
                             Anti-STEALTH V2.10  
                             
  This program allows you to search for stealth viruses. Stealth viruses are 
viruses that try to hide themselves. Most modern and successful viruses are 
stealth viruses. If a stealth virus attacks a file, and expands it by 500 
bytes, after dir you will not see that change - the virus is hidden. This is 
dangerous because most antivirus programs are not able to find them if they 
don't know them. And if the virus is new, no antivirus program knows it! 
  How does it work? Anti-STEALTH reads each file's size twice (or 3 times, 
depending on the options.) The first time it behaves like a conventional DOS 
application (like dir). The second time it reads the true size (through Int 
13h and directly through IDE) of that file. If they differ, a virus is there, 
and you know what to fight against. 
  This means that a virus can be detected only if it is already active in 
memory and if some files on the hard drive are infected. Therefore, you cannot 
check floppies using Anti-STEALTH. 
  This also means that if the virus is able to compress a file (so it can keep 
its original size), it may not be detected. Fortunately, most viruses are not 
able to do that -- virus OneHalf is exception, but it will be detected, too. 
  By default, Anti-STEALTH uses only FindFirst to scan for files by DOS (you 
can disable this by /F-). You can force it to open every file and get its size 
by option /O+, but it may be dangerous, because some viruses infect every 
opened file. You also may want to disable reading through IDE (compatibility 
reasons), use switch /I- in this case. You need to use /I- if you hard disk is 
SCSI. 
  Reading through IDE is safe; it's extremely hard to intercept it (QEMM is 
powerful enough to intercept it, but QEMM386.sys has 234KB -- and a 234KB 
virus would be probably too big to be efficient.) In this version it's done 
only on first track - it's because many users experienced false alarms. I 
believe that it's still safe, because it would be hard for file virus to hide 
by intercepting Int13. You can turn this of using /W+. 
  Final note: If AntiSTEALTH finds a problem, it will wait for you to press a 
key so it's safe to run from batch files. 

                               Compatibility  
                               
  This program expects C: to be the first partition of first hard disk, D: the 
second partition of first hard disk... Therefore, it cannot check a second 
phusical harddrive and it will not work with drives swapped by DoubleSpace or 
Stacker. It's not a problem to correct this; please contact me if it is 
problem for you. 
  When Astealth is reading through IDE, any access to disk (caused by 
write-back cache) can result problems. Please disable all write-back caches 
(or turn them write-through) and do not let any resident program access hard 
drive. This also means that you should not read disks through IDE while in 
multitasking environments. 
  Microsoft says that this program is not compatible with their 32-bit disk 
access techniques, so don't use this under Windows. (Anyway, any program 
scanning for viruses under Windows is *very* unreliable, because if the virus 
were clever enough, it could bypass anything easily.) 

                             Revision history:  
                             

2.10 Added /D+ option to force Diagnostics mode
     Now only first track of harddrive is read through IDE by default
2.00 Added reading directly through IDE, which is SAFE
1.00 First version, had bug causing it to work only under limited number of
     bioses
1.01 Bug has been corected

                                 Shareware  
                                 
  This program is shareware, please register after 21-days testing period. 
Registration fee is $5 (or 50Kc for people from Czech/Slovak republic). Please 
send me e-mail or letter before/after you send money (for safety reasons). 

My adress:
           Pavel MACHEK
           Volkova 1131
    198 00 Praha 9
           Czech republic

My phone:  +42-2-866 233
My e-mail: machek@k332.feld.cvut.cz
