FAQ Directory
Deployment
Contact Tech
Current Versions
Documentation
Download Info
Year 2000



Command AntiVirus™ Utilities Frequently Asked Questions

What are the following utilities ?

How do you manually create a rescue disk?

If you have a question that is not answered on this page, contact Technical Support

VIRSTOP.EXE

VIRSTOP.EXE is a DOS Terminate-and-Stay-Resident (TSR) device driver that provides transparent, on-access detection for viral infection before allowing execution of applications or access to floppy disks.

On-access virus scanning is an important part of any anti-virus strategy. On-access scanning protects your system between full scans by scanning each floppy boot sector and every program executed. This includes programs loaded from CD-ROMs and other sources. VIRSTOP is included with Command AntiVirus for DOS/Windows and Windows 95. In Windows 95, VIRSTOP is only loaded into memory if the system is running in MS-DOS mode and loads via a file called DOSSTART.BAT. Loading VIRSTOP in DOS/Windows environments

By default, the installation routine loads VIRSTOP.EXE and NOVCAST.EXE as the last two lines in your AUTOEXEC.BAT file. You may choose to alter this.Where VIRSTOP.EXE is loaded will depend on your network. Many network shells take over the “load and execute” function of DOS. You may load VIRSTOP.EXE from CONFIG.SYS. The command line is: 

DEVICE=C:\F-PROT\VIRSTOP.EXE

Substitute a new drive\path if you've installed Command AntiVirus for DOS elsewhere on the hard drive. If you are loading the device driver HIMEM.SYS, make sure it appears before device line for VIRSTOP in the CONFIG.SYS file. If VIRSTOP.EXE is loaded in CONFIG.SYS or prior to a network call (such as IPX or NETX), then you must use one of the following commands to enable on-access scanning.

Autohook

Add the /AUTOHOOK switch to the DEVICE=VIRSTOP driver line in CONFIG.SYS. For example: 

DEVICE=C:\F-PROT\VIRSTOP /AUTOHOOK /WARM /BOOT /COPY /XMS

* All of the switches belong on the same line. The option specified in the above example will "automatically rehook" after the network redirector call.

Rehook

Should more than one network redirector exist in the startup sequence, add the following line to the end of AUTOEXEC.BAT (in addition to the original DEVICE line in CONFIG.SYS file): 

C:\F-PROT\VIRSTOP /REHOOK

Note that VIRSTOP.EXE uses a more simplified scan engine than Command AntiVirus for DOS. If the virus is not in the database of virus signatures, VIRSTOP.EXE will not stop it from executing. You should not use VIRSTOP.EXE as a replacement for scanning. Always use this in conjunction with regular scanning practices.

LOAD-TIME SWITCHES

VIRSTOP can scan during file copies, and scan the boot sector of floppy disks during a disk access. You can access these features by entering command line switches when you load VIRSTOP.

For DOS versions prior to 3.0, VIRSTOP.EXE must be loaded from the Command AntiVirus for DOS directory. The following switches apply to both DOS/Windows and Windows 95 environments and only work when you initially load VIRSTOP. You must reboot the system to change them.
/DISK:X Loads the virus signatures from disk X. This reduces VIRSTOP's conventional memory requirements to only 4K. This switch requires that you run VIRSTOP from a disk that will not change, such as a hard disk. If you use this switch from a floppy and remove the floppy, VIRSTOP will fail.
/FREEZE Forces a computer “lockup” when a virus is found in memory. You may select this to force a user to take appropriate action.
/NOMEM Use this switch to skip the initial memory scan. Typically, if you use Command AntiVirus for DOS in your AUTOEXEC.BAT file to check memory, there is no need to run a memory scan again in such a short period of time.
/OLD Do NOT display the expiration message. With regular updates this message should not appear.
/XMS [default]
This switch stores the virus signatures in extended memory. This reduces VIRSTOP's conventional memory requirements to only 4K. If XMS memory cannot be found, the /DISK switch should be used to save conventional memory.
/? Display a list of valid parameters when you type VIRSTOP /? from the command line. Do not use this with other switches.

Note that the switches shown in the table above work in both load and run-time commands. LOAD / RUN-TIME Switches

While these switches will work at load-time, you also may use them after VIRSTOP.EXE is resident in memory.
/AUTOHOOK Automatically rehooks after a NETX call.
/BOOT [default]
Scan the boot sectors of floppy disks when the diskettes are accessed. A warning message will appear if a virus is found.
/NOBOOT Do not check the boot sectors of floppy disks when the diskettes are accessed.
/COPY [default]
Scan files for viruses when they are opened.
/NOCOPY Turn off the scan during copy.
/NOTRACE Sets compatibility with 386Max manager and Cyrix CPUs.
/REHOOK After loading VIRSTOP before a network redirector, this allows VIRSTOP to reattach itself to INT21h. It also allows VIRSTOP to scan a file before NETX executes it. Can be loaded in Novell NetWare 3.x login script.
/WARM [default]
When you press CTRL+ALT+DEL, VIRSTOP will scan the floppy in drive A: for boot sector viruses. If a virus is found, a warning message appears.
/NOWARM Turn off the /WARM boot scan.
/QUIET Do not display warning message.
/? Display a list of valid parameters when you type VIRSTOP /? from the command line. Do not use with other switches.

 

[top of page]

VSCONFIG - Virstop Configuration Utility

VSCONFIG.EXE is a DOS utility used to modify the built-in command line options of VIRSTOP.EXE.

This utility is run from the C:\F-PROT directory and is used to establish default parameters for VIRSTOP. The following screen appears when you type VSCONFIG and press [ENTER]. 

[Custom Message]
[Default Switches]
Using least amount of memory.
XMS memory will be used for swapping.
Display out of date warning message.
Don't skip memory scan.
Don't lock the computer when a virus is found.
Don't scan files during copy or open (/NOCOPY).
Scan the boot sectors of floppy disks on access (/BOOT).
Scan the A: drive on a warm boot [CTRL+ALT+DEL] (/WARM).
Compatibility with 386^MAX and older Cyrix chips
disabled.
Don't automatically rehook INT 21h.
Select "M" to change the custom message
"S" to change the default switches
"Q" to quit.

Select “S” to change the default switches, it will display the following questions with the current settings shown in brackets. 

Option: Switch change 
Use least amount of memory? [Yes] :
Yes
Use XMS memory for swapping? [Yes] : Yes
Suppress out of date warning message? [No] : No
Skip memory scan? [No] : No
Lock computer when a virus is found? [No] : No
Scan files during copy and opens? [No] : No
Scan the boot sectors of floppy disks? [Yes] : Yes
Scan the A: drive on a warm boot ? [Yes] : Yes
386^MAX and older Cyrix chips compatibility mode? [No] :
No
Automatically rehook INT 21h? [No] : No 
[Custom Message] 
[Default Switches]
Using least amount of memory.
XMS memory will be used for swapping.
Display out of date warning message.
Don't skip memory scan.
Don't lock the computer when a virus is found.
Don't scan files during copy or open (/NOCOPY).
Scan the boot sectors of floppy disks on access (/BOOT).
Scan the A: drive on a warm boot (/WARM).
Compatibility with 386^MAX and older Cyrix chips
disabled.
Don't automatically rehook INT 21h. 
Select "M" to
change the custom message
"S" to change the default switches
"Q" to quit.

Select “Q” and press “Y” to save changes and any additional changes you have made in VSCONFIG will take effect the next time you load VIRSTOP. If VIRSTOP is already running, you will need to reboot your computer for the changes to take effect.

[top of page]

FIXDISK Usages

FIXDISK.EXE is a DOS utility that can capture an image of the hard drive's Master Boot Record, partition table and DOS boot record to a file. It can also be used to replace the MBR with a supplied or saved recovery file (F-PROT.SYS).

The file created can be analyzed by Command Software Systems, Inc. to recover the contents to pre-infection status. For more details on FIXDISK.EXE, contact CSSI Technical Support. Hard Drive Recovery

  1. Perform a cold boot to the A: drive with the boot or emergency disk.
  2. Insert the diskette that contains FIXDISK.EXE into the A: drive.
  3. At the A: prompt type
    FIXDISK REPAIR C:

  4. FIXDISK saves a copy of the MBR in its current condition and requests a filename and path to store the current MBR. Put a formatted disk into drive A: and specify a name for saving it such as A:MBR.DAT.
  5. FIXDISK will attempt to correct the MBR by searching for the recovery file saved to the hard drive during an installation of Command AntiVirus. During some infections, the recovery file may not be seen readily and a request may be made by the utility to search the entire hard drive for the recovery file (answer yes to this request).
  6. If FIXDISK has successfully repaired the MBR reboot your computer. If the recovery file was not found on the hard drive it may be necessary to have the MBR recovered via a manual process. CSSI can reconstruct the MBR for you; if this is necessary, please contact CSSI Technical Support for further assistance.
  7. Alternatively, if a rescue disk was created during the installation of Command AntiVirus, a recovery file is stored on this diskette. If you have this rescue diskette, frollow the steps below.
Hard Drive Recovery - Rescue Disk File
  1. Perform a cold boot to the A: drive with the boot or emergency disk.
  2. Insert the diskette that contains FIXDISK.EXE into the A: drive.
  3. At the A: prompt type
    FIXDISK UNDO C:
  4. FIXDISK will request a recovery file path and filename with which to place in the MBR location of the hard drive. Specify the filename on the rescue disk A:RESCUE.DAT and FIXDISK will read from the floppy diskette and write the rescue file to the MBR location.
  5. FIXDISK will indicate it has finished writing the new MBR; reboot the computer without the boot floppy.
  6. If this process was successful, the hard drive will boot and operations will be normal. If further assistance is required, please contact CSSI Technical Support.
Floppy Disks

FIXDISK.EXE can also write a new 1.44Mb DOS boot record to floppy disks in the event there is a corrupted boot sector or infection otherwise not able to be removed by standard disinfection techniques.

  1. From the Command AntiVirus installation directory at the C: prompt type
    FIXDISK REPAIR A:

  2. Type in the location and file name for backing up the original DOS boot record.
    (example C:DBR.DAT).
  3. Confirm the request to complete the process by FIXDISK.EXE.

[top of page]

Restricting Users Access - FPWCFG.EXE

FPWCFG.EXE is a Windows utility used to modify the scanner executable F-PROTW.EXE in Windows and F-PROT32.EXE in Windows 95. Modifications include preventing users from

  • scanning network drives
  • disinfecting viruses
  • disabling on-access protection

How to use FPWCFG.EXE in Windows:

  1. Using File Manager, locate FPWCFG.EXE either on the installation disks or in the installation directory and execute FPWCFG.EXE.
  2. Click BROWSE then select the Command AntiVirus installation directory and select F-PROTW.EXE, then "OK".
  3. Click OPTIONS and then select the features you would like to add or remove:
    [ ] Scan Network unchecked prevents users from scanning network drives
    [ ] Only allow USERS to REPORT infections checked prevents users from disinfecting viruses
    [ ] Active Protection unchecked prevents users from disabling on-access protection
  4. Click "OK" and then "SAVE" to save the changes. F-PROTW.EXE is now modified and can be copied over the other workstations or into the install set of files.

 

How to use FPWCFG.EXE in Windows 95:

  1. Using Explorer, locate FPWCFG.EXE either on the installation disks or in the installation directory and execute FPWCFG.EXE.
  2. Click BROWSE then select the Command AntiVirus installation directory and select F-PROT32.EXE, then "OK".
  3. Click OPTIONS and then select the features you would like to add or remove:
    [ ] Scan Network unchecked prevents users from scanning network drives
    [ ] Only allow USERS to REPORT infections checked prevents users from disinfecting viruses
    [ ] Active Protection unchecked prevents users from disabling on-access protection
  4. Click "OK" and then "SAVE" to save the changes. F-PROT32.EXE is now modified and can be copied over the other workstations or into the install set of files.
  5. To incorporate this modified F-PROT32.EXE into future installations see one of the following links:
    [UserFiles] section in the SETUP.INI for Windows 95
    SETUP ADMIN Procedure

[top of page]

Manually Creating a Rescue Disk

A rescue disk will provide a means for disinfecting MBR and other types of viruses. Click on the platform listed for instructions specific to that operating system:

Windows

During the installation of Command AntiVirus for Windows, an option to create the rescue disk is available. If running the setup program is not an available option, a batch file has been made available to facilitate creating a rescue disk called RESCUE.BAT and is stored in the c:\f-prot directory by default. This batch file uses a parameter which is the path to the DOS directory.

  1. At an MS-DOS prompt from the C:\F-PROT directory type 
    rescue.bat c:\dos
  2. A warning will be displayed indicating the disk will be formatted and a request to insert a floppy disk is made:

    WARNING: THE DISK IN DRIVE A: WILL BE FORMATTED!!!
Press any key to continue . . .
Insert new diskette for drive A:
and press ENTER when ready...
  3. Insert a floppy disk and press the ENTER key. After the disk is formatted, answer "N" to format another and RESCUE.BAT will continue by copying the necessary files to create a rescue disk: 
    Copying DOS files to the rescue disk. . .
Copying CSAV files to the rescue disk. . .
Creating a fixed disk boot image file . . .
  4. Remove the floppy disk from drive a:, write protect it and label it "Command AntiVirus Rescue Disk for Windows" and then store it in a safe place.

Windows 95

During the installation of Command AntiVirus for Windows 95, an option to create the rescue disk is available. If running the setup program is not an available option, see the following steps to create this disk.

  1. Open an MS-DOS prompt window and format a 1.44Mb floppy disk using this syntax:
    FORMAT A: /S
  2. Answer "n" to format another disk then switch into the installation directory for Command AntiVirus for Windows 95 and copy the following files to drive a:
    copy f-prot.exe a:
    copy sign.def a:
    copy english.tx0 a:
    copy fixdisk.exe a:

  3. Switch into the Windows 95 directory and subdirectory called "COMMAND": 
    cd \win95\command
  4. Copy the following files to drive a:
    copy chkdsk.exe a:
copy sys.com a:
copy attrib.exe a:
  5. Change drives to A: drive an run the following command: 
    fixdisk rescue create
a:rescue.dat
  6. A message will be displayed indicating a rescue file was written to the rescue disk; this rescue file contains the MBR and Boot Sector of the hard drive: 
    FIXDISK Maintenance
Utility Version 2.53
Copyright (c) 1993, 1996 Command Software Systems, Inc.
All rights reserved.
Portions Copyright (c) 1993, 1994 FRISK Software
International.
Creating rescue file of critical areas.
Read MBR @ Drive: 80
Read BS @ Drive: 80 Hd: 1 Cyl: 0 Sec: 1
  7. Remove the floppy disk from drive a:, write protect it and label it "Command AntiVirus Rescue Disk for Windows 95" and then store it in a safe place.

Windows NT

During the installation of Command AntiVirus for Windows NT, an option to create the rescue disk is available. If running the setup program is not an available option, see the following steps to create this disk.

  1. Open an MS-DOS prompt window and format a 1.44Mb floppy disk using this syntax: 
    FORMAT A: /S
  2. Answer "n" to format another disk
  3. Switch into the installation directory for Command AntiVirus for Windows NT (commonly c:\program files\command software\f-protnt) and copy the following files to drive a:
    copy f-prot.exe a:
    copy sign.def a:
    copy english.tx0 a:
    copy fixdisk.exe a:

  4. Still within the Command AntiVirus for Windows NT directory, run the following command:
    fixdsknt a:
  5. A message will be displayed indicating a rescue file was written to the rescue disk; this rescue file contains the MBR and Boot Sector of the hard drive: 
    FIXDISK Maintenance
Utility Version 2.53
Copyright (c) 1993, 1996 Command Software Systems, Inc.
All rights reserved.
Portions Copyright (c) 1993, 1994 FRISK Software
International.
Creating rescue file of critical areas.
Read MBR @ Drive: 80
Read BS @ Drive: 80 Hd: 1 Cyl: 0 Sec: 1
  6. Remove the floppy disk from drive a:, write protect it and label it "Command AntiVirus Rescue Disk for Windows NT" and then store it in a safe place.

[top of page]