Home » McAfee Manuals » Computer Software » McAfee AVDCDE-BA-CA » Manual Viewer

McAfee AVDCDE-BA-CA User Guide - Page 79

Capturing boot sector, file-infecting, and macro viruses, Capturing boot-sector infections

View all McAfee AVDCDE-BA-CA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 79 highlights

Removing Infections From Your System 7. Select the type of e-mail client application you have installed on your computer. Your choices are: • Use outgoing Internet mail. Click this button to send your sample via a Simple Mail Transfer Protocol e-mail client, such as Eudora, NetScape Mail, or Microsoft Outlook Express. Next, enter the name of your outgoing mail server in the text box provided-mail.domain.com, for example. • Use Microsoft Exchange. Click this button to send your sample via your corporate e-mail system. To use this option, your e-mail system must support the Messaging Application Programming Interface (MAPI) standard. Examples of such systems include Microsoft Exchange, Microsoft Outlook, and Lotus cc:Mail v8.0 and later. 8. Click Finish to send your sample. Š NOTE: Although McAfee researchers appreciate your submission, their receipt of your message does not obligate them to take any action, provide any remedy, or respond in any way to you. SENDVIR.EXE will use the e-mail client you specified to send your sample. You must have connected to your network or ISP in order for this process to succeed. Capturing boot sector, file-infecting, and macro viruses If you suspect you have a virus infection, you can collect a sample of the virus, then either create a floppy disk image to send via e-mail, or mail the floppy disk itself to McAfee anti-virus researchers. The researchers would also benefit from having samples of your current system files on a separate floppy disk. Capturing boot-sector infections Boot-sector viruses frequently hide in areas of your hard disk or floppy disks that you ordinarily cannot see or read. You can, however, capture a sample of a boot-sector virus by deliberately infecting a floppy disk with it. To do so, follow these steps: 1. Insert a new, unformatted floppy disk into your floppy drive. 2. Click Start in the Windows taskbar, point to Programs, then choose MS-DOS Prompt if your computer runs Windows 95 or Windows 98, or Command Prompt if your computer runs Windows NT Workstation v4.0 or Windows 2000 Professional. User's Guide 79

Section	Page
Preface	7
What happened?	7
Why worry?	7
Where do viruses come from?	8
Virus prehistory	8
Viruses and the PC revolution	9
Boot-sector viruses	9
File infector viruses	10
Stealth, mutation, encryption, and polymorphic techniques	11
Macro viruses	12
On the frontier	12
Java, ActiveX, and scripted objects	13
Where next?	14
How to protect yourself	15
How to contact McAfee and Network Associates	16
Customer service	16
Technical support	17
Download support	18
Network Associates training	18
Comments and feedback	18
Reporting new items for anti-virus data file updates	19
International contact information	20
1 About VirusScan Software	23
Introducing VirusScan anti-virus software	23
How does VirusScan software work?	25
Fast, accurate virus detection	25
Encrypted polymorphic virus detection	25
“Double heuristics” analysis	26
Wide-spectrum coverage	26
What comes with VirusScan software?	27
What’s new in this release?	31
Installation and distribution features	31
Interface enhancements	32
Changes in product functionality	33
New update options for your VirusScan software	33
2 Installing VirusScan Software	35
Before you begin	35
System requirements	35
Other recommendations	35
Preparing to install VirusScan software	36
Installation options	36
Installation steps	37
Using the Emergency Disk Creation utility	49
Determining when you must restart your computer	54
Testing your installation	55
Modifying or removing your VirusScan installation	56
3 Removing Infections From Your System	59
If you suspect you have a virus...	59
Deciding when to scan for viruses	62
Recognizing when you don’t have a virus	63
Understanding false detections	64
Responding to viruses or malicious software	65
Responding when the VShield scanner detects malicious software	65
Responding when the System Scan module detects a virus	65
Responding when the E-mail Scan module detects a virus	68
Responding when the Download Scan module detects a virus	69
Responding when Internet Filter detects a virus	70
Responding when the VirusScan application detects a virus	70
Responding when the E-Mail Scan extension detects a virus	72
Viewing virus information	74
Viewing file information	75
Submitting a virus sample	76
Using the SendVirus utility to submit a file sample	76
Capturing boot sector, file-infecting, and macro viruses	79
Capturing boot-sector infections	79
Capturing file-infecting or macro viruses	80
Making disk images	81
Preparing file archives to send	81
Sending samples via e-mail	82
Mailing infected floppy disks	83
4 Using the VShield Scanner	85
What does the VShield scanner do?	85
Why use the VShield scanner?	86
Browser and e-mail client support	87
Enabling or starting the VShield scanner	88
Starting the scanner automatically	89
Enabling the VShield scanner and its modules	90
Method 1: Use the VShield shortcut menu	90
Method 2: Use the System Scan Status dialog box	90
Method 3: Use the VShield Properties dialog box	91
Method 4: Use the VirusScan Console	92
Understanding the VShield system tray icon states	92
Using the VShield configuration wizard	93
Setting VShield scanner properties	97
Configuring the System Scan module	98
Choosing Detection options	99
Choosing Action options	105
Choosing Alert options	108
Choosing Report options	110
Choosing Exclusion options	112
Configuring the E-mail Scan module	115
Choosing Detection options	116
Choosing Action options	121
Choosing Alert options	124
Choosing Report options	127
Configuring the Download Scan module	130
Choosing Detection options	130
Choosing Action options	134
Choosing Alert options	136
Choosing Report options	138
Configuring the Internet Filter module	140
Choosing Detection options	141
Choosing Action options	145
Choosing Alert options	146
Choosing Report options	148
Configuring the Security module	149
Enabling password protection	150
Entering your password to configure settings	151
Protecting individual property pages	152
Using the VShield shortcut menu	153
Disabling or stopping the VShield scanner	153
Preventing the scanner from starting automatically	154
Stopping the VShield scanner completely	154
Method 1: Use the VShield shortcut menu	154
Method 2: Use the VirusScan Console	155
Method 3: Use the VirusScan control panel	156
Disabling the VShield scanner and its modules	156
Method 1: Use the VShield shortcut menu	157
Method 2: Use the System Scan Status dialog box	157
Method 3: Use the VShield Properties dialog box	158
Tracking VShield software status information	159
Viewing VShield task status information	160
5 Using the VirusScan application	161
What is the VirusScan application?	161
Why use the VirusScan application?	162
Starting the VirusScan application	163
Method 1: Displaying the VirusScan application main window	163
Method 2: Starting a scan task from the VirusScan Console	165
Method 3: Starting a scan task from a settings file	166
Method 4: Starting the application from the command line	168
Configuring the VirusScan Classic interface	169
Choosing Where & What options	169
Choosing Action options	171
Choosing Report options	173
Configuring the VirusScan Advanced interface	174
Choosing Detection options	175
Choosing Action options	180
Choosing Alert options	182
Choosing Report options	183
Choosing Exclusion options	186
Enabling password protection	189
6 Creating and Configuring Scheduled Tasks	191
What does VirusScan Console do?	191
Why schedule scan operations?	191
Starting the VirusScan Console	192
Using the Console window	194
Working with default tasks	196
Working with the VShield task	198
Working with the AutoUpgrade and AutoUpdate tasks	199
Creating new tasks	200
Enabling tasks	204
Checking task status	206
Configuring VirusScan application options	208
Choosing Detection options	209
Choosing Action options	213
Choosing Alert options	216
Choosing Report options	217
Choosing Exclusion options	220
Choosing security options	223
7 Updating and Upgrading VirusScan Software	227
Developing an updating strategy	227
What are .DAT files?	227
What is the scan engine?	227
Update and upgrade methods	228
Understanding the AutoUpdate utility	230
Configuring the AutoUpdate Utility	231
Configuring update options	235
Configuring advanced update options	237
Understanding the AutoUpgrade utility	240
Configuring the AutoUpgrade utility	241
Configuring upgrade options	246
Configuring advanced upgrade options	248
Using the AutoUpgrade and SuperDAT utilities together	250
8 Using Specialized Scanning Tools	253
Scanning Microsoft Exchange and Outlook mail	253
When and why you should use the E-Mail Scan extension	253
Using the E-Mail Scan extension	254
Configuring the E-Mail Scan extension	255
Choosing Detection options	257
Choosing Action options	260
Choosing Alert options	262
Choosing Report options	266
Scanning cc:Mail	269
Using the ScreenScan utility	269
9 Using VirusScan Utilities	277
Understanding the VirusScan control panel	277
Opening the VirusScan control panel	277
Choosing VirusScan control panel options	278
Using the Alert Manager Client Configuration utility	281
VirusScan software as an Alert Manager client	282
Configuring the Alert Manager client utility	282
A Default Vulnerable and Compressed File Extensions	287
Adding file name extensions for scanning	287
Current list of vulnerable file name extensions	288
Current list of compressed files scanned	292
B Network Associates Support Services	295
Adding value to your McAfee product	295
PrimeSupport options for corporate customers	295
The PrimeSupport KnowledgeCenter plan	295
The PrimeSupport Connect plan	296
The PrimeSupport Priority plan	297
The PrimeSupport Enterprise plan	297
Ordering a corporate PrimeSupport plan	298
PrimeSupport options for home users	300
How to reach international home user support	302
Ordering a PrimeSupport plan for home users	302
Network Associates consulting and training	303
Professional Services	303
Jumpstart Services	303
Network consulting	304
Total Education Services	304
C Using the SecureCast Service to Get New Data Files	305
Introducing the SecureCast service	305
Why should I update my data files?	306
Which data files does the SecureCast service deliver?	306
Installing the BackWeb client and SecureCast service	307
System requirements	307
Phase 1: Download and install BackWeb	307
Phase 2: Register with the Enterprise SecureCast service	312
Troubleshooting the Enterprise SecureCast service	317
Registration problems	317
Unsubscribing from the SecureCast service	317
Support resources	317
SecureCast service	317
BackWeb client	318
D Understanding iDAT Technology	319
Understanding incremental .DAT files	319
Product requirements	319
How does iDAT updating work?	320
What does McAfee post each week?	321
Best practices	322
Three-stage updating	322
Scheduling internal .DAT updates	323
Frequently asked questions	323
Connectivity issues	323
Corrupted data	324
Incremental vs. full .DAT update	324
Network configuration issues	324
Scheduling issues	324

Match case Limit results 1 per page

User

’

s Guide

Removing Infections From Your System

Select the type of e-mail client application you have installed on your

computer. Your choices are:

•

Use outgoing Internet mail

. Click this button to send your sample

via a Simple Mail Transfer Protocol e-mail client, such as Eudora,

NetScape Mail, or Microsoft Outlook Express. Next, enter the name

of your outgoing mail server in the text box

provided-mail.domain.com, for example.

•

Use Microsoft Exchange

. Click this button to send your sample via

your corporate e-mail system. To use this option, your e-mail

system must support the Messaging Application Programming

Interface (MAPI) standard. Examples of such systems include

Microsoft Exchange, Microsoft Outlook, and Lotus cc:Mail v8.0 and

later.

Click

Finish

to send your sample.

NOTE:

Although McAfee researchers appreciate your submission,

their receipt of your message does not obligate them to take any

action, provide any remedy, or respond in any way to you.

SENDVIR.EXE will use the e-mail client you specified to send your

sample. You must have connected to your network or ISP in order for this

process to succeed.

Capturing boot sector, file-infecting, and macro viruses

If you suspect you have a virus infection, you can collect a sample of the virus,

then either create a floppy disk image to send via e-mail, or mail the floppy

disk itself to McAfee anti-virus researchers. The researchers would also benefit

from having samples of your current system files on a separate floppy disk.

Capturing boot-sector infections

Boot-sector viruses frequently hide in areas of your hard disk or floppy disks

that you ordinarily cannot see or read. You can, however, capture a sample of

a boot-sector virus by deliberately infecting a floppy disk with it.

To do so, follow these steps:

Insert a new, unformatted floppy disk into your floppy drive.

Click

Start

in the Windows taskbar, point to

Programs

, then choose

MS-DOS Prompt

if your computer runs Windows 95 or Windows 98, or

Command Prompt

if your computer runs Windows NT Workstation

v4.0 or Windows 2000 Professional.