 What's New in McAfee VirusScan Command Line for Windows NT
                    Version 2.5.1 (9607)
             Copyright 1994-1996 by McAfee, Inc.
                    All Rights Reserved.


Thank you for using McAfee's VirusScan Command Line for
Windows NT. This What's New file contains important
information regarding the current version of this product.
It is highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please use
the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features          
- Known Issues
- Installation          
- Documentation         
- Frequently Asked Questions  
- Contact McAfee

____________
NEW FEATURES


* NEW VIRUSES DETECTED *
 
This DAT file (9607) detects the 258 new viruses
listed below. In addition, locations that have
experienced problems with a particular virus are
identified.
 
_751
3DEVIL.A
3DEVIL.B
ACE.1872
AGA.3000
AHAV.336
AIDS.872
ALEVIRUS.690        (Brazil)
ALEVIRUS.1613       (Brazil)
ALFONS.1536
ANARKEY.475
ANDREW
AOS.833
AOS.847
AOS.854
ASMO.1800
AT.1648
ATC-321
AVATAR.POSITRON.512
BABOSE
BADTOWN.684
BADTOWN.687
BE.451.B
BIGDEATH.1153
BISHDKEY.4160 (*)
BISHK.319
BISHKEKE.4240 (*)
BISHOP.4240 (*)
BLACKTIDE.2419
BLAD.1015
BLTD.2419
BODY.884
BUGS.282
CEIB.4629
CHER.2266
CIVIL IV.586
CMOS_DEATH.B
COMPIAC.379
CONCEPT.E
CONJURER
CONZOULE.240
CORDOBES.3334       (Uruguay)
COSENZA.3205
CRAZYFROG.1477
CREEPER.252
CRITTER.1015
CROATIA.683
DARK_APOCALYPSE.1600.B
DARK_REVENGE.1024
DAYTON.792
DEADWIN.1228        (Bolivia)
DEDA.1000
DEI.1780
DELTA.1163          (Brazil)
DFLKFD
DIALOGOS.1350
DIALOGOS.1522
DONB.444
DRD-4634
DRUID.1888
DVA.445
DVA.749
EATRITCH.946
EI-CUAREIM.800
ENJOY
EPSILON.513
EUSK.811
EVC.161.D
EXORCIST.212
FINDME
FINPOLY.2368 (*)
FIZZLE.313
FLYING.633
GATE
GOSH.1831
GRREP
H8.1173
HARE.7610 (*)       (Internet)
HARE.7750 (*)       (Internet)
HARE.7786 (*)
HH
HI.680
HI.764
HI.802
HLLC.4528 (*)
HLLC.5000 (*)
HLLC.8224 (*)
HLLC.12573 (*)
HLLC.14880 (*)
HLLC.AIDS.8064 (*)
HLLC.BOLEK.8096 (*)
HLLC.CRAWEN.8306 (*) (Italy)
HLLC.CRAWEN.8516 (*)
HLLC.CUMULUS (*)
HLLC.EIB.5000 (*)
HLLC.ENRICO (*)
HLLC.EVEN.PC (*)
HLLC.EVENBEEP.B (*)
HLLC.KRAD.4658 (*)
HLLC.LANC.7376 (*)
HLLC.TREE2.14186 (*)
HLLC.VSW.5936 (*)
HLLC.WORM.16412 (*)
HLLC.XMAS.15264 (*)
HLLO.3008 (*)
HLLO.3855 (*)
HLLO.4032 (*)
HLLO.4317.B (*)
HLLO.4734 (*)
HLLO.4830 (*)
HLLO.5760 (*)
HLLO.6144 (*)
HLLO.BIG&FAT.6561 (*)
HLLO.CRASH.7227 (*)
HLLO.F-SOFT.3521 (*)
HLLO.FU.8608 (*)
HLLO.HEPATITUS (*)
HLLO.KAMIKAZE (*)
HLLO.TU.4752 (*)
HLLO.VSW.3836 (*)
HLLO.VSW.4017 (*)
HLLP.3678 (*)
HLLP.5792 (*)
HLLP.5824 (*)
HLLP.7408 (*)
HLLP.7529 (*)
HLLP.7808 (*)
HLLP.15392 (*)
HLLP.BDAAGWA.4984 (*)
HLLP.BISHKEK.4160 (*)
HLLP.BISHKEK.4240 (*)
HLLP.BWA.4984 (*)
HLLP.CEIB.4629 (*)
HLLP.CHSU.4484 (*)
HLLP.DUPALEC (*)
HLLP.KASIENKA.8192 (*)
HLLP.NOTFOUND.6176 (*)
HLLP.RANGEL.5000 (*)
HLLP.RUNNER.9312 (*)
HLLP.SAURON.4568 (*)
HLLP.SON.4731 (*)
HLLP.UPI.4641 (*)
HLLP.VOVA.12560 (*)
HORSA.1185
HUE.482
ID.248
IMI.1536.H
IMMORTAL.2185
IVP.667
I_LOVE_D.3618
JASI.666
JULY_29TH
JUNKIE.1308
KALN.3225
KALN.3612
KASIUNIA
KBWI.1349
KERS.923
KONKOOR.3072
KOSKO.313
KUNS.168
KWX.1458
LAB
LEATH
LEDA.820
LINC.196
LINC.307
LOSL.535
LYUBA.381
MAD.2631
MADMAX.507
MAR.1972.D
MARVIN
MARYR
MDMA                (Texas, Illinois, Georgia)
MESSAN.B
MG.500.C
MICROB.431
MIPT-PHYSTECH.2000
MIREA.703
MOJHOO.1405
MRTI.576
MTZ-PINK
NADO.LOVE.602
NADO.REDV.584
NE.10634            (Australia)
NEXIV
NICHOLS
NO5.1235
NUCLEAR.B
PC KNIGHT.2083      (Europe)
PCW                 (Europe)
PEMPE.1811          (France)
PHANTOM1 (*)
PIZELUN.3599
PMM.575
PRES.7760
PRIMUS.512
PRIMUS.528
PS-MPC.AOS
QRES.224
RADYUM.503
RENE.4509
RETALIATOR.1535.A
RETALIATOR.1535.B
RIOT.304
RIOT.IR8.928
RIOT.MARI.1125
ROMA
RUSSEL.3072
SANDRA.1809
SENORITA.885        (Europe)
SEPULTURA:MTE
SHIRE.117
SILLYC.96
SILLYC.115.B
SILLYC.186
SILLYC.208
SILLYC.228
SILLYC.710
SINAI.1208
SIRIUS.ALIVE.4000
SMEG.V0_3.DEMO.B
STEALTH.F
STONED.KILL
STRAT.486
STRIKE
SZATAN
TANKAR.236
TCHECHNYA.1919
TIMID.497
TORNADO.759
TPED.1760
TRIVIAL.35.B
TRIVIAL.44.D
TRIVIAL.86
TRIVIAL.963
TRIVIALSMEG
UFO.1468
UNGAME.823
UPI.4641
VCL.O.610
VIV 524
VOYAGER.1134
VOYAGER2.508
VSV.3836
VSW.3966
VSW.4017
VSW.5063
VSW.5176
VSW.5936
WASP.1312
WRLK.1672
ZIBBERT.1268        (Brazil)
ZNOS.1730
ZNOSK.509
ZYX.5739
(*) Requires DOS/Win 2.5.1 engine 
 

* NEW VIRUSES REMOVED *
 
This DAT file (9607) removes the 35 new viruses listed
below. In addition, locations that have experienced
problems with a particular virus are identified.
 
_751
ALEVIRUS.690        (Brazil)
ALEVIRUS.1613       (Brazil)
ALFONS.1344
CONCEPT.E           (Belgium)
DARK_REVENGE.1024
DEADWIN.1228        (Bolivia)
DELTA.1163          (Brazil)
DEMON3B.5610 (*)    (Europe)
DIGI.3547 (*)       (Czech Republic)
EPSILON.513
FITW.7924/7448 (*)  (Europe)
H8.1173
HARE.7610 (*)       (Internet)
HARE.7750 (*)       (Internet)
HARE.7786 (*)
HLLC.CRAWEN.8306    (Italy)
IMMORTAL.2185
KARNIVALI.1972      (US - East Coast)
LEDA.820
MDMA                (Texas, Illinois, Georgia)
NATAS.4926
NUCLEAR.B
PC KNIGHT.2083      (Europe)
PCW
PEMPE.1811          (France)
RUSSEL.3072 (*)
SILLYC.96
SILLYC.186
SILLYC.710
SIRIUS.ALIVE.4000
SKATER.819          (Australia)
VCL.O.702           (Internet)
VOYAGER.1134
ZIBBERT.1268        (Brazil)
(*) Requires DOS/Win 2.5.1 engine 

____________
KNOWN ISSUES

1.  When a macro virus is detected, the message "No
    remover currently available for this virus" is
    displayed. Disregard this message and clean the
    file using the /CLEAN option.

2.  When a macro virus is detected in conjunction
    with other viruses, the macro virus remover does
    not work. If you encounter this, remove the other
    virus first or work in a separate area.

3.  When VirusScan NT scans the PAGEFILE.SYS, the system
    beeps and an Access Denied message is displayed.

4.  VirusScan NT is not able to access the boot sectors
    and the Master Boot Record unless you have
    administrative rights. To scan the boot sectors and
    the Master Boot Record, log in as a user with
    administrative rIghts. You may need the DOS version
    of Scan if your system has a boot sector virus.

____________
INSTALLATION

* PRIMARY PROGRAM FILES FOR VIRUSSCAN COMMAND LINE *

Files located in the Install directory:
=======================================

  NTSCAN.EXE = VirusScan for Windows NT Command Line program
  README.1ST = McAfee information
    SCAN.DAT = Virus definition data
   NAMES.DAT = Virus definition data
   CLEAN.DAT = Virus definition data
    SCAN.EXE = VirusScan for DOS Command Line program
VALIDATE.EXE = Authenticity validation program
WHATSNEW.TXT = What's New document
 PACKING.LST = Packing list


* INSTALLING THE PRODUCT *

To install, create a directory and copy the files
to it.

       
* TESTING YOUR INSTALLATION *
            
The Eicar Standard AntiVirus Test File is a combined effort
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus
installations.

To test your installation, copy the following line into its
own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69 or 70 byte file.

When VirusScan is applied to this file, Scan will report
finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS.  However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.

Please delete the file when installation testing is completed
so unsuspecting users are not unnecessarily alarmed.

_____________
DOCUMENTATION

For more information, refer to the DOS section of the
VirusScan User's Guide, included on the CD-ROM versions
of this program or available from McAfee's BBS and FTP
site. This file is in Adobe Acrobat Portable Document
Format (.PDF) and can be viewed using Adobe Acrobat
Reader. This form of electronic documentation includes
hypertext links and easy navigation to assist you in finding 
answers to questions about your McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the ACROREAD
subdirectory. Adobe Acrobat Reader also can be downloaded 
from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's BBS
or the World Wide Web at:

http://www.McAfee.com or 205.227.129.97

__________________________
FREQUENTLY ASKED QUESTIONS

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.
     
Q:  What is VirusScan Command Line for Windows NT
    (NTSCAN)?

A:  VirusScan Command Line for Windows NT is a
    commandline scanner that was ported from our
    DOS VirusScan product many months ago. We have
    maintained the line because it uses the same
    commandline options as the DOS product and some
    large clients still like to have a uniform script
    that scans client machines as they log in.


Q:  Is this the only commandline based NT product
    for scanning?

A:  Yes and no. VirusScan Command Line for Windows NT
    is the only commandline program, but the SCAN32
    program that is included with NetShield and the
    VirusScan for NT products will accomplish the same
    goal using a custom VirusScan Configuration (VSC)
    file instead of commandline parameters. Since SCAN32
    is not offered as a stand-alone product, we maintain
    the older commandline product.


Q:  How do I use VirusScan Command Line for Windows NT?

A:  You use it similar to the way you use
    VirusScan for DOS or OS/2. While in NT, open
    up a DOS commandline session and run
    NTSCAN <drive spec> /<option1> /<option2> /<option3>.
    The product documentation contains information about
    the different commandline parameters.


Q:  What if my DOS session is infected? How would I boot
    clean?

A:#l  If the file on your computer is file allocation
      table (FAT) based, boot with a DOS system
      disk, and then scan all the files.

A.#2  If your system is NT file system (NTFS) based,
      follow these procedures:

      a.  If your command shell is not infected
          (CMD.EXE), then open a new DOS session.
          Run Scan. Since all DOS sessions share
          the same file area but different protected
          memory locations, this is a clean boot.

      b.  If the command shell is infected, perform one
          of the following procedures:  (1) Use Control
          Panel to change your system command shell to
          COMMAND.COM, or (2) Use File Manager to copy
          a new uninfected copy of CMD.EXE to the machine
          and delete the infected copy.


Q:  Can I use the same datafiles to update VirusScan
    Command Line for Windows NT as I would to update
    VirusScan for DOS?

A:  Yes. All McAfee anti-virus products use the same virus
    definition files for scanning.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax: (408) 970-9727
    24-hour, Group III Fax 
		
3.  Fax-back automated response system: (408) 988-3034

Send correspondence to any of the following McAfee
locations:
	
    McAfee Corporate Headquarters		
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral West Center
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    5944 Luther Lane, Suite 117		
    Dallas, TX 75225				
						
    McAfee Canada
    178 Main Street
    Unionville, Ontario
    Canada L2R 2G9

    McAfee Europe B.V.			
    Orlyplein 81 - Busitel 1		
    1043 DS Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom 

    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet E-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.134

4.  World Wide Web: http://www.mcafee.com or 205.227.129.97

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE


Before contacting McAfee, please make note of the
following information. When sending correspondence,
please include the same details.

- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.


* FOR ONSITE TRAINING INFORMATION *

Contact McAfee Customer Service (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of agents, see the file 
AGENTS.TXT or contact McAfee Customer Service for
agents near you.



