FCHK\FCHK.DOC — PCToday_Vol-1_June-1990

⌘ X86.WORLD

◂ Back to PCToday_Vol-1_June-1990 ◂ Disk Library Index

FCHK\FCHK.DOC · DOC · 24.1 KB · 1990-04-22 · from PCToday_Vol-1_June-1990

┌───────────────────────────────────┐
│ FCHK - SHAREWARE FROM DIRECT-LINE │
└───────────────────────────────────┘

This program is *SHAREWARE*. Registration details are at the end of this
file. If you use the program on a regular basis you are required to
register it.

> FCHK is distributed 'As is'. You use this <
> software totally at your own risk and we can <
> accept NO responsibility for any damage/loss <
> howsoever caused. If you do not accept the <
> above conditions DO NOT use the software! <

Feedback on this program is welcomed via the Direct-Line Online
System. Call 081-841 1847 Speeds 300/1200/1200-75/2400
081-842 2030 Speeds 300/1200/2400 MNP5
081-842 4176 Speeds 300/1200/1200-75/2400
Set your software for 8/N/1.

INTRODUCTION

FCHK.EXE is a utility to help you detect the start of a computer virus
infection AS SOON AS POSSIBLE. It will ONLY do this however if you run
it regularly AND take note of the information it presents you with. The
best way is to install FCHK in your AUTOEXEC.BAT file so that it is run
at the start of every day.

FCHK works by checking ALL files on the drive:\directory you specify and
maintains a file containing the details of those file. If any of the
files changes FCHK will tell you how it has changed. YOU must decide if
that change (file size, date and time stamp, Read-Only attribute etc.)
is expected/acceptable or not.

You can also tell FCHK to carry out Cyclic Redundancy Checks (CRCs) on
specified files in case any virus tried invading buffers within a file,
(thus avoiding changing the size of the file).

FCHK also attempts to check the boot-sector of the disks it checks -
allowing it to detect the invasion of a boot-sector virus.

Because FCHK has a wide range of options which can be specified either
via a configuration file or command line parameters there is
FCHKCFG.EXE, a utility to help you setup the config file just the way
you want. This also allows you to enter into your copy of FCHK your
unique registration number, which will be sent to you when you register
your copy of FCHK.

FCHKCFG.EXE

This is a configuration program for the File CHecK utility, FCHK.EXE.

It generates a configuration file for FCHK called FCHK.CFG in the
current directory. It also allows you to amend an existing FCHK.CFG as
it will read in any existing file and use those setting as the defaults.

The syntax for this program is:-

FCHKCFG [<.CFG file name>]

Where the optional parameter is the [drive:][\path\]filename of the .CFG
file for FCHK.EXE. If it is omitted FCHKCFG will look in the current
directory for a file called FCHK.CFG. If the .CFG file can not be found
FCHKCFG will create one, either as the name specified on the command
line or as FCHK.CFG in the current directory.

The opening screen presents you with a brief description of the program
and its purpose.

Hitting any key will cause the menu of options to be displayed. The
options available are shown below :-

Items can be selected from this menu by moving the hi-light bar up and
down using the cursor keys and hitting [RETURN] or [ENTER] when the
desired item is hi-lighted (the hi-light bar 'wraps-around' from bottom
to top and vice versa).

Alternatively you can select an item by keying the initial letter of
that item (they have been kept unique for this purpose) and hitting
[RETURN] or [ENTER].

Menu Options

There follows a brief description of each of the options on the menu.

o Monochrome Display
o Colour Display

The first 2 options allow you to specify the type of display you have.
If you select Colour you are then given the opportunity to select the
colours to be used for the 3 types of windows, (Main, Activity and
Warning), used by FCHK.EXE.

o Base Directory

This allows you to select where FCHK will start searching and checking
files from. Without a .CFG file or command line parameter FCHK will
start its search and check operations from the current directory and
will include all subordinate directories.

If no existing .CFG file is found FCHKCFG will offer the root directory
of the current drive for this parameter, otherwise if there is a current
setting it is displayed. There is also displayed a brief description of
the option and a prompt for you to change the default offered. You can
leave the default setting unchanged by just hitting [RETURN].

If you make a change you are prompted to verify and accept the change
before it is stored and the main menu redisplayed. At the accept prompt
you can reply Y for yes accept change, N for no and be prompted again
or Q for quit and leave the default option unchanged.

o Data (Save File) Directory

This option allows you to specify where FCHK is to look for and keep the
file containing all the information about the disk and files being
checked.

By default FCHK assumes the current drive and directory. FCHKCFG will
set this parameter to the root directory of the current drive unless
there is a .CFG file when any existing setting will be displayed, along
with a brief description of the option and a prompt offering you the
chance to change the default. Just hitting [RETURN] will leave the
option unchanged.

If you make a change you are prompted to verify and accept the change
before it is stored and you and the menu redisplayed. At the accept
prompt you can reply Y for yes accept change, N for no and be prompted
again or Q for quit and leave the default unchanged.

o Save File name

The 'Save File' is the file that FCHK maintains containing the details
of the disk and files it checks. By default FCHK uses a file called
DISCOCHK.DTA.

FCHKCFG makes no assumptions about this option but will use the setting
in any existing FCHK.CFG file found. If no .CFG file is found or the
.CFG file does not contain an entry for this option no entry will be
generated.

Any current setting is display, along with a brief description of the
option and a prompt for you to change the default, if any, is issued.
Just hitting [RETURN] will leave the option unchanged. To reset an
existing setting enter a space at the prompt.

If you make a change you are prompted to accept the change before it is
stored and you and the menu redisplayed. At the accept prompt you can
reply Y for yes accept change, N for no and be prompted again or Q for
quit and leave the default unchanged.

o Log Options

By default FCHK displays the details of any changes detected on the
screen. You can redirect this information to either a filename of your
choice or to one of 3 defaults.

FCHKCFG makes no assumptions about this option but will use any setting
in an existing FCHK.CFG file found. Any current setting will be
display, along with a brief description of the option and a prompt for
you to change the default is issued. Just hitting [RETURN] will leave
the option unchanged. To reset an existing setting enter a space at the
prompt.

If you make a change you are prompted to verify and accept the change
before it is stored and you and the menu is redisplayed. At the accept
prompt you can reply Y for yes accept change, N for no and be prompted
again or Q for quit and leave the default unchanged.

o File to CRC Check

FCHK allows you to specify that certain files are to have a more
thorough check, (ie a Cyclic Redundancy Check), carried out on them.

As it is a relatively slow process this option is intended for use with
important files only, like the system files, (usually either IBMBIO.COM
and IBMDOS.COM or IO.SYS and MSDOS.SYS), and COMMAND.COM. You will
probably want to keep the number of files checked this way to a minimum.

FCHK by default does not check any files this way, and you must use the
'/F' option to specify them. FCHKCFG allows you to set these options up
in the .CFG file. FCHKCFG will use any setting in an existing FCHK.CFG
file as the defaults. A brief description of the option will be
displayed, followed by a prompt for you to A(dd)/D(elete)/Q(uit) and
sometimes display M(ore) if there are more files than will fit in the
window.

If you make a change, (select A(dd) or D(elete), you are prompted to
verify and accept the change before it is stored. When you have finished
adding/deleting files to the list selecting Q(uit) will return you to
the menu.

o Once a day only

To prevent FCHK being run every time your machine is re-booted during
the day you can tell FCHK not to run again if it has already been run
today. This option uses the date and time stamp of the Save File to
decide if FCHK has bee run.

FCHKCFG will read any setting for this option from an existing FCHK.CFG
file and use it for the default.

The current default setting plus a brief description of the option and
its meaning is displayed and you are asked if you wish to have FCHK run
the Once only during the day. This can be answered by Y for yes once a
day only, N for no run every time or Q for quit and leave unchanged.

NOTE: even if set to Once only in the .CFG file this can be
over-ridden (like any of the parameters to FCHK) by a command line
parameter, in this case /O- (a hyphen or minus sign after the /O).

o Temporary DOS Shell

If during the course of running FCHKCFG you need to drop back to DOS to
check something or to run another program this option allows you to do
so and then re-enter FCHKCFG when you have finished by typing 'EXIT'.

o Register your copy of FCHK

When you register your copy of FCHK you will be sent a unique
registration number. This option allows you to add that to your copy of
FCHK. Please do not pass any registered copies of FCHK to other people.
You are free to pass on original, unregistered copies.

You will be prompted to enter you number, which will be validated and
the patched into FCHK.EXE. FCHKCFG expects to find FCHK.EXE in the
current drive\directory.

o Abandon - No changes

Allows you to leave FCHKCFG without implementing any changes you have
made during the run. Very useful if you make a mistake and want to
start again.

o Update - Save changes

Exits FCHKCFG saving the changes you have made to a new FCHK.CFG file.

FCHK.EXE - File CHecK utility.

FCHK is a utility designed to be run to check all files within a
directory tree or sub-tree for changes since the previous run of the
program. It also checks the disks Boot-sector, calculating a CRC for the
boot-sector, and will report any change.

There are a number of possible uses for such a program. With the
various options available you can keep an eye on what is being added
to/deleted from your PCs disk. You can spot files 'growing', possibly
due to infection by a virus or tampering. You can tell when the
boot sector CRC changes, again possibly due to infection by a virus.
Use your imagination and you'll think of other uses for FCHK.

The program can be run from hard or floppy disks - or a combination of
both. Some users who are sure that others will not be using their PCs
may wish to include it in their autoexec.bat. Others will prefer to keep
it on floppy disk and to run it on a their PC once in while to see
what's been added/changed since the last run. There are various options
for creating log files etc as below.

Syntax

FCHK [<parameter> [<parameter> ...]]

where valid parameters are :-

/B<base dir> - base directory for search and check

/D<data path> - path FCHK data file

/L[<log option>] - details of logging of changes

/S<save filename> - filename for FCHK to save its data file
too

/F<filename to CRC> - name of a file to carry out additional
CRC checking on

/K<w><bf> - colour for <w>indow, <b>ackground and
<f>oreground

/C - colour display screen

/M - monochrome display screen

/O<+|-> - either <+> once a day only or
<-> every time

/V - request for FCHKs version details

/H - request for FCHKs help screen

/U - update all requested file CRCs (new DOS
version installed etc.).

Command Parameters in more detail

The command parameters can be entered either on the command line, (as
shown above), or by being entered into a configuration file, (see the
section on the FCHKCFG.EXE utility for details of how to create a
config. file). Parameters entered on the command line will over-ride any
parameters in a configuration file.

This configuration file should have the same name as the programs .EXE
file, but with the extension .CFG. This means that if you rename the
program to DISCOCHK.EXE then the .CFG file should be called
DISCOCHK.CFG.

The .CFG file is a plain ASCII text file and can be edited with any
plain ASCII text editor. Using FCHKCFG means some description of all the
options is provided.

Each parameter in the .CFG. file should be on a separate line, and
should start with the command switch character, (either hyphen -, or
forward slash /), in the 1st column. Lines starting with any other
character are treated as documentation and are ignored by FCHK.

The .CFG file should be in the current default directory unless an
environment variable with the same name as the program is defined, (ie.
FCHK by default, but if the program is renamed as mentioned above to
DISCOCHK.EXE then the environment variable should be DISCOCHK). In this
case the file will be looked for in the drive: and/or directory
specified by this environment variable.

To create an environment variable either type at the DOS prompt or
include in your AUTOEXEC.BAT files a command of the form :-

SET FCHK=[drive:]\path\

where [drive:]\path\ is the drive and directory path in which the
program is look for the .CFG file.

The program checks the parameters in the .CFG file first, it then checks
any specified on the command line. This allows you to have a general
default set of parameters set up in the .CFG file but to over-ride them
for special runs if necessary.

Whichever way the parameters are entered, they are case insensitive (ie
can be entered in either upper or lower case).

/B parameter

By default the program starts its file search in the current directory
and will search all directories below the current directory.

This option allows the base directory for the file search to be
specified, (eg. /Bc:\ specifies the root directory of drive C:).

/D parameter

By default the program expects to find a file called DISCOCHK.DTA in the
current directory. This file normally has the Hidden and Read-only
attributes set. It is where the program maintains details of the files
on the disk and directories being checked.

Each time it runs it creates a new version of this file, checks the new
details against the previous, and then deletes the old copy. This does
mean that there should be enough space on the disk used to hold this
file for 2 copies of the file when the program is run.

If you wish to maintain this data file on a different drive and/or
directory the /D flag can be used to specify where the program is to
look for this file. The name of this file can be changed by the /S
parameter, specified later. The /D parameter only allows the drive:
and/or directory where it is kept to be specified.

/L parameter

By default the program displays the details of all the changes it
detects on the screen. This option allows the details to be sent to a
disk file or to the printer, (by specifying PRN).

If you have the .CFG set to log to disk and wish to run the program with
the details coming to the screen, then specifying the /L flag with no
filename will return the option to 'log-to-screen'.

There are 3 special cases of this option, all involve specifying
parameters starting with a commercial at symbol, '@' and having the log
filename generated by the computer.

1 - @DATE causes the log filename to be set to the date
and time of the run in the format MMDDhhmm.LOG
where
MM = month,
DD = day,
hh = hours,
mm = minutes.

If you use this option it is up to you to decide how
long to keep the log files and to delete old ones
(perhaps monthly by deleting all MM*.LOG files).

2 - @DAY causes the log filename to be set to the day
the program was run, in the format ddd.LOG where ddd
is SUN, MON, TUE, WED, THU, FRI, SAT. This would
mean that there would be a cycle of 7 log files used
in rotation.

3 - @ on it's own, causes the log file to be called
the same name as the program with extension .LOG.
(ie FCHK.LOG by default).

/S parameter

This option allows the you to specify the name for the file in which the
program will keep the details of the files found. By default this file
is called DISCOCHK.DTA, but if you wish to maintain files for several
hard disk on one floppy disk, (or vice versa), you can use this option
to provide different names.

This option should only be used to specify the file name, use the /D
option above to specify the drive and directory for this file.

/F parameter

This option has no default. It allows you to do additional checks on
individual files. It invokes a CRC check of the file specified.

It is envisaged that only the essential system files, (ie. COMMAND.COM,
IO.SYS and MSDOS.SYS on MS-DOS and COMMAND.COM, IBMBIO.COM and
IBMDOS.COM on PC-DOS), will be checked as a general rule.

The 1st time the program checks a file it creates a hidden, read-only
file in the same directory as the Save File with the same name but an
extension of .CRC in which it stores the CRCs for the files checked.
On future runs it checks the file CRCs against those in this file and
will report any changes.

It is also recommended that you make a note of the CRCs for the
boot-sector and any files CRC'd and occasionally make a manual check -
just in-case someone comes up with a program that knows about this check
and 'fixes' the CRC file. The CRC is reported to the same log, (screen
or file) as used by the rest of the program.

/K parameter

This option allows you to select the colours used for the various
windows that the program uses.

The full syntax for this option has a sub-option specifying the type of
window, followed by the background and foreground colours to use.

eg.
/k<w><bf>

The valid values for <w> are:-

m - Main window

a - Activities windows

w - Warnings windows

The colours to use, <bf> for <b>ackground and <f>oreground, should be
entered as a two-digit hexadecimal number, the 1st digit being the
background colour and can be in the range 0 - 7, the 2nd digit being the
foreground colour and can be in the range 0 - F.

The following table gives details of how these values map onto actual
colours.

Hex digit Colour
0 Black
1 Blue
2 Green
3 Cyan
4 Red
5 Magenta
6 Dark Yellow (brown)
7 White (light grey)
8 Dark Grey
9 Bright Blue
A Bright Green
B Bright Cyan
C Bright Red
D Bright Magenta
E Bright Yellow
F Bright White

/C parameter
This parameter specifies that you have a colour display and will result
in FCHK displaying the screen windows it uses in colour. The colours
used can be specified using the above /K parameter.

/M parameter
This parameter specifies that you have a monochrome screen or do not
want colours used when FCHK displays data on the screen.

/O parameter
This option allows you specify whether FCHK is to be run every time your
machine is re-booted or only the 1st time each day.

The syntax of this option is:-
Once only
/O+
or Every time
/O-
The default (ie. if the switch is not specified) is every time.

This option uses the time/date stamp for the save file (DISCOCHK.DTA or
whatever is specified by the /S parameter) and the date and time
maintained by the machine. It is therefore important that the machine
has the correct date and time for this option to work reliably.

/V parameter
When this parameter is used FCHK will only display its version number
details. It will NOT do any file or disk checking.

/H parameter
When this parameter is used FCHK will only display its help screen. It
will NOT do any file or disk checking.

/U parameter
This parameter is intended for use from the command line when you wish
to update the CRC details held for files that are normally CRC checked.
This allows you to install a new version of DOS or other software and
avoid the constant reporting of CRC failures.

A example of FCHK.CFG set for colour screen and logging changes to a
disk file.

This is the third major release version of this program and it contains
several significant improvements over the 1st 2 releases. If you would
like to register your copy please send £20 to:

Direct-Line Cheques or Postal Orders should be made out to
44 Rydal Way 'PC Support'.
Ruislip
Middx
HA4 ORU

You will be sent a unique registration number to enter via the FCHKCFG
program to register your copy of FCHK. Please state your name and
address on the back of the cheque or in a letter accompanying it.

[END]