This chapter contains solutions for situations that you may come across while troubleshooting.
|NOTE: All references to drives and directories are based on a standard installation to C:\F-PROT. If you changed the drive and directory path during installation, you must make those changes to the following examples.|
Q. My system indicates that there is a virus on the floppy disk that holds my data files. What should I do?
A. If you are in DOS, change directory to C:\F-PROT, type CD \ F-PROT and press Enter. Perform a full scan and disinfection of the floppy disk. For example, type the following command and press Enter:
F-PROT A: /DISINF
If you are in Windows, double-click the Command AntiVirus icon, set Action to disinfect and click on the appropriate drive button.
Q. My system is reporting a virus in memory. What should I do?
A. Refer to the instructions in If A Virus Is Known in the MBR Support chapter.
Q. After a cold boot to a write-protected floppy disk, the virus is still in memory.
A. If Command AntiVirus refuses to execute and reports a virus in memory, that means either the boot disk you are using is infected or the CMOS has been set to always boot from drive C.
If you are using a laptop or notebook computer, it may be necessary to unplug the computer and remove the battery for about 20 seconds to clear memory.
Q. What is a write-protected floppy disk?
A. When a floppy disk is write-protected, you cannot write to it. The following information describes how you can tell if a floppy disk is write-protected.
If you hold a 3.5-inch diskette with the metal cover on the bottom, there is a small sliding door on the upper right-hand corner. If the door is open, the diskette is write-protected. If the door is closed, the diskette is not write-protected.
If you hold a 5.25-inch diskette with the slot in the cover pointing down, there is a notch on the upper right-hand corner. If the notch is covered with an opaque tab, the diskette is write-protected. If the notch is open, the diskette is not write-protected.
Q. Broadcast TSR not found (Error Message)
A. This message means that VIRSTOP has not loaded because either NOVCAST or BANCAST were not found. There are several items to check.
- During the SETUP or INSTALL process, you were asked to allow changes to the AUTOEXEC.BAT file. Did you allow them? If not, you must edit AUTOEXEC.BAT and add the following lines:If you exit to a DOS prompt, these lines must be at the end of the AUTOEXEC.BAT. If you load Windows or a menu, place these two lines right above the last line. For example:\F-PROT\VIRSTOP
- Check your WINDOWS directory for the presence of two required files, WVIRSTOP.EXE and VIRSTOP.DLL. If these files are not present, rerun the INSTALL or SETUP process.
- After running SETUP or INSTALL, did you restart your system?
The system must be restarted for the changes in the AUTOEXEC.BAT file to take effect.
When you use Double Space, a group of your files are compressed into a single, large file (in a manner very similar to ZIPping or ARChiving). A device driver is loaded prior to the real CONFIG.SYS file that performs on-the-fly decompression and tricks the operating system into seeing the compressed file as another physical drive. The operating system is then told to swap the drive designation for drive C and H (or whichever letter the compressed drive has been assigned) and the user then sees a drive C that can be up to twice the size of their actual hard drive.
This compressed hard drive has no master boot record (MBR) but it will have a boot sector.
If you start the system with a floppy disk that does not contain DBLSPACE.BIN (or DRVSPACE.BIN in some versions of DOS) and call a directory of drive C, you will see the normal required boot files for a hard drive (COMMAND.COM, CONFIG.SYS & AUTOEXEC.BAT), DBLSPACE.BIN, a DOS directory, and a large file that takes most of the available disk space. This large file is your compressed drive.
When you run F-PROT.EXE, the program examines the boot sector of C and scans all of the executable files. It makes no sense to scan the large compressed file because it is not an executable and cannot be used to spread a virus.
After you are sure that drive C is virus-free, restart the system normally. As soon as the system comes up, run Command AntiVirus from a virus-free write-protected floppy disk to examine what the system now says is drive C. Since you have previously removed a virus from the boot sector of the real drive C, the virus cannot infect the double-spaced partition. There may be other infectors hidden in the double-spaced portion of the system and that is why you want to scan again.
If you keep finding a virus in memory each time you boot the hard drive, one of the executable files that you are calling as part of the CONFIG.SYS or AUTOEXEC.BAT is probably infected with a multipartite virus. Try the following:
- Make sure the CMOS is set to boot to drive A.
- Boot with a write-protected floppy disk.
- Run F-PROT /HARD /DISINF to clean the boot sector.
- Write protect the floppy and restart the system with it.
- This process brings the system up with the Double Space driver loaded. The double-spaced file becomes drive C and the program can then examine it.
- Run F-PROT /HARD /DISINF to disinfect any file infector viruses in the double-spaced partition.
Q. Why does another anti-virus program recognize the same virus by another name?
A. There are several international anti-virus groups. One of these groups, CARO (Computer Anti-Virus Research Organization), provides industry-standard names for viruses. Although not all anti-virus products use industry-standard names, they can recognize a virus by its unique characteristics, such as a string of code.
Q. How do I remove Command AntiVirus for DOS/WIN3.1x?
A. If you want to remove a default installation, perform the following steps:
- Delete all files from C:\F-PROT and remove the directory.
- Delete the following lines from the AUTOEXEC.BAT:\F-PROT\F-PROT /HARD /TODAY \F-PROT\VIRSTOP \F-PROT\NOVCAST
- Delete the following components of the WIN.INI file in the Windows directory:RUN=C:\F-PROT\DVP.31.EXE
- Delete the following line from the SYSTEM.INI file:DEVICE=C:\F-PROT\DVP.VXD
- Delete the DVP Preference section from the SYSTEM.INI file.