Frequently Asked Questions: F-PROT Professional for Windows 3.x
Q My system says there's a virus on a floppy that holds my data files. What do I do now?
A If you're in DOS, change directory to C:\F-PROT, type F-PROT and press [ENTER]. Perform a full scan and disinfection of the floppy diskette. For example:
F-PROT A: /DISINF
If you're in Windows, double-click the F-PROT for Windows icon, set "Action" to disinfect and click on the appropriate drive button.
Q My system is reporting a virus in memory! What do I do now?
A Close all open files (programs) and exit out of Windows.
Turn the system off, wait ten seconds and insert an emergency disk into drive A:. (If you do not have an emergency disk, use a write-protected, DOS disk and insert the first F-PROT disk when you get the A: prompt.)
Turn the system back on and make sure you have booted up to drive A:. Type the following:
F-PROT /HARD /DISINF [ENTER]
This should take care of any of the common viruses out there.
Q After a cold boot to a write protected disk, the virus is still in memory!
A If F-PROT refuses to execute and reports a virus in memory, that means either the boot disk you are using is infected or the CMOS has been set to always boot from drive C:.
If you are using a laptop or notebook computer, it may be necessary to remove the battery for about 20 seconds to clear memory.
Q What do you mean by a write-protected floppy?
- 3.5" Floppy If you hold a three and a half inch diskette on the side with the metal cover on the bottom, there is a small, sliding door on one of the upper corners. If the door is closed, the diskette is NOT write protected.
- 5.25" Floppy
If you hold a five and a quarter inch diskette with the slot in the cover pointing down, the notch on the upper right hand corner must be covered with an opaque tab. If the notch is open, anyone (including a virus) can write to the disk.
Q What does this mean: Broadcast TSR not found [ERROR MESSAGE] ?
AThis means that VIRSTOP has not loaded because either NOVCAST or BANCAST were not found. There are several items to check:
- During the SETUP or INSTALL process, you were asked to allow changes to the AUTOEXEC.BAT file. Did you allow them? If not, you must edit AUTOEXEC.BAT yourself and add the following lines:
They must be at the end of the AUTOEXEC.BAT if you exit to a DOS prompt. If you load Windows or a menu, place these two lines right above the final call. For example:
- Check your WINDOWS directory for the presence of two required files. WVIRSTOP.EXE and VIRSTOP.DLL. If these are not present, redo the INSTALL or SETUP process.
- After running SETUP or INSTALL, did you reset your system?
It must be reset in order for the changes in the AUTOEXEC.BAT file to take effect.
- Compressed Drives
When you use Double space, a group of your files are compressed into a single, large file (in a manner very similar to ZIPping or ARChiving). A device driver is loaded prior to the real CONFIG.SYS file that performs on-the-fly decompression and tricks the operating system into seeing the compressed file as another physical drive. The operating system is then told to swap the drive designation for drive C: and H: (or whatever letter the double-spaced drive has been assigned) and the user then sees a drive C: that can be up to twice the size of their actual hard drive.
There is no such thing as a master boot record (MBR) on the double-spaced portion of a double-spaced hard drive. It will have a boot sector, however.
If you boot the system with a floppy diskette that doesn't contain DBLSPACE.BIN (or DRVSPACE.BIN in some versions of DOS) and then call a directory of drive C:, you will see the normal, required boot files for a hard drive (COMMAND.COM, CONFIG.SYS & AUTOEXEC.BAT), DBLSPACE.BIN, a DOS directory and a large file that takes most of the available disk space.
This large file is your compressed drive. When you run F-PROT, it will examine the boot sector of C: and scan all of the executable files. It makes no sense to scan the large compressed file because it is not an executable and cannot be used to spread a virus. After you are sure that drive C: is clean, re-boot the system normally. As soon as it comes up, run F-PROT from a write-protected floppy to examine what the system now says is the drive C:. Since you've previously removed a virus from the boot sector of the real drive C:, it cannot infect the double-spaced partition. There may, however, be other infectors hidden in the double-spaced portion of the system and that's why you want to scan again.
If you keep finding a virus in memory each time you boot the hard drive, then one of the executable files you're calling as part of the CONFIG.SYS or AUTOEXEC.BAT is probably infected with a multi-partite virus. Try the following:
- Make sure the CMOS is set to boot to drive A:.
- Boot with a write-protected floppy.
- Run F-PROT /HARD /DISINF to clean the boot sector.
- Write protect the floppy and re-boot with it
(This will bring the system up with the Doublespace driver loaded. The doublespaced file becomes drive C: and F-PROT can then examine it).
- Run F-PROT /HARD /DISINF to disinfect any file infector viruses in the double-spaced partition.
Q Why does another anti-virus program recognize the same virus by another name?
A There are several international anti-virus groups. The author of the F-PROT scanning engine, Fridrik Skulason, is a member of one of these groups. Not all anti-virus products use the same nomeclature. Sometimes a virus will acquire a name as soon as it is discovered and is later changed to conform to existing standards.
Q How do I remove F-PROT for DOS/WIN 3.x?
A Should you wish to remove a default F-PROT installation for testing purposes or after evaluation, perform the following steps:
- Delete all files from C:\F-PROT and remove the directory.
- Delete the following lines from the AUTOEXEC.BAT
\F-PROT\F-PROT /HARD /TODAY
- Delete the following components of the WIN.INI file in the Windows directory:
- Delete the following line from the SYSTEM.INI file:
Q Can I still run my existing F-PROT for DOS/ Windows on Win95?
A Yes, but you will not be able to have real-time protection. You need to manually remove the following items:
You will still be able to use the F-PROT scanner. However, we highly recommend that you contact your customer support representative and arrange for an update to the Windows 95 version of F-PROT. It offers fully functional real-time protection for the Windows 95 environment.
- ...from AUTOEXEC.BAT
- ...from WIN.INI
- ...and from SYSTEM.INI