Kaspersky Lab KASPERSKY INSPECTOR 3.5 FOR WINDOWS User Manual

KASPERSKY LABS

Kaspersky Inspector 3.5

for Windows

USER GUIDE

KASPERSKY INSPECTOR 3.5 FOR WINDOWS

User

Guide

 Kaspersky Labs Ltd.

Tel. +7(095)797-87-00 • Fax +7(095)948-43-31

Visit our WEB site:

http://www.kaspersky.com/

Contents

1. Kaspersky Inspector for Windows ....................... 8

1.1. Features and function............................................. 8

1.2. Features of Kaspersky Inspector™ under

MS Windows NT ................................................................ 10

1.3. New features of Kaspersky Inspector 3.5 ......... 10

1.4. Distribution kit ....................................................... 11

1.4.1. What is in your KAV distribution kit ........... 11

1.4.2. License agreement........................................ 11

1.4.3. Registration card ........................................... 12

1.5. Help desk for registered users ............................ 12

1.6. Information in the book ....................................... 13

2. Installing Kaspersky Inspector ........................... 14

2.1. Software and hardware requirements ............... 14

2.2. Running setup wizard........................................... 15

2.2.1. Installing

2.2.2. Reinstalling..................................................... 25

2.2.3. Removing........................................................ 27

2.3. The .KEY File.......................................................... 30

......................................................... 15

3. The program’s Operation Concept ..................... 31

3.1. Checks that Kaspersky Inspector performs ...... 32

3.2. Analysing changes on your disk.......................... 33

3.3. Searching for stealth viruses............................... 35

3

3.4. Deleting viruses using KAVI Cure Module™ ......36

3.4.1. KAVI Cure Module for Windows ..................36

3.4.2. KAVI Cure Module for DOS32 ......................37

3.5. Checking the OS parameters during the boot

(the KAVIBOOT.VXD driver).............................................38

4. Kaspersky Inspector Interface.............................39

4.1. Main window...........................................................39

4.2. Menu-bar.................................................................41

4.3. Tool-bar...................................................................42

4.4. Icon-bar...................................................................44

4.5. Work-area ...............................................................45

4.6. Status-bar ...............................................................46

4.7. Interface elements for programm settings........46

4.7.1. Settings’ tree

..................................................47

4.7.2. Controls ...........................................................47

4.7.3. Control indicators...........................................51

5. Starting Kaspersky Inspector............................... 54

5.1. How to start the program.....................................54

5.1.1. Starting the program using the MS Windows

Start menu ......................................................................54

5.1.2. Starting Kaspersky Inspector from the

command line.................................................................55

5.1.3. Starting Kaspersky Inspector using Control
Centre 59

5.2. Starting the program the first time.....................59

5.3. Starting to check for changes on your disk.......60

5.3.1. Checking for changes on the disk ...............60

5.3.2. Creating new tables.......................................60

5.4. Starting to search for stealth viruses..................61

6. Customising Kaspersky Inspector.......................63

4

6.1. The Options work-area: Selecting general

options ................................................................................ 63

6.1.1. Using the wizard to define general settings

64

6.1.2. Defining the location of working files and

folders. Check modes ................................................... 69

6.1.3. File check parameters .................................. 71

6.1.4. These checks can be disabled..................... 78

6.1.5. Selecting options for Cure Module ............. 79

6.1.6. Selecting options for the anti-virus scanner

81

6.1.7. Selecting options for the performance report
82

6.2. The Objects work-area: Selecting options for

every drive to be checked................................................ 84

6.2.1. Defining check parameters for hard,

network and logical drives........................................... 84

6.2.2. Defining how to access a drive................... 85

6.2.3. Items to be checked on the drive............... 87

6.2.4. Defining how to calculate CRC values ....... 87

6.2.5. Checking for stealth viruses ........................ 88

6.2.6. Advanced settings......................................... 89

6.3. Saving and loading settings................................. 89

7. Viewing Check Results............................................ 91

7.1. The Statistics work-area: Viewing Kaspersky

Inspector performance statistics .................................... 91

7.2. The Disks work-area: Viewing changes detected

92

7.3. The Disks work-area: Working with modifications

detected.............................................................................. 95

7.4. The Disks work-area: Master Boot Record details

98

5

7.5. The Disks work-area: Boot Record details.........99

7.6. The Registry work-area: Viewing modifications in

registry files ......................................................................101

7.7. Disks and Registry work-areas:

Allowing/prohibiting to change KAVI tables ................104

8. Running KAVI Cure Module for DOS32 ...........106

8.1. KAVI Cure Module for DOS32 ............................106

8.2. Launching KAVI Cure Module for DOS32.........107

8.3. Creating Cure diskette ........................................108

9. Messages about Suspicious Changes............... 110

9.1. Messages: when the check is completed.........110

9.1.1. Boot or Master Boot record changed........112

9.2. New bad clusters appeared................................113

9.3. Stealth virus detected .........................................113

9.4. Troubleshooting ...................................................115

10. Warnings and Error Messages........................116

10.1. Messages: launching or running Kaspersky

Inspector ...........................................................................118

10.2. Messages: checking Master Boot and Boot
records 119

10.3. Messages: checking debug registers ............119

10.4. Messages: launching Kaspersky Inspector ..120

10.5. Messages of the KAVIBOOT.VXD driver.......121

11. Kaspersky Labs Ltd.............................................125

11.1. About Kaspersky Labs.....................................125

11.2. Other Kaspersky Labs Products....................126

11.3. Kaspersky Labs Contact Information............131

6

Dear Customer,

Thank you for choosing Kaspersky Anti-Virus to protect your computer

from viruses. We have worked hard to make this product meet the

highest possible standards and feel sure that you will find it efficient and

effective. By choosing our software, you acquire the unbeatable

protection against viruses.

Our company always seeks to make the software products more friendly

and easy-to-use while keeping their functionality at the same level.

Kaspersky Anti-Virus provides its users with the highly reliable anti-virus

protection, heuristic code-analyser, ability to check for viruses in all the

commonly used mail formats and compressed files, easy-to-use anti-

virus managing tools. Furthermore the user is provided with round-the-

clock technical support, information service, personal attention to every

client and immediate response to new viruses.

We highly appreciate your confidence in our product and hope you'll find

it fairly efficient and useful.

Kaspersky Labs

7

Chapter

1

1. Kaspersky Inspector for
Windows

What is Kaspersky Inspector for Windows?
Distribution kit.

1.1. Features and function

Kaspersky Inspector™ (KAVI) is an integrity checker running
under Microsoft Windows 95/98/ME
NT/2000

Kaspersky Inspector checks disks for modifications in files and
directories. The program can be used as a supplementary anti-virus
program to monitor changes on the disk.

The program reduces the time you need to check your computer
using the KAV scanner, since now, your Kaspersky Inspector will
provide the scanner with information about the files that have been
changed or created, and the scanner will check for viruses in those
files only.

®

.

8

®

or Microsoft Windows

KASPERSKY ANTI-VIRUS

While checking for changes on your disk the program collects the
data and saves it to the table. This table contains images of your
Master Boot and Boot records, the list of bad clusters, the schema
of your directory tree and information about every controlled file.

Kaspersky Inspector accesses your disks directly via the IOS
(Input-Output Supervisor) driver without using the conventional
methods (the 21h and 13h interrupts). This feature allows the
program to detect and kill even the most dangerous stealth viruses
that settle themselves in the computer memory and process those
vital for your computer interruptions.

Besides, Kaspersky Inspector remembers and, when started again,
checks the size of available DOS memory (most boot viruses
change the size of random access memory), and the quantity of
hard drives installed.

The main features of Kaspersky Inspector are the following:

 accesses the disks directly via the IOS (Input-Output

Supervisor) driver, bypassing DOS resident viruses (boot
viruses in particular, since they intercept the 13h interruption
when the computer is booted).

 allows to recover boot sectors on the disks.

 allows to check network and compressed drives.

 allows to read FAT12, FAT16, VFAT32, NTFS file systems

without using the corresponding OS functions.

 analyses files while searching for the identical change in their

sizes.

 processes OLE2 documents (the Word, Excel and Access

documents).

 allows to recover DOS and Windows 95/98/NT executable files

(KAVI Cure Module provides this possibility).

9

KASPERSKY INSPECTOR

 allows to detect stealth viruses in the wild.

1.2. Features of Kaspersky

Inspector™ under
MS Windows NT

Due to architectural features of Microsoft Windows NT®, while
running in this environment Kaspersky Inspector does not check:

• debug registers;

• size of the available DOS memory.

Other functions of Kaspersky Inspector are performed under
Microsoft Windows in corpora.

1.3. New features of Kaspersky

Inspector 3.5

In this version we introduce new user interface
(see chapter Ошибка! Источник ссылки не найден.). This
interface solution allows you to understand more clearly both the
hierarchy of general settings (see subchapter 6.1) and the hierarchy
of settings for various drive types (see subchapter 6.2).

10

KASPERSKY ANTI-VIRUS

1.4. Distribution kit

1.4.1. What is in your KAV distribution kit

Your KAV distribution kit contains the following items:

• license agreement;

• sealed envelope with diskettes (or CD) containing the

program installation files;

• Kaspersky Inspector 3.5 User Guide;

• registration card.

 Before you unseal the envelope with diskettes (or CD)

make sure to review thoroughly the license agreement.

1.4.2. License agreement

License Agreement is a legal agreement between you (either an
individual or a single entity) and the manufacturer (Kaspersky Labs
LTD) describing the terms on which you may employ this anti-virus
product.

 Make sure to peruse this LA!

If you do not agree to terms of this LA, Kaspersky Labs is not willing
to license the software product to you and you should return the
unused product to your KAV dealer for a full refund, but make sure
the envelope with CD (or diskettes) is sealed.

11

KASPERSKY INSPECTOR

IF YOU UNSEAL THE ENVELOPE IT MEANS THAT YOU
AGREED TO ALL THE LA TERMS.

1.4.3. Registration card

To register you must fill the detachable coupon of your registration
card (your full name, phone and e-mail address) and mail it to the
Kaspersky Labs legal dealer that sold this kit to you.

If your mail/e-mail address or phone number changed please notify
the entity to which you mailed the coupon.

When registered you obtain the status of Kaspersky Labs legal
customer and will be provided with the product support and anti­virus database updates for the period of your subscription.
Furthermore Kaspersky Labs provides Kaspersky Anti-Virus
registered users with information about the new products released
by the company.

1.5. Help desk for registered

users

Kaspersky Labs offers a large service package enabling its legal
customers to employ Kaspersky Inspector efficiently.

If you register and purchase a subscription you will be provided with
the following services for the period of your subscription:

• anti-virus database WEEKLY updates;

• new versions of the Kaspersky Labs anti-virus software

provided on the FREE basis;

12

KASPERSKY ANTI-VIRUS

• PHONE, E-MAIL or IN-OFFICE advising on matters
related to the operation of our anti-virus software;

• information about the Kaspersky Labs new products
and about new computer viruses.

 For more information about our services refer to your

README.TXT.

 Kaspersky Labs does not provide information related to

operation and use of your operation system, and various
technologies.

1.6. Information in the book

This book contains information on how to install, customise and
manage the software product, explains its basic concepts and the
way they can be applied, recommends how to manage and change
settings.

13

Chapter

2

2. Installing Kaspersky
Inspector

Installing the program.
The KEY file.

2.1. Software and hardware

requirements

In order to install Kaspersky Inspector you need a system that
meets the following requirements:

• IBM PC (or 100% compatible computer) with the MS
Windows

it;

• minimum 16Mb of RAM (32 Mb is advisable) for
Windows
is advisable) for Windows NT

• minimum 5 Mb of free space on the hard disk.

®

95/98/NT operation system pre-installed on

®

95/98, and minimum 32 Mb of RAM (64 Mb

14

®

;

KASPERSKY ANTI-VIRUS

2.2. Running setup wizard

2.2.1. Installing

 To install the Kaspersky Inspector program on your

file server, follow the steps:

1. Insert the supplied CD into the CD-ROM drive of your
computer.

2. Start the Setup wizard program - setup.exe.

3. The Setup wizard will start (figure 1 and 2). Follow
instructions on your screen.

Figure 1. The InstallShield Wizard progress box

15

INSTALLING KASPERSKY INSPECTOR

Figure 2. The Welcome wizard window

4. Read the window message and click the Next button
to continue the installation. The License Agreement
wizard window will appear on your screen (figure 3).

16

KASPERSKY ANTI-VIRUS

Figure 3. The License Agreement wizard window

5. Review all the agreement terms. If they are

acceptable click the Yes button to continue the
installation. Click No to abort the installation if the
terms are not acceptable. If you accepted the terms,
the Customer Information wizard window will appear
on your screen (figure 4).

17

INSTALLING KASPERSKY INSPECTOR

Figure 4. The Customer Information wizard window

6. Enter your name and your company name into the User
Name and Company Name text fields. Then click the Next
button. The Choose Destination Location wizard window will
appear on your screen (figure 5).

18

KASPERSKY ANTI-VIRUS

Figure 5. The Choose Destination Location wizard window

7. In this window you must select the destination location
for your Kaspersky Inspector software to be installed
into:

• Click the Browse button and use the
Choose Folder wizard window (figure 6) to

choose the folder.

• Click ОК.

• In the Choose Destination Location wizard

window click the Next button to continue the
installation.

19

INSTALLING KASPERSKY INSPECTOR

Figure 6. The Choose Folders wizard window

8. In the Select Program Folder wizard window

(figure 7) you must select the Kaspersky Inspector
program group in the Windows Start menu. When
done, click the Next button to continue the installation.

20

KASPERSKY ANTI-VIRUS

Figure 7. The Select Program Folder wizard window

9. In the Key File wizard window (figure 8) you must

choose the name of your key file (see subchapter 2.3)
and the path to it. If the file is located in the folder you
are installing from, it will be displayed in the List of
key files to install list. If the file is located in some
other folder, click the Add button and select your file
in the Select Key File wizard window (figure 9). If
necessary, you can use more than one key file at a
time. After you specified all the key files that you want
to install, press the Next button to continue the
installation.

21

INSTALLING KASPERSKY INSPECTOR

Figure 8. The Key File wizard window

Figure 9. The Select Key File wizard window

22

KASPERSKY ANTI-VIRUS

10. In the Start Copying Files wizard window (figure 10)

on your screen review and check current settings of
your Setup wizard. Click Next for the Setup wizard to
start copying files on your server, and then wait a
minute or two while the installation proceeds
(figure 11).

Figure 10. The Start Copying Files wizard window

23

INSTALLING KASPERSKY INSPECTOR

Figure 11. The Setup Status wizard window

11. After the Kaspersky Inspector software has been

copied to your hard disk the InstallShield Wizard
Complete (figure 12) wizard window will be displayed.
For the software to be correctly installed on your
computer, check the Yes, I want to restart my
computer now check box and click the Finish button.

Before you click the Finish button, make sure to exit all



Windows applications that are currently running.

24

KASPERSKY ANTI-VIRUS

Figure 12. The InstallShield Wizard Complete wizard window

2.2.2. Reinstalling

If when running the installation wizard finds a copy of Kaspersky
Inspector on your computer, the Welcome wizard window
(figure 13) with the following option buttons will appear on your
screen:

• Modify — adds new components to the package

components that have been installed on your computer
before.

• Repair — reinstalls all the package components.

• Remove — removes the Kaspersky Inspector copy

from your computer (see subchapter 2.2.3).

25

INSTALLING KASPERSKY INSPECTOR

To select one of the options you must enable the corresponding
option button and click the Next button.

Figure 13. The Welcome wizard window

If you selected to Modify the installed package and clicked the
Next button the Select Components wizard window (figure 14)
allowing you to choose exactly which components to install will
appear on your screen.

Select the components by checking the appropriate check boxes
and click the Next button. The following wizard windows will appear
on your screen one after another: Setup Status (see figure 11)
and InstallShield Wizard Complete (see figure 12). To move
from one wizard window to another click the Next button.

26

KASPERSKY ANTI-VIRUS

Figure 14. The Select Components wizard window

If you selected to Repair the installed package and clicked the

Next button the Setup Status (see figure 11) and InstallShield
Wizard Complete (see figure 12) will appear on your screen one

after another. You can choose this mode if you accidentally deleted
some files belonging to Kaspersky Inspector

2.2.3. Removing

If by some reasons you want to remove Kaspersky Inspector from
your computer, select the Remove option button in the Welcome
wizard window (see figure 13) and click the Next button.

The wizard window asking you to confirm the removal (figure 15)
will appear on your screen. To start the process click the ОК button

27

INSTALLING KASPERSKY INSPECTOR

in this window. The installation wizard will start removing files of
Kaspersky Inspector from your hard drive (figure 16).

If during the process of removal the wizard detects a file that can be
used by some other program on your computer, the wizard window
asking you to confirm deletion of this file will appear on your screen
(figure 17). To delete the given file click the Yes button in the
window.

Figure 15. The wizard window asking to confirm the program

removal

28

KASPERSKY ANTI-VIRUS

Figure 16. The Setup Status wizard window

Figure 17. The wizard window asking to confirm the file deletion

29

INSTALLING KASPERSKY INSPECTOR

2.3. The .KEY File

The file with .KEY extension is supplied with the Kaspersky
Inspector distribution kit. This file is a kind of your personal key that
contains the following housekeeping data which is required in order
for your Kaspersky Inspector to work correctly:

 contact information of your Kaspersky Inspector vendor

(company name, address, phone numbers);

 contact information of the Help Desk;

 the software product release date;

 validation that the program is a registered copy;

 expiry date of your Kaspersky Inspector user license.

 If no *.KEY file present in the directory where you installed

Kaspersky Inspector, the program will be running as a
demo version, what means that it will be not able to delete
viruses from infected files.

 You must keep your *.KEY file safe. In order to protect

your *.KEY file it is strongly recommended that you back it
up.

30