                       ViruCide  Plus 4.xx
                       Parsons Technology


1    Introduction
    IMPORTANT:  This version of ViruCide Plus is not to be
    installed on a computer that is running the Windows 95
    operating system.  In  the  event  that the program is
    inadvertently installed  in  a Windows 95 environment,
    take the following steps:
     a.  Boot the computer in DOS mode.
     b.  Edit the WIN.INI file, removing from the load=
     line "C:\ViruCide\VSWIN"
     c.  Edit the SYSTEM.INI file, the 386Enh section,
     removing the "Device=VSWIN.386" line
     d.  Remove all referenceds to ViruCide in the
     Autoexec.bat file
     e.  Remove ViruCide from your hard drive.

1.1 What is "ViruCide"?

    "ViruCide"  is a powerful protection tool  that  will
    stop  electronic viruses from damaging your  computer
    system.  Parsons software has designed   "ViruCide  "
    to   stay  in  the  background, automatically  detect
    viruses  and remove them from executable  and  opened
    files. You can also scan your disk or diskettes  when
    desired. By using interactive dialogues, you  provide
    the  guidelines  for dealing with a  virus.  ViruCide
    can  remove viruses from files and boot sectors,  and
    reconstruct your system after infection. It can  also
    prevent  further infiltration, and monitor suspicious
    changes in your system at every boot.

1.2  ViruCide Modules

    The  "  ViruCide " package is made up of  four  basic
    components.   The  first  one  is  the   installation
    utility.  The main program has three parts. Together,
    these  three modules will help you maintain a healthy
    computer system.

1.2.1    VIRUCIDE - Detection, Removal, Reconstruction

    The  VIRUCIDE module "cures" your system of  viruses.
    It  scans through your system, finds viruses, removes
    them  and  reconstructs any damaged  files.  VIRUCIDE
    detects  the  presence of most  viruses  anywhere  in
    your   computer,  and  usually  repairs  the   damage
    instantly.  You are able to decide how  you  wish  to
    deal  with a virus on the event of finding  one.  You
    can  also redefine parameters which will be activated
    automatically during the scan.

    You  can  run  this program at any time to  cure  the
    specified  medium  (the  whole  disk,  one  or   more
    directories,  or  the floppy disks).  There  are  two
    versions  of  VIRUCIDE at your  disposal;  a  Windows
    version  called WVIRUCID and the non-Windows version.
    An  installation  under  Windows  will  automatically
    install both versions on your hard disk, while a  DOS
    installation   will  install  only  the   non-Windows
    version.



1.2.2     VS Memory Watchdog

    The  VS module guards against viral penetration  into
    your  computer's memory. VS is a TSR, which means that
    it  is automatically loaded at boot time, and remains
    active  as  long as your computer is  in  use.  Every
    time  you run a program (either from your hard drive,
    or  from  a  floppy disk) or open  a  file,  VS  will
    examine  the  program code before it is  loaded  into
    your  system  memory.  VS can  recognize  the  unique
    signatures  of  thousands of viruses, and  will  stop
    any   known  virus  before  it  can  become   active.
    PREVENT,  which is an extension of  VS,  attempts  to
    detect unknown viruses by attracting potential  virus
    action to itself.

1.2.3     SYSCHECK System Integrity

    The  SYSCHECK  module inspects vital  areas  of  your
    disk to ensure that no unwanted changes were made  to
    your   hard   drive.   At   every   boot,   important
    information on your disk (the COMMAND.COM  file,  the
    system  files,  the disk's partition sector  and  the
    disk's   boot  sector)  are  compared  with   special
    signature   files  that  were  created   during   the
    installation  process.  Any discrepancy  between  the
    signature  files  and the current  contents  of  your
    disk's system area will generate a warning. In  cases
    when  system  integrity  is violated,  SYSCHECK  will
    rebuild your disk from the information stored in  the
    signature files. If  your disk is totally damaged  by
    viral   activity,  the  files  saved  on  the  rescue
    diskette will be used to restore your system.

2    Installation - SETUP

    Installing  ViruCide under Windows will automatically
    install  both the Windows version and the DOS version
    on  your  hard  disk,  while a  DOS  installation  is
    effective only for DOS, as it installs only the  non-
    Windows version.


2.1  What do you need to Install ViruCide?

    ViruCide requires the following system configuration:

         Hardware: IBM-PC or Compatible
         Operating System: DOS 3.0 or higher
         Windows 3.1 or higher

    In  order to use the SYSCHECK and VS modules, a  hard
    drive  is  required. In addition, the  SETUP  program
    will  ask  you for a diskette in order  to  create  a
    copy of your hard-drive's system area.


2.2 What Happens During Installation?

    In order  to  use the ViruCide package, you  need  to
         install   the   software  on  your   hard-drive.
         Although    this   process    is    quick    and
         straightforward, several important measures  are
         taken   during   installation  to  protect   your
         computer.

    1.  The   SETUP   program   thoroughly   scans   your
         computer   BEFORE   the  ViruCide  software   is
         installed  on  your hard-drive. If  a  virus  is
         found,  consult the user manual or on-line  help
         on  the  choices  available to  you.  When  this
         process  is  done,  the  ViruCide  software   is
         installed  on  a  totally  virus-free   computer
         system.

    2.  The  SETUP  program  copies all  files  that  are
         necessary  to  run ViruCide into a special  sub-
         directory  on  your  hard-drive.  The  new  sub-
         directory,   (which   is  called   ViruCide   by
         default,  but  you  may change  that),  will  be
         created  automatically, if it does  not  already
         exist.

    3.  Your  system's boot file (AUTOEXEC.BAT)  will  be
         modified  if  you  wish, so  that  the  ViruCide
         Modules    VS    and   SYSCHECK    are    loaded
         automatically  every  time  you  turn  on   your
         computer.

    4.  ViruCide   creates   "signature   files"    which
         contain  backups  of all the  system  files  and
         other  sensitive  system  information  that   is
         normally   stored  on  your  hard   drive.   The
         SYSCHECK  module uses these signature  files  to
         verify  that no suspicious changes were made  in
         your hard-drive's system area.

    5.  The  signature  files will also be  stored  on  a
         special  "Rescue Diskette", if you  desire.  The
         information on this diskette will help  ViruCide
         reconstruct your hard-drive in the event that  a
         virus  severely corrupts the system information.
         If  you want to create the Rescue Diskette,  you
         will  need an extra diskette ready when you  run
         the   SETUP  program.  After  SETUP  copies  the
         signature  information to the  diskette,  please
         be  sure to label, write - protect and save  the
         diskette,  so you would be able to use  it  when
         necessary.

2.3  First Time Installation

    The ViruCide SETUP program makes the installation  of
    ViruCide  quick and easy. Installation will  normally
    be a one-time process.

    To Install ViruCide on a computer with a hard-drive:

    1.  Make  sure  you have an extra diskette ready  (if
         you want to make the rescue diskette).

    2.  Verify  that  your original ViruCide diskette  is
         in the appropriate Drive.

    3.    At  the  DOS  prompt or in the Windows run  dialogue,
    type:

            A:\SETUP  <ENTER>  or  B:\SETUP  <ENTER>

    4.   Wait for the Install ViruCide opening screen.

         You  can  move  with the arrow keys horizontally
         and  vertically, or use the <TAB>  key  to  move
         between menu items, and the <ENTER> key to  make
         a  selection.  In order to place a checkmark  in
         checkboxes,  use  the <Spacebar>  key.  If  your
         computer  is  equipped with  a  mouse  or  other
         pointing  device, you can also click on  a  menu
         item to make a selection.

    5.  Choose  Install  ViruCide  from  the  menu.   The
         other  options  are UnInstall,  Help  and  Exit.
         Once  you  have  chosen  Install,  a  series  of
         dialogues    will   guide   you   through    the
         installation  process.  You  will   have   three
         options:  to install a full copy of ViruCide,  a
         Network  Station version or a Custom version.
         You  can  also  install ViruCide on  the  Server
         using  the  Windows version. The Custom  version
         enables  you to define parameters that  control
         the  way  the  SETUP program  and  the  ViruCide
         itself  function.

    6.  Specify  the  drive  and sub-directory  on  which
         you  would like to install Virucide (C:\ViruCide
         is  the  default).  SETUP will  then  check  the
         source  and  destination drives.  When  this  is
         done,   SETUP  will copy the ViruCide  software,
         in  the  version you have chosen, to  this  sub-
         directory.  (if  the directory you  have  chosen
         does  not  exist, ViruCide will  create  it  for
         you).

    7.  Follow    the    Install    ViruCide    on-screen
         instructions to complete the installation.

    SETUP  will prompt you to provide a diskette in order
    to  create a "rescue diskette" containing a backup of
    your  hard-drive's system area. This diskette is  not
    essential  to  the  running of ViruCide,  but  it  is
    recommended.  SETUP  will  check  with   you   before
    modifying your hard-drive's AUTOEXEC.BAT file. If  no
    AUTOEXEC.BAT file exists on the current drive,  SETUP
    will create a new file for you.

    ViruCide   needs   to   insert  commands   into   the
    AUTOEXEC.BAT  file  so that your  computer  activates
    the VS and SYSCHECK modules every time you boot up.

    NOTE:  If you choose not to update your AUTOEXEC.BAT,
    you  will have to manually load the ViruCide  memory-
    resident  modules to enjoy the full benefits  of  the
    ViruCide package (see Section 3.1, 3.3)

    If  the Installation was completed successfully,  you
    will  receive the "Installation Successful"  message.
    If  you receive a "Partially Successful" message, you
    may have to reinstall ViruCide.

    8.  Choose "Exit" from the main menu to leave the SETUP
         program.

2.4  Special Instructions for Network Installation

2.4.1     Single Station Installation

    Please  follow the following instructions to  install
    ViruCide  on  an  individual station connected  to  a
    network.

2.4.1.1   Network Stations with a Hard Drive

    Important:  the  installation  of  ViruCide  will  be
    fully  capacitated  provided  that  you  are   -   or
    authorized by - a Network Administrator.
    Installing  ViruCide on a network  station  from  the
    server  is similar to installing a full version  from
    a  diskette,  except that the SETUP  program  is  run
    from   the   Server  drive  on  which   ViruCide   is
    installed. In addition, many files which can  be  run
    from  the  server will not be installed on your  hard
    drive.  The VS and SYSCHECK modules will be installed
    on  your  hard drive. The AUTOEXEC.BAT file  will  be
    updated  so that the ViruCide server facilities  will
    be  available to you and VS and SYSCHECK will also be
    activated every time your computer boots.


2.5 Removing ViruCide

    To remove the ViruCide Program:

    1.  Insert your original ViruCide diskette in the
         appropriate drive

    2.   Run the SETUP program by typing:

              A:\SETUP <ENTER>
                    or
              B:\SETUP <ENTER>

    3.  Choose  "UnInstall ViruCide...."  from  the  main
         menu.

    If   you   receive  the  "Successfully   UnInstalled"
    message,  then  ViruCide is no  longer  installed  on
    your   hard  drive.  However,  if  you  receive   the
    "partially  UnInstalled"  message,  you  should   try
    again.

    4.   Choose "Exit" to leave the SETUP program.


2.6  Reconstructing Bad Boot/Partition Sectors

    2.6.1    When Will You Need the Rescue diskette?

    The  Boot  and Partition Sectors of your  hard  drive
    contain  important information about the organization
    of  the data on your disk. Should the information  in
    these  areas  of  the disk become  corrupted  (either
    through  viral activity, or through physical damage),
    the  hard drive will not function properly. Commonly,
    you  will  find that your computer cannot  boot  from
    the  hard  drive,  or  that  the  computer  does  not
    "recognize"  the  hard drive. In such  cases,  it  is
    necessary to rebuild the information in the Boot  and
    Partition  sections  from the rescue  diskette  which
    ViruCide has created during installation.

    2.6.2    Using the Rescue diskette

    The  regular installation procedure puts files on the
    Rescue  diskette. These files contain  the  boot  and
    partition sector signatures of your hard disk.

    1.  It  is  recommended  to  use  this  option  after
         booting  from a clean, write-protected, original
         DOS system diskette. Run the RESCUE program
        from  the  Rescue diskette with one of these  two
         commands:

         A:\RESCUE<ENTER>
                     or
         B:\RESCUE<ENTER>

    3.  A  series  of  dialogues will guide  you  through
         the reconstruction of your disk.


3    Using ViruCide


3.1  Loading VS

    Normal  installation of ViruCide on your  hard  drive
    ensures    that   the   VS   module   is   activated
    automatically  when  the  computer  is   turned   on.
    However,  if your AUTOEXEC.BAT file has not been  set
    to  load  VS,  you  will need to  manually  load  the
    module into memory. To load the VS module:

    1.  Make  sure that the active drive is correct,  and
         that   the   current  directory   contains   the
         ViruCide files.

    2.   Load the module by typing:
              VS<enter>

    3.  There  are many options to the VS command.  These
         can be found by typing:
              VS /h<enter>

3.2 Virus Detection with VS

3.2.1    How Will You Know that Your Computer is
    Infected?

    When  a  program infected with a known virus attempts
    to  load  itself into memory, the VS module  will  be
    alerted.  VS  will  immediately  warn  you   of   the
    attempted  infiltration. A dialogue box will  pop  up
    on  your  screen  with  a message  warning  of  viral
    infection.  This  means  that  the  program  you  are
    currently  running was infected with  a  virus  which
    attempted   to   enter   system   memory,   and    VS
    successfully  prevented  the  infected  program  from
    running.

   VS can be loaded using command line parameters.
   These can be listed by entering VS /? at the DOS prompt.
   VS uses 7K of conventional memory and 135K of EMS
   or XMS.  A medium-sized version of VS will use 40K
   of conventional memory and a small-sized version will
   use 11K of memory.


3.2.2    What Should You Do if You Are Running an Infected
    Program?

    If  you see the VS warning box appear when you run  a
    particular program, it is likely that the program  is
    infected  with a computer virus. Although VS prevents
    the  virus  from entering memory and causing  damage,
    it  cannot  remove it from the infected  diskette  or
    disk  which carried the virus. To eradicate the viral
    code from the infected diskette or disk, you need  to
    run  VIRUCIDE  (or WVIRUCID) on the  infected  medium
    (see Section 3.5).


3.3 Running SYSCHECK

    SYSCHECK  is  run automatically every time  you  boot
    your  computer.  However, if you did  not  allow  the
    Install  program  to  modify your AUTOEXEC.BAT  file,
    you would have to run SYSCHECK manually.

    To load SYSCHECK:

    1.  Make  sure  that  the active  drive  is  the  one
         where  ViruCide  was  installed,  and  that  the
         current  directory  contains  all  the  ViruCide
         files.

    2.   load the module by typing:

              SYSCHECK<enter>

    3.  There  are  many options to the SYSCHECK command.
         These can be found by typing:

               SYSCHECK /h<enter>.

3.4 Maintaining System Integrity with SYSCHECK

    The  SYSCHECK  module checks the  integrity  of  your
    system information against the backup data stored  in
    the  special signature files that were created during
    the  installation  process. An SYSCHECK  warning  box
    will  appear on your screen, should any discrepancies
    be  discovered. The warning reports inform  you  what
    area  of  the  system has been affected, and  prompts
    you for one of three courses of action:

    Restore:  Asking SYSCHECK to Restore will update your
         system  area with the backup information  stored
         in  the signature files. This removes any damage
         a  virus may have done to your hard drive.  This
         option  must be used with care as the  signature
         files must be up to date.

    Accept:  You  may choose to accept the new  state  of
         your  system  area as correct. This will  update
         the  signature  files with the  new  information
         from  your hard drive. Use the Accept option  if
         you   have  recently  performed  some  operation
         which   legitimately  changes  the  hard   drive
         system  area; e.g., installing a new version  of
         DOS.  Remember that if you update your signature
         files,  your  signature  disk  should  also   be
         updated.

    Ignore:  Choose  Ignore if you do note want  SYSCHECK
         to take action at this point.

3.5 Using VIRUCIDE for DOS or WVIRUCIDE for Windows

    The  VIRUCIDE  module  detects  viruses, removes them
    from your files, and reconstructs damaged files.

3.5.1    When to Use VIRUCIDE

    You  can use the VIRUCIDE program any time you  want,
    to  ensure  that a specific diskette  or  hard  drive
    partition  is virus free. We recommend that  you  run
    VIRUCIDE  periodically,  as  well  as  whenever   you
    obtain  new  software or add new files to  your  hard
    drive.  You should always run VIRUCIDE after a  viral
    infection has been detected by VS.

3.5.2    Starting VIRUCIDE

    1.  Make  sure  the  current directory  contains  the
         ViruCide software.

    2.  Run the VIRUCIDE module by typing:

         VIRUCIDE <ENTER>

    There  is  also a VIRUCIDE interface for the  Windows
    environment called WVIRUCID. If you use Windows  this
    version  of  VIRUCIDE is available to you.  When  you
    first load Windows after installing ViruCide you  are
    given  the  opportunity to have an "Parsons ViruCide"
    group  created with the WVIRUCID and WVS icons.  Once
    these  are  created, all you have to do is  click  on
    the relevant program icon.

3.5.3     Scan  your disk or diskettes using the VIRUCIDE
    graphic interface. If it is not possible to remove  a
    virus  from  a file, you have the option  to  save  a
    sample    of   the   infected   file   for    further
    investigation.

3.5.4    Using VIRUCIDE with Command Line Arguments

    The   VIRUCIDE   module  can   also   be   run   non-
    interactively. This is useful for including  VIRUCIDE
    in  a batch file. To run VIRUCIDE in batch mode,  you
    must  specify  command line arguments.  The  VIRUCIDE
    COMMAND LINE syntax is as follows:

    VIRUCIDE  path  [ optional parameters ]

    VIRUCIDE  path  [/K | /I | /D| /RE] [/C] [/B] [/F] [/T |
           /R] [/A | /S] [/P] [/L] [/N]

    Only one parameter from each group can be used
           simultaneously.

    Example:         C:\ VIRUCIDE C: /d /c /r

    Command Line Parameters:

    /? or /h       Display this HELP screen.
    /asK      Ask user how to handle the virus
    /Ignore        Report viruses and continue
    /Delete        Delete the infected object
    /Remove   Remove the virus
    /Copy          Copy samples to a directory
    /Boot          Scan boot sectors
    /Files         Scan files
    /fasT          Fast scan
    /secuRe   Secure scan
    /All      Scan all files
    /Specific Scan specific files
    /Print         Print a report to the printer
    /resuLts  Print a report to a file
    /Nomem    Do not scan memory for viruses

    For example:

    VIRUCIDE  D:\DOS  /A /L

    Scan for all files for the DOS directory on drive  D.
    Any viruses found will be logged in a report file.


3.6 VSWIN - Active Monitor for Windows.

    VSWIN  Active  Monitor  starts  whenever  you  open   a
    Windows  session,  and runs in background  mode.   VSWIN
    remains  on  guard to protect your  system  while  in
    Windows   session,  just  as  the  VS  protects   DOS
    sessions;  it  also  protects DOS applications  under
    Windows. VSWIN intercepts the reports that the  various
    modules  generate  when they detect  virus  activity.
    Then,  the  WVS  generates a Windows pop-up  dialogue
    box  over whatever application you are running at the
    current  time, and displays a warning  that  a  virus
    has  been  discovered. You may either  TERMINATE,  or
    CANCEL  the  Active Monitor: if TERMINATE is  chosen,
    the  WVS  will  cease  to be  active.  If  CANCEL  is
    chosen,  the  Active Monitor will only  be  minimized
    and  retain  its activity in a background  mode.  The
    Active  Monitor  also enables you to  choose  between
    ENABLE  or  DISABLE  the  monitor,  by  clicking  the
    button at the bottom of the screen.

