit a file sample	76
Capturing boot sector, file-infecting, and macro viruses	79
Capturing boot-sector infections	79
Capturing file-infecting or macro viruses	80
Making disk images	81
Preparing file archives to send	81
Sending samples via e-mail	82
Mailing infected floppy disks	83
4 Using the VShield Scanner	85
What does the VShield scanner do?	85
Why use the VShield scanner?	86
Browser and e-mail client support	87
Enabling or starting the VShield scanner	88
Starting the scanner automatically	89
Enabling the VShield scanner and its modules	90
Method 1: Use the VShield shortcut menu	90
Method 2: Use the System Scan Status dialog box	90
Method 3: Use the VShield Properties dialog box	91
Method 4: Use the VirusScan Console	92
Understanding the VShield system tray icon states	92
Using the VShield configuration wizard	93
Setting VShield scanner properties	97
Configuring the System Scan module	98
Choosing Detection options	99
Choosing Action options	105
Choosing Alert options	108
Choosing Report options	110
Choosing Exclusion options	112
Configuring the E-mail Scan module	115
Choosing Detection options	116
Choosing Action options	121
Choosing Alert options	124
Choosing Report options	127
Configuring the Download Scan module	130
Choosing Detection options	130
Choosing Action options	134
Choosing Alert options	136
Choosing Report options	138
Configuring the Internet Filter module	140
Choosing Detection options	141
Choosing Action options	145
Choosing Alert options	146
Choosing Report options	148
Configuring the Security module	149
Enabling password protection	150
Entering your password to configure settings	151
Protecting individual property pages	152
Using the VShield shortcut menu	153
Disabling or stopping the VShield scanner	153
Preventing the scanner from starting automatically	154
Stopping the VShield scanner completely	154
Method 1: Use the VShield shortcut menu	154
Method 2: Use the VirusScan Console	155
Method 3: Use the VirusScan control panel	156
Disabling the VShield scanner and its modules	156
Method 1: Use the VShield shortcut menu	157
Method 2: Use the System Scan Status dialog box	157
Method 3: Use the VShield Properties dialog box	158
Tracking VShield software status information	159
Viewing VShield task status information	160
5 Using the VirusScan application	161
What is the VirusScan application?	161
Why use the VirusScan application?	162
Starting the VirusScan application	163
Method 1: Displaying the VirusScan application main window	163
Method 2: Starting a scan task from the VirusScan Console	165
Method 3: Starting a scan task from a settings file	166
Method 4: Starting the application from the command line	168
Configuring the VirusScan Classic interface	169
Choosing Where & What options	169
Choosing Action options	171
Choosing Report options	173
Configuring the VirusScan Advanced interface	174
Choosing Detection options	175
Choosing Action options	180
Choosing Alert options	182
Choosing Report options	183
Choosing Exclusion options	186
Enabling password protection	189
6 Creating and Configuring Scheduled Tasks	191
What does VirusScan Console do?	191
Why schedule scan operations?	191
Starting the VirusScan Console	192
Using the Console window	194
Working with default tasks	196
Working with the VShield task	198
Working with the AutoUpgrade and AutoUpdate tasks	199
Creating new tasks	200
Enabling tasks	204
Checking task status	206
Configuring VirusScan application options	208
Choosing Detection options	209
Choosing Action options	213
Choosing Alert options	216
Choosing Report options	217
Choosing Exclusion options	220
Choosing security options	223
7 Updating and Upgrading VirusScan Software	227
Developing an updating strategy	227
What are .DAT files?	227
What is the scan engine?	227
Update and upgrade methods	228
Understanding the AutoUpdate utility	230
Configuring the AutoUpdate Utility	231
Configuring update options	235
Configuring advanced update options	237
Understanding the AutoUpgrade utility	240
Configuring the AutoUpgrade utility	241
Configuring upgrade options	246
Configuring advanced upgrade options	248
Using the AutoUpgrade and SuperDAT utilities together	250
8 Using Specialized Scanning Tools	253
Scanning Microsoft Exchange and Outlook mail	253
When and why you should use the E-Mail Scan extension	253
Using the E-Mail Scan extension	254
Configuring the E-Mail Scan extension	255
Choosing Detection options	257
Choosing Action options	260
Choosing Alert options	262
Choosing Report options	266
Scanning cc:Mail	269
Using the ScreenScan utility	269
9 Using VirusScan Utilities	277
Understanding the VirusScan control panel	277
Opening the VirusScan control panel	277
Choosing VirusScan control panel options	278
Using the Alert Manager Client Configuration utility	281
VirusScan software as an Alert Manager client	282
Configuring the Alert Manager client utility	282
A Default Vulnerable and Compressed File Extensions	287
Adding file name extensions for scanning	287
Current list of vulnerable file name extensions	288
Current list of compressed files scanned	292
B Network Associates Support Services	295
Adding value to your McAfee product	295
PrimeSupport options for corporate customers	295
The PrimeSupport KnowledgeCenter plan	295
The PrimeSupport Connect plan	296
The PrimeSupport Priority plan	297
The PrimeSupport Enterprise plan	297
Ordering a corporate PrimeSupport plan	298
PrimeSupport options for home users	300
How to reach international home user support	302
Ordering a PrimeSupport plan for home users	302
Network Associates consulting and training	303
Professional Services	303
Jumpstart Services	303
Network consulting	304
Total Education Services	304
C Using the SecureCast Service to Get New Data Files	305
Introducing the SecureCast service	305
Why should I update my data files?	306
Which data files does the SecureCast service deliver?	306
Installing the BackWeb client and SecureCast service	307
System requirements	307
Phase 1: Download and install BackWeb	307
Phase 2: Register with the Enterprise SecureCast service	312
Troubleshooting the Enterprise SecureCast service	317
Registration problems	317
Unsubscribing from the SecureCast service	317
Support resources	317
SecureCast service	317
BackWeb client	318
D Understanding iDAT Technology	319
Understanding incremental .DAT files	319
Product requirements	319
How does iDAT updating work?	320
What does McAfee post each week?	321
Best practices	322
Three-stage updating	322
Scheduling internal .DAT updates	323
Frequently asked questions	323
Connectivity issues	323
Corrupted data	324
Incremental vs. full .DAT update	324
Network configuration issues	324
Scheduling issues	324

Match case Limit results 1 per page

Preface

McAfee VirusScan Anti-Virus Software

For a time, sophisticated descendants of this first boot-sector virus represented

the most serious virus threat to computer users. Variants of boot sector viruses

also infect the Master Boot Record (MBR), which stores the partition

information your computer needs to figure out where to find each of your

hard disk partitions and the boot sector itself.

Realistically, nearly every step in the boot process, from reading the MBR to

loading the operating system, is vulnerable to virus sabotage. Some of the

most tenacious and destructive viruses still include the ability to infect your

computer

’

s boot sector or MBR among their repertoire of tricks. Among other

advantages, loading at boot time can give a virus a chance to do its work before

your anti-virus software has a chance to run. Many McAfee anti-virus

products anticipate this possibility by allowing you to create an emergency

disk you can use to boot your computer and remove infections.

But most boot sector and MBR viruses had a particular weakness: they spread

by means of floppy disks or other removable media, riding concealed in that

first track of disk space. As fewer users exchanged floppy disks and as

software distribution came to rely on other media, such as CD-ROMs and

direct downloading from the Internet, other virus types eclipsed the boot

sector threat. But it

’

s far from gone

—

many later-generation viruses routinely

incorporate functions that infect your hard disk boot sector or MBR, even if

they use other methods as their primary means of transmission.

Those same viruses have also benefitted from several generations of evolution,

and therefore incorporate much more sophisticated infection and concealment

techniques that make it far from simple to detect them, even when they hide

in relatively predictable places.

File infector viruses

At about the same time as the authors of the Brain virus found vulnerabilities

in the DOS boot sector, other virus writers found out how to use other

software to help replicate their creations. An early example of this type of virus

showed up in computers at Lehigh University in Pennsylvania. The virus

infected part of the DOS command interpreter COMMAND.COM, which it

used to load itself into memory. Once there, it spread to other uninfected

COMMAND.COM files each time a user entered any standard DOS command

that involved disk access. This limited its spread to floppy disks that

contained, usually, a full operating system.

Later viruses quickly overcame this limitation, sometimes with fairly clever

programming. Virus writers might, for instance, have their virus add its code

to the beginning of an executable file, so that when users start a program, the

virus code executes immediately, then transfers control back to the legitimate

software, which runs as though nothing unusual has happened. Once it

activates, the virus

“

hooks

”

“

traps

”

requests that legitimate software makes

to the operating system and substitutes its own responses.