How to use current virus definitions and the antivirus CD Emergency disks or Rescue disks to scan for viruses in DOS

Article:TECH100017  |  Created: 2002-01-21  |  Updated: 2006-01-11  |  Article URL http://www.symantec.com/docs/TECH100017
Article Type
Technical Solution


Environment

Issue



You need to perform a DOS-based virus scan of a computer, but you notice that the existing methods to scan in DOS do not use updated definitions. Rescue disks may have a problem using the definitions on the definition disks, and the CD-based scan or Emergency disk is limited to the definitions that are on the CD at the time of manufacturing.


Solution



Download and extract the latest Intelligent Updater file, then configure the DOS scan to use the extracted virus definitions.


Notes:
  • Before following these instructions, if you can connect to the Internet, then Symantec recommends that you follow the steps in the document How to remove a virus from your computer when Norton AntiVirus is not yet installed and run the Symantec online virus scanner. Once you have identified the virus, you can locate the manual removal instructions in our Virus Encyclopedia to remove the virus by hand.
  • The procedure in this document requires that you can extract the virus definitions to a location that is accessible in DOS mode. A FAT partition should work, but an NTFS partition will not be accessible in DOS mode.
  • Effective Thursday, August 18, 2005, U.S. Pacific Time, Symantec will no longer release virus definitions that are sized to fit a set of standard 1.44 MB floppy disks. Due to the increasing size of virus definitions files and the supplanting of floppy disks with other technologies, we will no longer release definitions in this format. Definitions will continue be available through all other current methods.




To download and install latest virus definitions from the Symantec online virus definitions
  1. Create a folder on the C drive named Vdefs.
    1. Start Windows Explorer.
    2. Click the C drive.
    3. Click the File menu, point to New, and then click Folder. A new folder with the name "New Folder" is created. It should have a blinking cursor.
    4. Type vdefs and then press Enter.
  2. Open your Web browser and go to the following URL:
    http://www.symantec.com/avcenter/download/pages/US-SAVCE.html
  3. Download the x86.exe version of the virus definition updates to the Vdefs folder. Write down the name of the .exe file that you download.
  4. Click Start, and then click Run.
  5. Type command and then press Enter. A DOS window opens.
  6. Type the following commands, pressing Enter after each line:

    cd \vdefs
    /extract c:\vdefs



    Note: is the .exe file that you wrote down in step 3. (For example, if you downloaded 20020819-002-i32-1.exe, then type 20020819-002-i32-1.exe  /extract c:\vdefs ). Also, if you are not using the C: drive, please substitute the appropriate drive letter. If the .exe file name is longer than the standard 8.3 naming convention you may need to enclose the name of the .exe file in quotes like this: 
    "20020819-002-i32-1.exe" /extract c:\vdefs



  7. When the extraction is finished, click OK. You see the message "/EXTRACT command successfully completed."

After extracting virus definitions into the folder C:\Vdefs, you can scan the computer using one of the following options:
  • Bootable installation CD.
  • Emergency disks created from the Symantec AntiVirus Corporate Edition 8 or Norton AntiVirus Corporate Edition 7.5/7.6 CD.
  • Rescue disks created on an uninfected Windows 95/98/Me computer running Norton AntiVirus Corporate Edition 7.x.

See the appropriate section below for the option you will be using:

To restart the computer using the installation CD and scan for viruses:


Note: To boot from the installation CD, the computer must be able to boot from the CD-ROM drive. Consult your computer documentation or contact your computer manufacturer for help with determining whether the computer will boot from the CD-ROM drive.


  1. Insert the installation CD 1 in the CD-ROM drive, close all open programs, and then shut down the computer.
  2. Wait thirty seconds, and then restart the computer.
  3. On the opening menu, hold down the Shift key, and then press the F5 key.
  4. At the A:\> prompt, type the following, and then press Enter:

    NAVDX C: /m+ /b+ /l /doallfiles /PROMPT /CFG:C:\vdefs

The virus scan will scan drive C: using the updated virus definitions. You will be prompted when an infected file is found. Press R to repair. If the repair is unsuccessful, then press D to delete the file.

To restart the computer using Emergency disks and scan for viruses:

Emergency disks can be created by running Ned.exe from the Symantec AntiVirus Corporate Edition or Norton AntiVirus Corporate Edition CD.
Ned.exe is found in the following locations:
  • Norton AntiVirus Corporate Edition 7.5 and later: CD2\SUPPORT\EDISK
  • Symantec AntiVirus Corporate Edition 8.0: CD1\TOOLS\EDISK
  1. Insert Disk 1 of the Emergency Disk set into the floppy drive and then shut down the computer.
  2. Wait thirty seconds, and then restart the computer. You should see an opening screen similar to the following.


  3. Modify the command line on the bottom of the screen so that the CFG parameter points to the temporary location of the updated virus definitions. You may also want to change other parameters of the scan. For example:

NAVDX C: /m+ /b+ /l /doallfiles /PROMPT /CFG:C:\vdefs

This virus scan will use the latest virus definitions to scan memory and boot sector, plus all files on drive C:
It prompts the user when an infected file is found. The default command line uses the /repair switch, which attempts to repair any files that are found. But if a repair fails, it takes no subsequent action. If you substitute the /prompt switch instead of the /repair switch, you are prompted when an infected file is found. Press R to repair. If the repair is unsuccessful, then press D to delete the file. For more information about other parameters of the NAVDX scan, see the document Navdx.exe usage and options.

To restart the computer using Rescue disks and scan for viruses:
Create Rescue AntiVirus Disks on an uninfected Windows 95/98/Me computer running Norton AntiVirus Corporate Edition 7.x.
See the document How to create Rescue Disks for Norton AntiVirus Corporate Edition 7.5 and 7.6 for instructions.
  1. Shut down the computer completely and insert disk 1 from the Norton AntiVirus Rescue Disk Set.
  2. Wait thirty seconds, and then restart the computer.
  3. After the load process is complete you should see the following screen:


  4. Remove Disk #1 (Boot Disk) from the drive and insert Disk #2 (Program Disk).
  5. Type the following, and then press Enter:

    NAVDX C: /CFG:C:\vdefs /m+ /b+ /doallfiles /PROMPT

The virus scan will scan the hard drive using the updated virus definitions. You will be prompted when an infected file is found. Press R to repair. If the repair is unsuccessful, then press D to delete the file.





Legacy ID



2002102115095448


Article URL http://www.symantec.com/docs/TECH100017


Terms of use for this information are found in Legal Notices