New AV emergency utility

[null]

I've advertised this on the virus newsgroups and thought I'd mention
it here as well. The free download from my web site is named
EMERG-UP.EXE

I'm quite enthused about this particular utility since it's based on
the KAV scan engine, and it offers cleaning capability. While I've
characterised it as a emergency utility, it's also very useful as a
on-demand scanner since I've equipped it with a updater. I highly
recommend using it before backing up. It scans memory, the registry,
and system files in a short time (takes just a couple of minutes on my
system). It uses the so-called extra defs so you get additional
coverage of dialers, pornware, adware, etc., over and above that
supplied by AdAware and Spybot. And KAV is excellent for Trojans and
general "zoo" malware, as well as ITW (In The Wild).

When exiting the scanner, you do get a nag to purchase Escan from
Microworld Systems. So it's not "pure" freeware. I've used their free
MWAV.EXE offering, and my added stuff extracts the files from it and
adds a def file updater.


Art
http://www.epix.net/~artnpeg

 

[Vrodok the Troll]

On Thu, 12 Aug 2004 22:04:56 GMT, in Newsgroup--> alt.comp.freeware, the
personage of (e-mail address removed), courtesy of Message-id

I've advertised this on the virus newsgroups and thought I'd mention
it here as well. The free download from my web site is named
EMERG-UP.EXE

I'm quite enthused about this particular utility since it's based on
the KAV scan engine, and it offers cleaning capability. While I've
characterised it as a emergency utility, it's also very useful as a
on-demand scanner since I've equipped it with a updater. I highly
recommend using it before backing up. It scans memory, the registry,
and system files in a short time (takes just a couple of minutes on my
system). It uses the so-called extra defs so you get additional
coverage of dialers, pornware, adware, etc., over and above that
supplied by AdAware and Spybot. And KAV is excellent for Trojans and
general "zoo" malware, as well as ITW (In The Wild).

When exiting the scanner, you do get a nag to purchase Escan from
Microworld Systems. So it's not "pure" freeware. I've used their free
MWAV.EXE offering, and my added stuff extracts the files from it and
adds a def file updater.


Art
http://www.epix.net/~artnpeg

Thanx

 

[Roger Johansson]

This prog is a zip file and can be opened instead of running it.

The bat files did not work for me, it is the wget which hangs up after
logging in to the ftp site, I get an error message.
Wget seems to be very slow and does not work as it should.

But I used the lines in the bat files and downloaded the stuff with
Opera instead.
ftp://downloads-eu1.kaspersky-labs.com/updates_zip/ has the current
virus definition files
http://www.kaspersky.com/avupdates has the virus updates too.

This prog looks good, it is fast and it found a virus I did not know
about before.

 

[null]

This prog is a zip file and can be opened instead of running it.

The bat files did not work for me, it is the wget which hangs up after
logging in to the ftp site, I get an error message.
Wget seems to be very slow and does not work as it should.

Maybe you're experiencing firewall interference? There's a .wgetrc
file I can include which sets passive mode on.

But I used the lines in the bat files and downloaded the stuff with
Opera instead.
ftp://downloads-eu1.kaspersky-labs.com/updates_zip/ has the current
virus definition files

With the extra defs.

http://www.kaspersky.com/avupdates has the virus updates too.

But not the extra defs. Did you have a problem with the ftp site my
bat file uses for updates?

This prog looks good, it is fast and it found a virus I did not know
about before.

That's likely to happen in far too many cases. People tend to use just
one scanner. The most popular free ones aren't as good as KAV by a
long shot. They can be infested with some RAT or backdoor or I-worm
and not be aware of it.

That's why I'm enthused about this particular offering. It affords
users a top notch av scan with cleaning capability on-demand. And it's
far better to use this resident scanner than any on-line scan.

Please contact me via email concerning support issues. I'd like to
know about your problems with this util and help fix them if I can.
My addy is artnpeg at epix dot net.


Art
http://www.epix.net/~artnpeg

 

[Roger Johansson]

Maybe you're experiencing firewall interference? There's a .wgetrc
file I can include which sets passive mode on.

I don't think there should be any problems. I use Kerio 2.1.5 and I gave
wget permission to go through it, just like I do with other internet
progs.
I do not know what passive mode means.
If the wget.rc file is not too big maybe you could include it in a
message here?

With the extra defs.


But not the extra defs. Did you have a problem with the ftp site my
bat file uses for updates?

The problem was that there were so many small files to download from
that site, the zipped files at the other sites were fewer and easier to
download. (the bat files did not work so I had to download files
manually, one by one)

I simply downloaded all files I could find and copied them to the
folder, overwriting all older. (file dates are preserved when the files
are zipped so I think I got the latest version of all files)

That's why I'm enthused about this particular offering. It affords
users a top notch av scan with cleaning capability on-demand. And it's
far better to use this resident scanner than any on-line scan.

Yes, it looks like a very good antivirus program. I just need to find
the most efficient way to keep it updated.

Wget is the problem, some people say it works very well, others say it
doesn't work, and it doesn't work for me.
Maybe there is an alternative to wget, or we could find out why it
doesn't work for everybody.

 

[null]

I don't think there should be any problems. I use Kerio 2.1.5 and I gave
wget permission to go through it, just like I do with other internet
progs.
I do not know what passive mode means.

Allowing wget isn't the issue. It's a matter of the differences
between ftp active and passive modes. You can Google up tutorials on
the subject easily, and there's no point in getting into it here. Some
firewalls automatically block the ftp active mode protocol. And this
is the only reason I can see for you to be having problems with wget.
My F-Prot updaters have been using wget for years. and I haven't heard
any complaints. But I did forget to include the .wgetrc file since I
don't need it myself.

If the wget.rc file is not too big maybe you could include it in a
message here?

In a text editor create this simple text line:

passive_ftp=on

Save it as .WGETRC

I know that looks weird, but it must be exactly as I've typed it with
a period and then 6 letters. This .wgetrc file must be in the working
directory.

The problem was that there were so many small files to download from
that site, the zipped files at the other sites were fewer and easier to
download. (the bat files did not work so I had to download files
manually, one by one)

With a auto-updater which only downloads files which are newer, it's
preferable to use the individual unzipped files. Most updates are
small dailys and fairly small weeklys.

I simply downloaded all files I could find and copied them to the
folder, overwriting all older. (file dates are preserved when the files
are zipped so I think I got the latest version of all files)

It's difficult to do manual updating of KAV defs correctly without an
auto-updater. The AVP.SET file must accurately reflect the actual set
of updated files. And that can get tricky.

Yes, it looks like a very good antivirus program. I just need to find
the most efficient way to keep it updated.

Wget is the problem, some people say it works very well, others say it
doesn't work, and it doesn't work for me.
Maybe there is an alternative to wget, or we could find out why it
doesn't work for everybody.

With the .wgetrc file in the working folder, and my UPD.BAT file in
that same working folder, try UPD.BAT I don't know of any reason why
it shouldn't work for you.

Meanwhile, I'll update the EMERG-UP.EXE file to include .wgetrc as I
should have done in the first place


Art
http://www.epix.net/~artnpeg

 

[null]

Meanwhile, I'll update the EMERG-UP.EXE file to include .wgetrc as I
should have done in the first place

It's now been added. There is a note to that effect.


Art
http://www.epix.net/~artnpeg

 

[Roger Johansson]

passive_ftp=on

Save it as .WGETRC

I know that looks weird, but it must be exactly as I've typed it with
a period and then 6 letters. This .wgetrc file must be in the working
directory.

Done this, but it doesn't help.
Wget still gets stuck, after logging in successfully it stops at the
list command, waiting for a minute or so.
It ends with this message:
Error in server response, retrying. And it starts all over again.

But I get the same result from another ftp-prog, the one built into
total commander, it gets stuck on the list command too, on this site.

The ftp in Opera works fast on this site.
Maybe there is a problem with this server, which Opera knows how to
overcome but older ftp-progs cannot handle?

Some more testing of wget shows that it behaves very badly in my win98
machine, it stays active even if I use a task manager and try to kill
it. I tried two good task managers and could not stop it from running.
I guess I'll have to reboot to get rid of it.

 

[Tarapia Tapioco]

I've advertised this on the virus newsgroups and thought I'd mention
it here as well. The free download from my web site is named
EMERG-UP.EXE

I'm quite enthused about this particular utility since it's based on
the KAV scan engine, and it offers cleaning capability. While I've
characterised it as a emergency utility, it's also very useful as a
on-demand scanner since I've equipped it with a updater. I highly
recommend using it before backing up. It scans memory, the registry,
and system files in a short time (takes just a couple of minutes on my
system). It uses the so-called extra defs so you get additional
coverage of dialers, pornware, adware, etc., over and above that
supplied by AdAware and Spybot. And KAV is excellent for Trojans and
general "zoo" malware, as well as ITW (In The Wild).

When exiting the scanner, you do get a nag to purchase Escan from
Microworld Systems. So it's not "pure" freeware. I've used their free
MWAV.EXE offering, and my added stuff extracts the files from it and
adds a def file updater.


Art
http://www.epix.net/~artnpeg

It certainly looks good, but I'm having problems working out which files should go where.
Should everything (executable, bat files, virus definitions etc) be placed in & run from
c:\mwavscan? Also, what files should I use if necessary to update. There are quite a few .bat
files, but should I use them or just the .exe file?

Also, when downloading the updates, I get a bad command or file name message after downloading
quite a few definition files & everything stops. Should this be the case, or should the updater
skip that bad file/command or whatever & move on to the next command/file?

It's a bit frustrating as I really want to try it. I am also on dial-up, so it has been quite a
time-consuming process & I still haven't had the chance to run a virus check after more than 2
hours of trying to install it.

Any help would really be appreciated.

 

[null]

It certainly looks good, but I'm having problems working out which files should go where.

I don't understand. That's taken care of when you run emerg-up.exe
Did you not do that?

Should everything (executable, bat files, virus definitions etc) be placed in & run from
c:\mwavscan?

When you run emerg-up.exe it runs a batch file named mw-up.bat
Then you'll see a info screen. It explains what the batch file will
do. The installation is automatic. The running of the updater and the
av are automatic the first time you run emerg-up.exe

Also, what files should I use if necessary to update. There are quite a few .bat
files, but should I use them or just the .exe file?

The info screen explains that you can use UPD.BAT for updating. And
that the av program name is MWAVSCAN.EXE

Also, when downloading the updates, I get a bad command or file name message after downloading
quite a few definition files & everything stops. Should this be the case, or should the updater
skip that bad file/command or whatever & move on to the next command/file?

It's a bit frustrating as I really want to try it. I am also on dial-up, so it has been quite a
time-consuming process & I still haven't had the chance to run a virus check after more than 2
hours of trying to install it.

Any help would really be appreciated.

Go back to square one and run emerg-up.exe. What happens?


Art
http://www.epix.net/~artnpeg

 

[null]

Done this, but it doesn't help.
Wget still gets stuck, after logging in successfully it stops at the
list command, waiting for a minute or so.
It ends with this message:
Error in server response, retrying. And it starts all over again.

But I get the same result from another ftp-prog, the one built into
total commander, it gets stuck on the list command too, on this site.

The ftp in Opera works fast on this site.
Maybe there is a problem with this server, which Opera knows how to
overcome but older ftp-progs cannot handle?

Some more testing of wget shows that it behaves very badly in my win98
machine, it stays active even if I use a task manager and try to kill
it. I tried two good task managers and could not stop it from running.
I guess I'll have to reboot to get rid of it.

It's really strange since I used to use wget with Win 98 original and
never had any problems. Now I'm using it with Win ME with no problems.

You claim that it's the ftp site my util uses, but have you tried a
different site? Or does wget just give you problems, period?


Art
http://www.epix.net/~artnpeg

 

[Roger Johansson]

It certainly looks good, but I'm having problems working out which files
should go where.
Should everything (executable, bat files, virus definitions etc) be placed in & run from
c:\mwavscan?
Yes

Also, what files should I use if necessary to update.
There are quite a few .bat
files, but should I use them or just the .exe file?

mw.bat is used to set up the program and the rest of the system.
upd.bat is used to update the virus definitions.

run mwav.exe to use the program.
It works fine for me.

(except for my problems with wget, but I hope it works for you)

Also, when downloading the updates, I get a bad command or file name
message after downloading
quite a few definition files & everything stops. Should this be the
case, or should the updater
skip that bad file/command or whatever & move on to the next command/file?

I never got that far, but this strengthens my suspicions that that
russian ftp server is not working 100% correctly.

It's a bit frustrating as I really want to try it.

You can download the virus definition files manually and place them in
the same directory. That is what I did.

 

[null]

I never got that far, but this strengthens my suspicions that that
russian ftp server is not working 100% correctly.

BTW, that particular site is the one I use routinely for updating KAV.
In the one case, KAV version 3.5 (a GUI version) is set to update from
that site. In another case, I use wget with a batch on that site to
update KAVDOS32. Been doing that for a long time with no problems. And
I must have used it a hundred times over the last few days while
testing and debugging the subject utility. Fortunately, I have DSL
service. You don't want to develop updater utils without it It
would take forever to test stuff out.

Anyway, I'm curious to know if you change the site in the UPD.bat file
if that works. If so, it's _really_ nutty!


Art
http://www.epix.net/~artnpeg

 

[null]

Something else occured to me. I wonder if you dialup and connect first
before running emerg-up.exe? Does that make a difference? Maybe
something to do with a dial-on-demand setting in your DUN? It's been a
long time since I used dialup, and I haven't tested lately using DUN.


Art
http://www.epix.net/~artnpeg

 

[Roger Johansson]

mw.bat is used to set up the program and the rest of the system.
upd.bat is used to update the virus definitions.

run mwav.exe to use the program.
It works fine for me.

Correction, when I run mwav.exe it unpacks files to windows/temp and
then runs the program from there. It looked like it worked but was not a
good method.

I guess the results of the unpacking should be moved to the program
folder, I will try that.

I tried now to run the emerg-up.exe, to fix the problem, but it hangs
when it gets to the bat file.

I prefer zip files and manual installing, because I can see what I am
doing, I don't have to worry about viruses in exe files, I have more
control over what is happening. So if I can find the necessary files and
download them myself I prefer that to running an exe file.

Self-unpacking zip files often go wrong, like here, and there are no
checks in such an exe file to fix problems which may appear.

Damn, now I find that the emerg-up.exe has deleted all files in the
mwavscan folder, so I have to start over from the beginning.
That is another problem with simple bat files in a self-executing zip
file, it can cause problems it cannot fix.
Maybe the content of the folder should not be deleted permanently until
the new content has been installed.

 

[null]

I tried now to run the emerg-up.exe, to fix the problem, but it hangs
when it gets to the bat file.

When it gets to the batch file or when you see the batch file info
message and the "press any key" prompt? As soon as you press a key, it
attempts to download mwav.exe from the microworld ftp site. Is that
where it hangs?


Art
http://www.epix.net/~artnpeg

 

[Roger Johansson]

It's really strange since I used to use wget with Win 98 original and
never had any problems. Now I'm using it with Win ME with no problems.

You claim that it's the ftp site my util uses, but have you tried a
different site? Or does wget just give you problems, period?

Wget does not seem to work.
And the site looks flaky too.

I have found another way to install this prog:

Download these two files:
ftp.microworldsystems.com/download/tools/mwav.exe
and the emerg-up.exe from Art's site.

Unpack both and put the results in a folder.
Run the program by running the mwavscan.com file, update the virus files
with the kavupd.exe program.

Does this update method work correctly?
I hope so. It looks like it works.

 

[Roger Johansson]

When it gets to the batch file or when you see the batch file info
message and the "press any key" prompt? As soon as you press a key, it
attempts to download mwav.exe from the microworld ftp site. Is that
where it hangs?

It hangs when trying to download the mwav.exe because the wget prog does
not work.
I fixed that problem by downloading mwav.exe manually instead.

I do not need to use wget, I think, so it works well now.

Why are you updating the def files with a bat file, why not use the
kavupd.exe which seems to work without problems?

Anyway, the program works now, it is chewing away at the files in
F:\newprogs while I write this.

 

[null]

with the kavupd.exe program.

Does this update method work correctly?
I hope so. It looks like it works.

No, or I would have used it. It creates a folder named Downloads and
puts the def in it. I didn't want to use a folder with that name since
it might well conflict with an existing folder by that name.

If you want to use it that way, you'll have to copy the def files from
c:\Downloads to c:\mwavscan


Art
http://www.epix.net/~artnpeg

 

[null]

Why are you updating the def files with a bat file, why not use the
kavupd.exe which seems to work without problems?

See my response to your other post on this. It doesn't work.

Anyway, the program works now, it is chewing away at the files in
F:\newprogs while I write this.

That's good, but you didn't actually update. And I don't recommend
using the program to scan all folders. Just use the default setting
which only scans the system area. The problem is that any false alarm
where KAV "thinks" there's a Trojan, it will erase the file. And
there's no way to disable that dangerous behaviour of "shoot first and
ask questions later"


Art
http://www.epix.net/~artnpeg