What's New in VirusScan for Windows 3.1x v2.5.3 (9611)
        Copyright 1994-1996 by McAfee, Inc.
                All Rights Reserved.

    
Thank you for using McAfee's VirusScan for Windows 3.1x.
This What's New file contains important information
regarding the current version of this product. It is
highly recommended that you read the entire document.

McAfee welcomes your comments and suggestions. Please use
the information provided in this file to contact us.

___________________
WHAT'S IN THIS FILE

- New Features
- Known Issues
- Installation
- Documentation
- Frequently Asked Questions
- Contact McAfee

____________
NEW FEATURES

    VirusScan now supports centralized alerting and
    reporting to a remote NetWare or Windows NT server.
    Using NetShield for NetWare v2.3.3 or NetShield for
    Windows NT v2.5.3, client alerts and reports can be
    redistributed or compiled at the central server
    location for ease of management.

* ENHANCEMENTS *

1.  VirusScan for Windows 3.1x now implements VShield
    as a virtual device driver (VxD). This replaces the
    VShield Terminate and Stay Resident (TSR), enhancing
    features and reducing the memory footprint. VShield
    operates directly in the Windows environment, no
    longer relying on a DOS TSR.

2.  A VxD is a filter to prevent the spread or
    activation of Macro viruses attempting to
    replicate within Windows applications, such as
    Microsoft Word for Windows.

3.  When a virus is found, VShield's VxD can be
    pre-configured to prompt the user for action or
    to automatically repair, quarantine, deny access
    to, or delete infected files.

4.  McAfee's VShield VxD allows the user to configure when
    to conduct a scan (for example: on file run, copy,
    create, or rename; on floppy disk access) and which
    files to include.

5.  During installation, the DOS scanner provides the
    user with the options of scanning the drive at boot up
    and appending the installed directory to the path.

6.  During installation, the option of loading VShield into
    memory upon starting Windows is provided to the user.


* NEW VIRUSES DETECTED *

This DAT file (9611) detects the following 129
new viruses. Locations that have experienced
particular problems with specific viruses are also
identified.

_922				Germany
_1000				US
_2673                           Philippines
APOCALIPSE.1685 		Portugal
APRIL1A.798
APRIL1B.797
AREQUIPA.1994			Peru
ASBV
ASH.302
ASMODEOUS.1437
ASSIGN.653
ATOM
BANDUNG.A			US/Indonesia
BANDUNG.B
BARAN.2978
BARAN.3001
BNB.498
BR.1180
BW.790
CACO.3310			Peru
CHANDI				US
CHAPA.447
CHAPA.448
CHERRY.2266
COMP.180
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
CRAWLER.545
CRIM_WW
CYBERTECH.668
DAN.1784
DELTREE TROJAN
DEMON3B.4313
DINA.271
DINA.283
DIR-II.1536.G
DIR-II.AS
DREAMER.8869
DST.330
DST.347
DST.396
DSTAR.223
EASY				Internet
EDOL.832
EXEHEADER.VLAD.337
EXTRACTJPG.TROJAN
FATHER_MAC.1382
FAULT.9209
FORMATC:TROJAN                  
FSN.1279
GANGSTERZ			Internet
H-ANDROMED.594
HELGA.666.B
HELPER				US
HIDER.2143
INCH
INFERNO.781
JASON.626
JOVIAL.503
JUICE.305
KALO.1464
KOSKON.313
LATER.981.B
LD93.1217			Australia
LUNCH.783
MACGYVER.4112 (MBR)		Taiwan
MAIDEN.891
MARKUS.5415
MBRK.714
MDMA.C				US
MINZ.470
MIXTURA.1000
MOSCA.1278
MURCIA.4651
NPOX.1186
OKTUBRE.1784
OUTLAW				Internet
PELIGRO.1206			Peru
PHARDERA			Internet
PIRANIA.1617
PROTOVIRUS.720
PS-MPC.504			Peru
RESCUE 911.3774 		Saudi Arabia
ROTATOR.864
SALAMANDER.888
SANLORENO.1025
SAVER:DE			Internet
SCROLL.600
SHOWOFXX			Australia
SIERRA.D			US
SILLY.745
SMILEY:DE			Germany
SPEC.907
SPOOKY:DE			Internet
STEATODA.1623			Israel
STRYX:DE			Internet
SUPERF.1175
SVC.3103			South America
SYSKLL.290
T555.556
TAURUS.1852
THEATRE:TW  (*)                 Taiwan
THEATRE.A:TW  (*)               Taiwan
TREBUJENA.1094
TRIVIAL.44.F
TRIVIAL.45.H
TRIVIAL.52
TRIVIAL.53.A
TRIVIAL.119
TRIVIAL.284
TROOPER.2259                    
TWNO:TW  (*)                    Taiwan
TWNO.B:TW  (*)                  Taiwan
TWNO.C:TW  (*)                  Taiwan
UNHAPPY.763.A
UNHAPPY.763.B
VCC.620
VCS.799
WAZZU.J
WAZZU.O
WAZZU.P 			US
WEATHER:TW(*)                   Taiwan
WAZZU.Q                         US
ZGENRAT.785			US
(*)  Infects double-byte (omnicode) versions of Word,
     which include Japanese, Korean, Chinese, and
     Simplified Chinese.     
                                       

* NEW VIRUSES REMOVED *

This DAT file (9611) removes the following 112 new
viruses. Locations that have experienced particular
problems with specific viruses are also identified.

666
_922				Germany
_1000				US
1946
_2673                           Philippines
ARALE
AREQUIPA.1994			Peru
ASBV
AWAITS.500
BABY_L.674
BADSIZE.369
BANDUNG.B
BARAN.2978
BARAN.3001
BARROTES.840			Spain
BNB.498
BR.1180
BRBI.KOBRIN.492
CACO.2965
CACO.3310			Peru
CARRYON.534
CHANDI				US
CHAPA.447
CHAPA.448
CONCEPT.I
CONCEPT.L
CONCEPT.M
CONCEPT.N
CONCEPT.P
COOL.929
COREA.926
COUP.2062
DEARFRIEND.524
DOPERLAND.490
DREAMER.4808
DREAMER.8869
DUNE.483
EASY				Internet
EUPM.1731
F-YOU
FIFO.333
FORMAS.1146
FORMATC:FORMAT
GANGSTERZ			Internet
GENE.1991
GENIUS
H-ANDROMED.594
HELPER				US
INCH.386
INT4B.231
INT4B.242
IVP.BUBBLES.684 		US
KALI-4
KOSKON.313
LD93.1217			Australia
LOVEBUZZ.591
LUNCH
MACGYVER.4112			Taiwan
MANTRA.719
MARKUS.5415
MDMA.C				US
NPOX.1186
OMEGA
OUTLAW				Internet
PELIGRO.1206			Peru
PHARDERA			Internet
PS-MPC.504			Peru
PUPPETS.960
RESCUE 911.3774 		Saudi Arabia
SAVER:DE			Internet
SHOWOFXX			Australia
SIERRA.D			US
SILLYC.90
SILLYC.155.B
SILLYC.165
SILLYC.200.B
SILLYC.202
SILLYC.226
SILLYC.316
SILLYC.373
SILLYORCE.76.B
SILLYRC.214
SILLYRC.248
SILLYRC.303
SMILEY:DE			Germany
SPOOKY:DE			Internet
STEATODA.1623			Israel
STRYX:DE			Internet
SUPERVISOR.2221
SVC.3103			South America
T555.556
THEATRE:TW  (*)                 Taiwan
THEATRE.A:TW  (*)               Taiwan
TIE.619                
TIP.554
TULA.1540
TULA.1656
TURBOEXE.854
TWNO:TW  (*)                    Taiwan
TWNO.B:TW  (*)                  Taiwan
TWNO.C:TW  (*)                  Taiwan
UNHANDLED.495
UNHAPPY.763.A
UNHAPPY.763.B
VIAGGIO.1051
VOTADC.591
WAZZU.J
WAZZU.O
WAZZU.P 			US
WAZZU.Q 			US
WEATHER:TW (*)                  Taiwan  
WILDY.354.B
WILDY.354.C
(*)  Infects double-byte (omnicode) versions of Word,
     which include Japanese, Korean, Chinese, and
     Simplified Chinese.     


* ISSUES ADDRESSED IN THIS RELEASE *

1.  Log file validation has been added in the Report page.
      
2.  When the Clean Infected Files Automatically option is
    set in the Actions page, the user is now prompted if
    a boot sector virus is found. 

3.  Additional virus detection for file overwriting.

4.  VShield status is now displayed when double clicking
    on the VShield icon from the program group.

5.  VShield now validates the Virus Dat files before
    loading.

6.  Added Netx driver and Netware 3.X compatibility.

7.  The user utility Chkvxd.exe now returns the proper exit
    codes.

8.  Various display issues with the McAfee detection screen
    (Blue and Red) are resolved.  

9.  Log entries are now made with the "Deny access and
    continue" setting in the Actions page.


____________
KNOWN ISSUES

1.  This version will not detect previously installed
    versions of VShield TSR (from 2.2.F and prior) and
    will not remove the path entry made to the
    AUTOEXEC.BAT file if the installation differed from
    the default, c:\mcafee\viruscan.

2.  In order to re-enable VShield after disabling it,
    right-click and select Enable.

3.  If Move Infected File is selected on the Actions page,
    infected files will be moved to the directory specified. 
    However, if the Windows Copy command fails during this
    procedure, a zero byte file size stamp may be left in
    the destination directory when carrying out the Copy
    command.

4.  If using NetX drivers to connect to 3.x Netware servers,
    carrying out applications located on the server may
    result in a Windows' sharing violation message during a
    VShield file scan.

    Solution: To avoid the Window's sharing violation
    message, add the following line to the default.vsh file
    under the General section:

     bUsingNetx=1

    Or, change the application executed from the server to
    Read Only.

____________
INSTALLATION

* INSTALLING THE PRODUCT *

If you would like to perform a "silent" installation of
VirusScan, requiring minimal user interaction and using all
default or "Typical" installation settings, add -s
(i.e. SETUP.EXE -s) to the setup command when you install
the product.

Please note that the silent install is designed to install
the product from a single source. If you have the floppy
disks version, please copy the files from both disks to a
temporary directory on the hard drive and run the setup
command with the -s switch.

Network Administrators can customize the silent
installation by following the steps below.

1.  Check in the Windows directory to ensure that a
    file named SETUP.ISS does not already exist. If it
    does, rename it, back it up, or delete it.

2.  Run SETUP.EXE with the -r switch, (i.e. SETUP.EXE -r).

3.  Select the components you would like to be installed
    during the silent installation. All responses will
    be recorded.

4.  Finish the installation, and locate the file SETUP.ISS
    in the Windows directory.

5.  Open the file using any ASCII editor (e.g., NOTEPAD.EXE)
    and delete the section titled APPLICATION.

6.  Rename, back up, or delete SETUP.ISS on the first
    installation disk (floppies only). For CD-ROM versions
    of the product, you must copy the installation files
    onto the hard drive before taking this step.

7.  Copy the new SETUP.ISS from the Windows directory
    to the location of the installation files.

8.  Run SETUP.EXE with the -s switch (i.e. SETUP.EXE -s).

9.  When the silent installation is complete, you should
    reboot the machine manually.

    NOTE: If you do not specify a "recorded" answer for
    all dialog boxes during the initial installation, the
    silent installation will fail. Also, the file used
    for the silent installation, SETUP.ISS, may not work
    properly across different operating systems.


* PRIMARY PROGRAM FILES FOR VIRUSSCAN FOR WINDOWS 3.1x *
      
Files located in the Install directory:
=======================================

1.  Installed for VShield/DOS/VirusScan:

	  README.1ST = McAfee information
           CLEAN.DAT = Virus clean definition data
           NAMES.DAT = Virus names definition data
            SCAN.DAT = Virus scan definition data
        VALIDATE.EXE = McAfee file validation program
	   WCMDR.EXE = Windows Commander program
	   WCMDR.INI = Windows Commander configuration
                       settings
	 PACKING.LST = Packing list
	WHATSNEW.TXT = What's New document

 
2.  Installed for VShield:

	MCKRNL16.DLL = Tools library
	MCUTIL16.DLL = Run-time support library
	TABDLL11.DLL = Properties dialog library
	VSHCFG16.EXE = VShield Configuration Manager
	  VSHWIN.EXE = VShield on-access engine
          CHKVXD.EXE = VShield virtual device driver
                       checking utility
        VSHCFG16.HLP = Online help
	 DEFAULT.VSH = Default VSH settings


3.  Installed for DOS:

            SCAN.EXE = MS-DOS scan program 


4.  Installed for VirusScan:

           WSCAN.EXE = VirusScan for Windows 3.1x on-
                       demand scanner
	   WSCAN.HLP = VirusScan for Windows 3.1x online
                       help
           WSCAN.INI = VirusScan for Windows 3.1x config-
                       uration file
	PROFILE1.PRF = Sample WSCAN configuration profile
	PROFILE2.PRF = Sample WSCAN configuration profile


Files located in WINDOWS\SYSTEM directory:
========================================== 

1.  Installed for VShield/VirusScan:

	   CTL3D.DLL = 16-bit 3D Windows controls
                       library (*)
	 CTL3D32.DLL = 32-bit 3D Windows controls
                       library (*)

(*) File will be installed upon installation of VirusScan
    if it does not already exist, or if an older version
    is found.


2.  Installed for VShield:

	MCFSHOOK.386 = File system hook
	  MCKRNL.386 = Scan engine device driver
	MCSCAN32.386 = Scan engine device driver
	  MCUTIL.386 = Utility device driver
	 VSHIELD.386 = VShield device driver
       
    
* INSTALLING THE PRODUCT *

If you have not already installed the product,
create a folder and copy the files to it.

When the installation is complete, it is recommended
that you restart your system.

                       
* TESTING YOUR INSTALLATION *

The Eicar Standard AntiVirus Test File is a combined effort 
by anti-virus vendors throughout the world to come up with
one standard by which customers can verify their anti-virus 
installations. To test your installation, copy the following 
line into its own file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, you will have a 69 or 70 byte file.

When VirusScan is applied to this file, Scan will report
finding the EICAR-STANDARD-AV-TEST-FILE virus.

It is important to know that THIS IS NOT A VIRUS. However,
users often have the need to test that their installations
function correctly. The anti-virus industry, through the
European Institute for Computer Antivirus Research, has
adopted this standard to facilitate this need.

Please delete the file when installation testing is
completed so unsuspecting users are not unnecessarily 
alarmed.

_____________
DOCUMENTATION

For more information, refer to the User's Guide, included 
on the CD-ROM versions of this program or available 
from McAfee's BBS and FTP site. This file is in Adobe
Acrobat Portable Document Format (.PDF) and can be viewed
using Adobe Acrobat Reader. This form of electronic
documentation includes hypertext links and easy navigation
to assist you in finding answers to questions about your
McAfee product.

Adobe Acrobat Reader is available on CD-ROM in the ACROREAD
subdirectory. Adobe Acrobat Reader also can be downloaded 
from the World Wide Web at:

http://www.adobe.com/Acrobat/readstep.html

VirusScan documentation can be downloaded from McAfee's BBS
or the World Wide Web at:

http://www.McAfee.com or 205.227.129.97

For more information on viruses and virus prevention,
see the McAfee Virus Information Library, included on
the CD-ROM version of this product or available from
McAfee's BBS and FTP site. A ViaGraphix Interactive
Anti-virus Training program also is available on the
CD-ROM version, or can be purchased from the McAfee
Web Site.

__________________________
FREQUENTLY ASKED QUESTIONS 

Regularly updated lists of frequently asked questions 
about McAfee products also are available on McAfee's 
BBS, website, and CompuServe and AOL forums.

Q:  How do I enable McAfee's Centralized Alerting and
    Reporting?

A:  VirusScan now supports Centralized Alerting and
    Reporting to a remote NetWare or Windows NT server
    running NetShield for Windows NT v2.5.3 or NetShield
    for NetWare v2.3.3.

    To set up this option on your VirusScan client, modify
    VirusScan's DEFAULT.VSH, and/or your custom settings
    file to read the following:

    Note: Administrators will need to configure the WSCAN.INI
    and/or DEFAULT.VSH file for complete Centralized Alerting
    & Reporting.

       Add the following lines to the WSCAN.INI file under
       AlertOptions:

           PS_S_NETWORKALERTPATH=<UNC or NetWorkAlertPath>
           PS_O_ALERT=1


       Add the following lines to the DEFAULT.VSH file under
       AlertOptions:

           szNetworkAlertPath=<UNC or NetWorkAlertPath>
           bNetworkAlert=1
   
    Where the <UNC or NetWorkAlertPath> is the path to the
    remote NetWare volume or NT directory. From this
    directory, NetShield can broadcast or compile the alerts
    and reports according to its established configuration.

    NOTE: The client must have write access to this
    <UNC or NetWorkAlertPath> location and the directory
    must contain the NetShield-supplied CENTALRT.TXT file.
   
    To send a complete alerting file identifying the
    system user, establish the following environment
    variables or add them to the AUTOEXEC.BAT file.

           Set COMPUTERNAME=<name of computer>
           Set USERNAME=<user name>

    The alert file sent to the server is an .alr text
    file. Upon receipt of the alert file, NetShield NT or
    NetShield for NetWare sends an alert message to an
    administrator and/or appropriate personnel.


Q:  I have created my own Emergency diskette, how
    can I optimize it's performance?

A:  For optimal performance, create a CONFIG.SYS file on
    the boot diskette and add the following lines:

       [CONFIG.SYS]
       DEVICE=HIMEM.SYS
       DOS=HIGH
    
    Add the HIMEM.SYS file from the DOS directory to the
    boot diskette.

    Note: For detailed instructions on creating an
    Emergency diskette, refer to the instructions
    outlined in your online documentation.

Q:  When I have an infected file, why does the
    infected counter increase by increments greater
    than one?

A:  The file system will typically access a file more
    than once. On each access, VirusScan scans the file
    and detects the infection.
                                  

Q:  Does VShield detect Word Macro infections?

A:  Yes. VShield detects and cleans Word Macro infections.
                                  

Q:  Can I update VirusScan's data files to detect
    new viruses?

A:  Yes. If you have Internet access, you can download
    updated VirusScan data files from the McAfee Web 
    Site, BBS, or other online resources. To download 
    from the McAfee Web Site, follow these steps:
 
    1.  Go to the McAfee Web Site (http://www.mcafee.com
        or 205.227.129.97).

    2.  Click on the Download McAfee button in the upper
        left hand column or frame.

    3.  Click on Update Your DAT Files to update DAT files. 

    4.  View the information provided on new DAT files
        and downloading.

    5.  Click on Download this Month's DAT.
   
    6.  Data file updates are stored in a compressed form 
        to reduce transmission time. Unzip the files into
        a temporary directory, then copy the files to the
        appropriate directory, replacing your old files.    

    7.  Before performing any scans, shut down your
        computer, wait a few seconds, and turn it on again.

    If you need additional assistance with downloading, 
    contact McAfee Download Support at (408) 988-3832.

______________
CONTACT McAFEE

* FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS *

Contact McAfee's Customer Care department: 

1.  Call (408) 988-3832
    Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727
    24-hour, Group III Fax 
		
3.  Fax-back automated response system (408) 988-3034
    24-hour fax

Send correspondence to any of the following McAfee locations:
	
    McAfee Corporate Headquarters		
    2710 Walsh Avenue			
    Santa Clara, CA 95051-0963		
	
    McAfee East Coast Office					
    Jerral West Center
    766 Shrewsbury Avenue
    Tinton Falls, NJ 07724-3298

    McAfee Central Office			
    5944 Luther Lane, Suite 117		
    Dallas, TX 75225				
						
    McAfee Canada
    178 Main Street
    Unionville, Ontario
    Canada L2R 2G9

    McAfee Europe B.V.			
    Orlyplein 81 - Busitel 1		
    1043 DS Amsterdam				
    The Netherlands	 		

    McAfee (UK) Ltd.
    Hayley House, London Road
    Bracknell, Berkshire  RG12 2TH
    United Kingdom  

    McAfee France S.A.			
    50 rue de Londres				
    75008 Paris					
    France					
				
    McAfee Deutschland GmbH
    Industriestrasse 1
    D-82110 Germering
    Germany

Or, you can receive online assistance through any of the 
following resources:

1.  Bulletin Board System: (408) 988-4004
    24-hour US Robotics HST DS

2.  Internet e-mail: support@mcafee.com

3.  Internet FTP: ftp.mcafee.com or 205.227.129.70

4.  World Wide Web: http://www.mcafee.com or 205.227.129.97

5.  America Online: keyword MCAFEE

6.  CompuServe: GO MCAFEE

7.  The Microsoft Network: GO MCAFEE

Before contacting McAfee, please make note of the
following information. When sending correspondence,
please include the same details.
                         
- Program name and version number
- Type and brand of your computer, hard drive, and any 
  peripherals
- Operating system type and version
- Network name, operating system, and version
- Contents of your AUTOEXEC.BAT, CONFIG.SYS, and 
  system LOGIN script
- Microsoft service pack, where applicable
- Network card installed, where applicable
- Modem manufacturer, model, and baud, where 
  applicable
- Relevant browsers/applications and version number,
  where applicable

- Problem
- Specific scenario where problem occurs
- Conditions required to reproduce problem
- Statement of whether problem is reproducible on demand

- Your contact information: voice, fax, and e-mail

Other general feedback is also appreciated.


* FOR ON-SITE TRAINING INFORMATION *
 
Contact McAfee Customer Service at (800) 338-8754.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use McAfee's
products, we have established an Agents program to 
provide service, sales, and support for our products 
worldwide. For a listing of agents, see the file 
AGENTS.TXT, where applicable, or contact McAfee
Customer Service for agents near you.
