PCjs Machines

Home of the original IBM PC emulator for browsers.


PC-SIG Diskette Library (Disk #1119)

[PCjs Machine "ibm5170"]

Waiting for machine "ibm5170" to load....


Many computer users are now worried about how they can protect
themselves from the viruses and trojan horses that are out there -- just
waiting to attack an unsuspecting system.

Here's a disk full of programs to help you in that fight.  One of the
programs lets you write-protect your hard disk before you try any new
software, thus keeping viruses off it.

FLUSHOT+ lets you write-protect entire classes of files, such as all
your files ending with .EXE or .COM.  It also lets you check individual
files for problems, keeps track of these files, and tells you if
anything has changed when you check them a second time.  FLUSHOT+ even
tells you when a program has inserted something into a memory-resident
mode, thus alerting you to the kind of viruses that wait in memory
before they strike.

A second program, HDSENTRY, sets itself up in memory and monitors all
commands sent to the hard drive of your system.  If the command is
potentially harmful, such as attempting to write to the drive or to
erase a file, HDSENTRY intercepts the command and prompts you for


110 COLOR 7,0
120 WIDTH 80
130 SCREEN 0,0,0
140 CLS
150 PRINT "A Simple File Cryption Program in BASIC"
160 PRINT "Written by Dan Gookin, Copyright (c) TAB Books"
180 PRINT "Will you be <D>ecrypting or <E>ncrypting? (D or E): ";
190 B$ = INPUT$(1)
200 B$ = CHR$(ASC(B$) AND 95)
210 IF B$><"E" AND B$><"D" GOTO 190
230 PRINT B$
250 LINE INPUT "Enter the INPUT file: ";FILEIN$
260 LINE INPUT "Enter the OUTPUT file: ";FILEOUT$
280 LINE INPUT "Enter the keyword pattern: ";KEYWORD$
300 IF KEY.LEN = 0 THEN 280
320 REM ******************************
330 REM Entryption/Decryption routines
340 REM ******************************
380     IF EOF(1) THEN 460
390     D$ = MID$(KEYWORD$,X,1)
400     A$=INPUT$(1,1)
410		ON INSTR("DE",B$) GOSUB 480,510
420     PRINT#2,C$;
430     PRINT C$;
440 NEXT X
450 GOTO 370
470 END
475 REM ******************************
480 REM Decrypt it:
490 C$ = CHR$((ASC(A$)-ASC(D$)) MOD 255)
510 REM Encrypt it:
520 C$ = CHR$((ASC(A$)+ASC(D$)) MOD 255)


                      Disk Tool -- Disk Management Utility
                            User's Guide To Operation
                                  Version 1.0A

                                  July 24, 1986

        Copyright (c) 1986 by R. P. Gage, all rights reserved.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 1

                        T A B L E   O F   C O N T E N T S


             Purpose of Disk Tool ...................................  3

             System Requirements ....................................  4

             Conventions Used .......................................  5
             Functions ..............................................  6

                  ALTER          Modify the attributes of files .....  8
                  CHANGE         Change the current working drive ... 10

                  DISK           View and/or edit the current drive . 11

                  ERASE          Erase files on the current drive ... 14

                  FILE           View and/or edit a file on the drive 15

                  LOCATE         Look for matching files on the drive 16
                  RENAME         Rename files on the current drive .. 17

                  QUIT           End Disk Tool and return to DOS .... 18

             Appendix A     Known limitations ....................... 19

             Appendix B     Error Messages .......................... 20

             Appendix C     Program Notes ........................... 23
             Appendix D     Disclaimer .............................. 24

             Appendix E     WARNING ! ............................... 25

             Appendix F     Shareware ............................... 26

        Disk Tool -- Disk Management Utility, version 1.0A        Page 2

                     P U R P O S E   O F   D I S K   T O O L

             Disk  Tool allows you to look at and make changes to what is 
        stored on your DOS disks.   It gives you the ability to work with 
        individual  files  or the disk as a whole and  lets  you  perform 
        operations that DOS usually isn't able to provide.  Generally, it 
        lets you manipulate everything on your disks easily and with very 
        few restrictions.

             The current version of Disk Tool, version 1.0A, provides the 
        following functions:

             --   access  any DOS disk available:   any size floppy,  any 
                  size  hard disk (up to 32MB),  and any sized RAM  disk; 
                  all with any allowable sector size (128,  256,  or  512 

             --   edit the disk,  on a sector basis, allowing full access 
                  in  a  sequential  or random manner  to  any  available 
                  sector on the disk.   The sector number being edited is 
                  displayed at all times.

             --   edit any file on the disk,  on a sector basis, allowing 
                  full  access  in a sequential or random manner  to  any 
                  sector in the file.   The relative sector number within 
                  the file is displayed at all times. 

             --   change  all of the file attributes for any file on  the 
                  disk.   This includes R/O,  Hidden,  System and Archive 
                  status as well as the file's date and time of creation.

             --   find  any  file  on the disk matching an  ambiguous  or 
                  unambiguous file specification.  (ie. *.BAT or WS.COM).

             --   rename any file on the disk.

             --   erase any file on the disk.

             --   all  file  operations allow full access to ANY file  in 
                  ANY subdirectory.  The status of a file or subdirectory 
                  is irrelevant.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 3

                      S Y S T E M   R E Q U I R E M E N T S

             Disk  Tool was written using TURBO Pascal 3.0.   To run,  it 
        requires  an  IBM PC/XT/AT or true  compatible  computer  running 
        under  DOS  Version  2.0 or later with at least  128K  memory,  a 
        monitor using a Monochrome or Color/Graphics display  card,  and, 
        at a minimum, one floppy disk drive.

             In  addition,  Disk Tool can make use of more memory (if  it 
        needs it) and more disk drives (360K or 1.2MB floppy drives, hard 
        disks,  or  RAM disks).   More memory is usually only required if 
        you  are using Disk Tool with a hard disk that contains a lot  of 
        files and sub-directories.

             Currently,  Disk Tool has successfully run under the TopView 
        and  WINDOWS operating environments.   In both cases,  Disk  Tool 
        runs  in  a separate window allowing simultaneous use with  other 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 4

                         C O N V E N T I O N S   U S E D 

             The  conventions used in this document refer mainly  to  the 
        description  of  function  keys.   Each  function  key,  wherever 
        possible,  is  described by the word or lettering that appears on 
        the key.  Where this is not possible, the key is described by its 
        function and is surrounded in brackets.  

             The names I use for these keys and their descriptions are:

             Home           the Home key (key 7) on the numeric keyboard
             End            the End key (key 1) on the numeric keyboard
             Enter          the enter or return key
             Esc            the escape key (wherever it is located)
             F1             function key one
             F2             function key two
             F3             function key three
             F4             function key four
             F5             function key five
             F6             function key six
             F7             function key seven
             F8             function key eight
             F9             function key nine
             F10            function key ten
             Ins            the Ins (key 0) on the numeric keyboard
             PgDn           the PgDn key (key 3) on the numeric keyboard
             PgUp           the PgUp key (key 9) on the numeric keyboard
             Tab            the tab key
             <UP>           the up arrow key on the numeric keyboard
             <DOWN>         the down arrow key on the numeric keyboard
             <LEFT>         the left arrow key on the numeric keyboard
             <RIGHT>        the right arrow key on the numeric keyboard

             Additionally,  the program itself uses brackets around a key 
        name  whenever it tells you to press a key.   An example of  this 
        exists in the main menu where,  in part, a line states, "... then 
        pressing <ENTER>."  This wording,  where used, means to press the 
        enter key and not the letters,  <, E, N, T, E, R, and >.  The Esc 
        key  and Ins key are also referred to in the program in this  way 
        (ie., as <ESC> and <INS>). 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 5

                                F U N C T I O N S

             Disk  Tool  is started by typing "DT" from the  DOS  prompt.  
        Doing  so loads and runs Disk Tool without problem,  but the com-
        plete invocation for Disk Tool from the DOS prompt is:

             DT [ /DC] [ /DM] [ /DS] [ /DF] [d:]

             Each of the options, briefly described below, exist to force 
        Disk Tool to ignore what it has found out about your computer and 
        accept  what you really want.   All of the functions must have  a 
        space in front of the "/",  but the case and order of the options 
        is not important.
                  /DC       Display Color.  Makes Disk Tool display in a 
                            variety of colors, even if it has found a 
                            monochrome adapter installed. 

                  /DM       Display Monochrome.  Causes Disk Tool to 
                            display in two "colors".

                  /DS       Display Slow.  Forces Disk Tool to use DOS 
                            to display on the screen.  If Disk Tool is 
                            used in a windowing operating environment, 
                            this option may be necessary for Disk Tool to 
                            run in a window alongside other programs.

                  /DF       Display Fast.  Forces Disk Tool to use direct 
                            memory writes to display on the screen.  This 
                            is a lot faster than using DOS.

                  d:        Sets the current working drive to d:.  If d: 
                            is not a valid drive letter, Disk Tool sets 
                            the currently logged drive to the current 
                            working drive.

             Once  started,  the main menu is shown.   The information in 
        the  main menu includes the name of the program (Disk  Tool)  and 
        version number (1.0A), my copyright, MSDOS version number, amount 
        of  memory  available to DOS,  number of  drives,  logical  drive 
        letters,  current working drive, my name and address, and finally 
        the  functions available.   If any of this information is missing 
        or seems altered,  please inform me of that fact and  immediately 
        stop using that copy of of Disk Tool.

             Currently, there are eight functions available from the main 
        menu.  They are:

                  ALTER .... Modify the attributes of files. 
                  CHANGE ... Change the current working drive.
                  DISK ..... View and/or edit the current drive.
                  ERASE .... Erase files on the current drive.
                  FILE ..... View and/or edit a file on the drive.
                  LOCATE ... Look for matching files on the drive

        Disk Tool -- Disk Management Utility, version 1.0A        Page 6

                  RENAME ... Rename files on the current drive.
                  QUIT ..... End Disk Tool and return to DOS.

             These  functions are selected by moving the highlighted  bar 
        with  <UP> and <DOWN> and pressing Enter when the bar  highlights 
        the function you want to execute.   An alternative, easier method 
        of  selecting  a  function is to type the  first  letter  of  the 
        function name (A, C, D, E, F, L, R, or Q) and then press Enter.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 7

                    ALTER     Modify the attributes of files 

             Pressing  Enter when the ALTER function is highlighted gives 
        you the ability to change the attributes,  date, and time for any 
        file on the current working drive. 

             Once you have selected ALTER, Disk Tool checks to see if the 
        current  working drive's directory has been read into memory yet.  
        If it hasn't been read into memory, Disk Tool does so, displaying 
        the following message in the center of the screen.

                        Reading Directory Information...

             Reading  a disk's directory could be very quick or a  little 
        slow depending on how many files and directories are on the disk.  
        In  any case,  be patient and after a moment,  Disk Tool will  be 

             After  the entire directory is in memory,  using  the  <UP>, 
        <DOWN>,  PgUp,  PgDn,  Home, and End keys to move the highlighted 
        cursor,  select  the directory you want to use to get files from.  
        <UP> and <DOWN> move the highlighted bar to the previous and next 
        directory, respectively.  PgUp and PgDn move the bar up  and down 
        to the previous and next screen of  directories.   Finally,  Home 
        and End move the bar to the first and last directory.  

             Press Enter to accept the highlighted directory or press Esc 
        to abort and go back to the main menu.  If you don't have any sub 
        directories, all of this will be skipped.

              Then,  in a similar manner, select the initial file to work 

             When  a  file  has eventually been selected,  you  have  the 
        chance to change its attributes.  To change one of the attributes 
        (Read Only, Hidden, System, or Archive), move the highlighted bar 
        with  <UP> and <DOWN> and press Enter to toggle  the  highlighted 
        attribute on or off.  When an attribute is on, it is set or in an 
        active state.

             Changing  the  time or date is a little different,  but  not 
        enough to make it painful.   Once the highlighted bar is over the 
        date or time field,  press any key to tell Disk Tool you want  to 
        change the contents of that field.

             Upon pressing any key,  you should notice the presence of  a 
        cursor  within the highlighted bar.   You can now type in the new 
        date  or  time (only valid numbers are accepted),  and  move  the 
        cursor to a different place using <LEFT> and  <RIGHT>.   Pressing 
        <UP>, <DOWN>, or Enter ends your changes to the date or time.
             When  you are not actually editing the date or time  fields, 
        pressing  <LEFT> or <RIGHT> changes the file you are working with 
        to the previous or next file in the directory, respectively.  

        Disk Tool -- Disk Management Utility, version 1.0A        Page 8

             When  the  file is changed in this manner,  any changes  you 
        made to the previous file ARE NOT SAVED.  To save changes made to 
        a file's attributes,  date, and time, press the Ins key.  An easy 
        way  to tell if you have saved a file's attributes is to  compare 
        the "Present Attributes" column with the "New Attributes" column.  
        After pressing Ins, they are identical.

             When  you have had enough of changing  attributes,  pressing 
        Esc will let you leave the ALTER function.  After doing this, you 
        are  presented the ever familiar main menu and can continue  from 
        there as usual.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 9

                   CHANGE     Change the current working drive

             Pressing Enter with the CHANGE function selected opens up  a 
        window on the screen showing something similar to:

                          Enter a letter from A to E to
                            change the current drive.
                              Press <ESC> to abort

             To change the current working drive,  do as it says and type 
        a letter in the range shown.  In this example, you could type any 
        of the letters A, B, C, D, or E.  Pressing anything else will not 
        be accepted.  

             Once you press one of the valid letters, all stored informa-
        tion  on the current working drive will be cleared,  forcing Disk 
        Tool to start from scratch on the next disk read.

             If  you selected CHANGE by mistake,  you can abort the func-
        tion by pressing Esc.  Doing so will keep Disk Tool from clearing 
        all stored information on the current drive. 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 10

                   DISK     View and/or edit the current drive

             For  those who have a need or want to see and change what is 
        actually  stored  on  their disks,  at a  byte  level,  the  DISK 
        function provides that capability.

             When DISK is highlighted,  press Enter and Disk Tool will go 
        to the first sector on the disk in the current working drive  and 
        display  it in both hex and ASCII coded formats.   If you  select 
        DISK  after previously editing the disk,  (ie,  selecting DISK  a 
        second  time  on the same disk) Disk Tool will return you to  the 
        last sector you were editing, not the first sector on the disk.

             Once you begin editing the disk, a variety of function keys, 
        arrow  keys,  and  movement keys,  and others  become  effective.  
        These keys are all described below.  

             F1        Help.  Hitting F1 any time while editing the disk 
                       will display a screen summarizing the functions of 
                       specific keys.  Getting help will not cause any 
                       changes previously made to be lost, so you can ask 
                       for help at any time freely.

             F2        Go to a sector.  F2 gives you the ability to go 
                       randomly to any allowable sector on the disk.  
                       After you press F2, a window will be shown on the 
                       screen.  Then, you can enter a number in the range 
                       shown, or press Esc to abort that function and 
                       remain at the sector you are currently at.

             F3        Go to start of disk.  Anytime that F3 is pressed, 
                       Disk Tool will immediately go to the first sector 
                       of the disk, without question.

             F4        Go to end of disk.  Like F3, when F4 is pressed, 
                       Disk Tool will go to the last available sector on 
                       the disk.

             F5        Edit hex display.  Pressing F5 will cause the 
                       blinking cursor to jump over to the hex side of 
                       the display.  The cursor will stay at the same 
                       point in the sector that it was at previously, it 
                       will just go over to the hex side.

             F6        Edit ASCII display.  F6 will, similarly, cause the 
                       cursor to jump over to the ASCII side of the 
                       display, remaining at the same point within the 
                       sector being edited. 

             F7 - F9   not used

             F10       Press F10, and Disk Tool will bring you back to 
                       the main menu, leaving DISK. 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 11

             <UP>      Move up.  Pressing <UP>, the up arrow, will move 
                       the cursor up one line in the sector.  If you are 
                       at the first line, the cursor will wrap around to 
                       the last line in the sector.

             <DOWN>    Move down.  <DOWN>, the down arrow, will move the 
                       cursor down one line within the sector.  When the 
                       cursor is at the last line, <DOWN> will cause the 
                       cursor to wrap around to the first line.

             <RIGHT>   Move right.  Yes, <RIGHT>, the right arrow key, 
                       will make the cursor move to the right.  When you 
                       are at the last character (or byte) in a line, 
                       <RIGHT> will move the cursor to the the first 
                       character (or byte) in the next line.

             <LEFT>    Move left.  <LEFT>, the left arrow, will move the 
                       cursor to the left.  When the cursor is at the 
                       first character and <LEFT> is pressed, the cursor 
                       will wrap around to the last character in the line 
                       above the current line.

             PgUp      Go forwards.  Hitting PgUp will make Disk Tool 
                       advance and display the next sector available on 
                       the disk, making it the current sector being 
                       edited.  If you are already at the last sector, 
                       PgUp will wrap around to the first sector on the 

             PgDn      Go backwards.  PgDn causes Disk Tool to go 
                       backwards one sector, making the previous sector 
                       on the disk the current sector being edited.  When 
                       the current sector is the first sector, PgDn will 
                       wrap around to the last sector on the disk.

             Home      Reread sector.  Pressing Home will cause Disk Tool 
                       to reread the current sector.  There are two 
                       reasons why you might want to do this.  The first 
                       is to try to read a sector when an error happened 
                       on the first try.  The other reason is to get a 
                       fresh copy of the sector to edit, when you have 
                       made too many unwanted changes to the sector.  
                       When Home is pressed, Disk Tool will erase 
                       whatever changes you made and display a new 
                       working copy of the current sector.

             End       Write sector.  End is the only way any changes 
                       made will get saved.  If you move to another 
                       sector and forget to write it first, all changes 
                       made to the previous sector will be lost.  Disk 
                       Tool doesn't remind (harass) you about writing any 
                       changes.  If you forget to write a sector, it 
                       won't be changed, simply put.  

             At all times while editing,  the actual sector number edited 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 12

        is  displayed  at the bottom of the  screen.   The  first  sector 
        number for a disk is always 1, and the last sector number depends 
        on the format and capacity of the disk you are working with.

             Making  a change to any sector is relatively  easy.   First, 
        find  or go to the sector you want to edit.   Move the cursor  to 
        the place you want to change something, then type in the changes.  
        Changes are discriminated from what was previously in the  sector 
        by being highlighted.  

             Any  character,  all 255 of them,  can be entered while  the 
        cursor  is in the ASCII part of the display,  but only valid  hex 
        characters  can be entered while the cursor is on the hex side of 
        the display.  This causes an interesting problem for those of you 
        who are used to making corrections with the backspace key.   That 
        method  of correcting errors doesn't work with Disk Tool,  it  is 
        just  accepted as another character and processed as normal.   To 
        make  a correction,  you have to move the cursor with <LEFT>  and 
        type in the correction.  

        Disk Tool -- Disk Management Utility, version 1.0A        Page 13

                   ERASE     Erase files on the current drive

             This  function  is  used to erase any file  on  the  current 
        working drive.   Since Disk Tool doesn't use DOS to erase  files, 
        you can erase any file, even if it is supposed to be read only or 
        hidden.   The  particular  status  of any file doesn't  make  any 

             After  you have selected ERASE,  choose the directory to get 
        files  from then the initial file to erase.   Since this  is  the 
        same process as described for the ALTER function, you could refer 
        to that section for help.   Again, press Esc if you want to abort 
        and go back to the main menu.

             When a file is selected,  the screen clears and you will see 
        something similar to what is shown below.

                    The file, "OLD-FILE.NAM" will be deleted.
                      Press 'Y' to delete the file.
                      Press 'S' to skip deleting this file.
                      Press <ESC> to abort and exit.

             If  you now press 'Y',  the file OLD-FILE.NAM will be erased 
        from  the disk.   Pressing 'S' (or 'N') will not erase the  file.  
        Hitting Esc will put you back at the main menu.

             Upon  pressing 'Y' or 'S',  Disk Tool does its work and then 
        returns you to the file selection screen for the chance to select 
        another file to erase.  It will repeat doing this until there are 
        no files left in the directory or you eventually press Esc.  

        Disk Tool -- Disk Management Utility, version 1.0A        Page 14

                  FILE    View and/or edit a file on the drive

             The FILE function is almost identical to the DISK  function.  
        The main difference is that FILE gives you the ability to see and 
        edit only what is in a file and not the entire disk.

             Press Enter when FILE is highlighted,  select the  directory 
        to get files from to edit, and then get the initial file to edit.  
        Look  at what is described in ALTER for assistance in getting the 
        initial file.  Press Esc to return to the main menu. 

             After a file is selected, you should be looking at the first 
        sector in the file,  ready to edit it.   All function keys, arrow 
        keys,  movement keys, and other keys act the same way as they did 
        in DISK,  with a few minor differences,  described briefly below.  
        Except  for what is described below,  you should read and  follow 
        what is said in the description for DISK.

             F2        Go to a sector.  Pressing the F2 key will still 
                       let you go randomly to any sector, but only to 
                       sectors within the file.  

             F3        Go to start of file.  F3 will go to the start 
                       (first sector) of the file instead of the first 
                       sector on the disk.

             F4        Go to end of file.  Similar to F3, F4 goes to the 
                       end of the file (its last sector) instead of the 
                       end of the disk.

             PgUp      Go forwards.  Pressing PgUp will advance the 
                       relative sector to the next sector in the file.  
                       It won't wrap around to the first sector if you 
                       are at the last sector in the file, but will 
                       remain at the last sector.

             PgDn      Go backwards.  PgDn will go backwards in the file 
                       to the previous sector in it.  If you are already 
                       at the first sector in the file, hitting PgDn will 
                       not wrap around to the last sector, but will 
                       leave you at the first sector.

             At all times while editing, the relative sector number being 
        edited  will be displayed,  not the actual  sector  number.   The 
        first  relative sector number for a file is always 1,  no  matter 
        where the start of the file physically is.

             Like DISK, pressing F10 will return you to the main menu.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 15

                 LOCATE     Look for matching files on the drive

             All  to often,  users of hard disks have several copies of a 
        file in different places,  don't know where a file is located, or 
        just want to look at all files on the disk.   The LOCATE function 
        helps out those users by finding and displaying all files on  the 
        current drive that match any given specification.

             When  ALTER is chosen,  the screen clears,  displays a  few 
        lines of help, and gives you the prompt:
                              Filename:  *       .*

             Now,  enter the file(s) you want to look for.  The wildcards 
        ?  and  * can be used as they would be with DOS,  anywhere within 
        the  name  to match any character and all  characters  from  that 
        point on,  respectively.   <LEFT> and <RIGHT> can be used to move 
        the  cursor to a specific place in the name,  and changes made at 
        that place.   Additionally,  pressing Tab will make the cursor go 
        from the filename part to the extension part of the name and vice 
        versa.   When the file to look for has been entered, press Enter.  
        Hitting Esc returns you to the main menu. 

             After Enter has been pressed,  Disk Tool displays all  files 
        matching  what  was typed (reading the directory  if  necessary), 
        pausing at the end of every screenfull of files.   Note that  all 
        I said all files matching what was typed.  Disk Tool will display 
        a file even if it has a hidden or system status. 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 16

                  RENAME     Rename files on the current drive 

             The  RENAME  function  is  used to rename any  file  on  the 
        current  working  drive.   Because Disk Tool goes around  DOS  to 
        rename files, you can rename any file, even if it has a hidden or 
        system  status.   The status of any file isn't important to  Disk 
        Tool.   The  difference between the RENAME function and  the  DOS 
        rename  is  that  RENAME can only rename one file at a  time  and 
        cannot be used with wildcards.

             Once  RENAME  has been selected,  pick the directory to  get 
        files from and then a file to rename.   See the ALTER  function's 
        description  for an explanation on doing this.   Press Esc if you 
        decide  at  some point that you don't want to  rename  files  and 
        you'll be returned to the main menu.

             After  you  selected a file,  the screen will clear and  you 
        will be asked for the new name for the file.   If you were trying 
        to rename "OLD-FILE.NAM," the screen would show, (in part): 

                             Filename:  OLD-FILE.NAM

             Now,  enter the new name for the file,  typing over the  old 
        name.   <LEFT>  and <RIGHT> can be used to move the cursor to any 
        point in the old name to make changes.   Tab will move the cursor 
        from  the  name part to the extension part of the name  and  vice 
        versa.   When you have changed the name to what you desire, press 
        Enter and you will see:

           The file, "OLD-FILE.NAM" will be renamed to "NEW-FILE.NAM"
                      Press 'Y' to rename the file.
                      Press 'R' to re-enter the new file name.
                      Press 'S' to skip renaming this file.
                      Press <ESC> to abort and exit.

             Pressing  'Y' at this point will rename the file to the  new 
        name you typed in.   If you pressed 'S' (or 'N'),  the file won't 
        be  erased  and  you will be allowed to select  another  file  to 
        rename.   'R'  will show you the "Filename:" prompt shown  above, 
        letting you change the name again and try again.  Hitting Esc, as 
        usual, will bring you back to the main menu.

             Before  going off,  confident about RENAME,  there are a few 
        notes to it.  First, the new name must be typed in exactly as you 
        want  to see it appear in the directory.   You may have  to  type 
        over previous characters with spaces if necessary.   Also, if you 
        leave  leading  or embedded spaces in the filename  or  extension 
        part  of the name,  DOS will have a difficult time accessing  the 
        file from that point on.  It can still be used in a few instances 
        from  DOS (and always from Disk Tool),  but a little trickery  is 
        involved.   Doing  this (leaving spaces in the name) is permitted 
        in  Disk  Tool because you might want to make a  file  harder  to 
        access.  Embedding spaces in a name is definitely one way to make 
        a file harder to access. 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 17

                    QUIT     End Disk Tool and return to DOS

             Selecting  QUIT  from the main menu stops the  execution  of 
        Disk Tool and return you to DOS (or other operating  environment, 
        if applicable).   It returns to the same drive and directory that 
        you  started in,  unless of course you changed the disk that  you 
        started from.

             QUIT  has a synonym that can be used if you like.   Pressing 
        Esc while in the main menu also quits the program after confirma-
        tion.   This is no shorter than pressing "Q <ENTER>",  but it  is 
        included  to  be consistent with the exit command of  other  fun-
        ctions.  When you press Esc, you'll see the message:

                   Do you really want to exit Disk Tool? (Y/N)

             If you enter anything other than 'Y', Disk Tool continues to 
        run  as  if nothing happened,  waiting patiently  for  your  next 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 18

                               A P P E N D I X   A

                                Known Limitations 

             In  the current version of Disk Tool,  there are three known 
        limitations,  all of which should only affect a small minority of 
        the people using it.   These limitations deal with memory  usage, 
        floppy disk formats, and hard disk formats.

             First,  Disk Tool is potentially a memory hog.   When a file 
        has  to be accessed for any function,  Disk Tool checks to see if 
        the disk directory has been read yet.   If it hasn't,  Disk  Tool 
        goes  ahead  and reads the disk's entire directory,  keeping  ALL 
        files  and ALL directory names in memory.   For those people  who 
        have a small amount of memory and a tremendous amount of files on 
        a hard disk, I am sorry, but you may be out of luck.  Should Disk 
        Tool run out of memory reading a directory, it will abort.  Plain 
        and simple.  

             Internally,  each file consumes 39 bytes and each  directory 
        33 bytes.  On my hard disk, I have on the average about 600 files 
        and 40 sub directories.  Doing a few calculations, this turns out 
        to  require less than 25K of memory on top what Disk Tool already 
        uses.   The bottom line is that,  in my normal use,  I need  less 
        than 90K of free memory to run Disk Tool.  Users with fewer files 
        naturally  would  need  less memory while those with  more  files 
        would need more.

             The second limitation deals with floppy disk formats, and is 
        more  of  a bug I have not worked out than anything  else.   When 
        physically  switching between floppy disks of  differing  formats 
        (like between a 320K and a 360K disk,  or more commonly,  a 1.2MB 
        and 360K disk),  Disk Tool isn't always aware of this,  and still 
        thinks that you are using the previous format when you aren't.  A 
        workaround for this problem is to,  whenever switching formats in 
        a  floppy  drive,  exit  Disk Tool and log onto the new  disk  by 
        typing "Dir A:" or something similar.   When you rerun Disk  Tool 
        again, everything will work well and without problems.

             Finally,  Disk Tool only supports hard disks with 128,  256, 
        or  512 byte sectors.   I say that it only supports those  sector 
        sizes because it hasn't been tried with anything but  those.   It 
        also  only  works with hard disks of up to 32MB capacity,  a  DOS 
        limitation, not mine.  If someone out there with a huge hard disk 
        tries Disk Tool on it and finds that it works as "advertised,"  I 
        would be very happy and like to hear about it.  Anyone wanting to 
        donate  a drive of the same magnitude to me so I could adapt Disk 
        Tool to it would be greatly (and publicly) applauded.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 19

                               A P P E N D I X   B

                                 Error Messages

             This  appendix  contains  a list of the error  messages  you 
        might encounter while running Disk Tool and brief descriptions of 
        what they mean.  The types of error messages are broken down into 
        three categories:  program errors, disk errors, and your errors.

             Program  errors deal with something going wrong within  Disk 
        Tool,  or  something happening that it couldn't deal  with.   All 
        program  errors result in the screen being cleared and a  message 
        displayed  at the top of the screen stating that  something  went 

             The  most common (and hopefully only) program error concerns 
        running out of memory.   If Disk Tool isn't able to read a disk's 
        entire  directory into memory,  it displays the  following  error 
        message at the top of the screen:

                    Disk Tool, version 1.0A is out of memory.  

             There  are several solutions to this error.   First,  if you 
        don't have a full 640K of memory installed in your computer,  the 
        easiest remedy is to purchase and install more memory.   If  more 
        memory  is  not a solution for you (you already  have  640K,  you 
        don't have enough $,  etc.),  removing a few memory resident pro-
        grams,  rebooting,  and trying again is an alternative.  Finally, 
        if  you  are running in a multi-tasking  environment,  allocating 
        more  minimum memory to Disk Tool in its .PIF file or  equivalent 
        should help out.

             In  all  reality,  most users will never run out of  memory.  
        Never.   Those few who have thousands of files on a hard disk are 
        the ones that may encounter a problem.

             The next and only other program error message is a catch all 
        for  anything  unexpected going wrong.   When Disk Tool  stumbles 
        somewhere, it shows the following error message:

                          Oops, an unexpected error ...

             This  is  only the beginning of  the  error  message.   What 
        follows  is the error number,  the location in the program  where 
        the  problem happened,  and if possible a general description  of 
        the error.   If you ever get this error, please write down every-
        thing  that Disk Tool prints out and inform me of it.   In  doing 
        so,  please  try to include as much information on what you  were 
        doing  when the error happened.   It will help me to rid the pro-
        gram of the error.

             Program  errors  take  the easy  out  -- they  abort.   Disk 
        errors, on the other hand cause Disk Tool to open a window on the 
        screen and if possible,  continue where it can.   If a disk error 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 20

        occurs  while Disk Tool is reading a directory,  Disk Tool  exits 
        whatever  function you were trying to execute and returns to  the 
        main menu.   Disk errors that occur elsewhere leave you where you 
        were  in  the  appropriate  function  when  the  error  happened, 
        possibly not reading or writing to the disk as you wanted to.

             All  disk errors dealing with the disk itself start with the 
        following message appearing as the first line in a window  opened 
        in the middle of the screen.

                                 > Disk Error! <

             Following  that line is one of the following error  messages 
        describing what went wrong:

                         A general disk error happened.   
                            Error during a disk read.      
                           Error during a disk write.     
                        Bad sector -- not found on disk.  
                              Unknown disk format.         
                             Error during disk seek.       
                         CRC error -- bad parity check.   
                        Disk not ready (door open, etc).  
                              Invalid drive number.        
                          The disk is write protected.     
                                  Bad Request.            

             To avoid going into a lengthy description on what each error 
        message means, I'll describe a few more common types of errors.  

             Hard  disks and many "copy protected" floppy disks  commonly 
        have  a few "bad" sectors.   If you run across one of  these  bad 
        sectors  while using the DISK function,  Disk Tool tells you  so, 
        but it is no cause for concern.  If you come across an error when 
        editing a file using FILE,  there is a lot of reason for concern.  
        It  would be much to your advantage to try to make a copy of that 
        file as soon as possible,  even though it may be too late to save 
        the entire file.

             The next most common problem is running Disk Tool on non-DOS 
        disks.  Remember that Disk Tool is intended for use with ONLY DOS 
        DISKS.   Yes, this means that you won't be able to look at what's 
        on  disks  from other operating systems nor  a lot of game  disks 
        that have to be booted to work.

             As with everything however,  there is an exception to  this.  
        I  briefly  tried  one disk emulation program  that  worked  well 
        enough  on  a  non-DOS disk to allow me to use  several  of  Disk 
        Tool's  functions on it without a problem.   I suggest only using 
        the functions DISK and FILE if you do this though.  I am not sure 
        that the other functions would operate as intended.

             Also,  remember  that  Disk  Tool can't access a  disk  that 
        doesn't  exist.   Users  with two floppy disk drives and  no  RAM 
        disks won't be able to access drives C,  D,  and E no matter  how 

        Disk Tool -- Disk Management Utility, version 1.0A        Page 21

        much they try.   Disk Tool reports a variety of errors if you try 
        to access a non-existent drive.

             The  next type of disk error shows up a lot  when  accessing 
        damaged  and non-DOS disks.   If Disk Tool finds that the FAT  id 
        byte  isn't  one of the several valid ones when trying to read  a 
        directory, it shows the following message in a window:

                         The disk ID byte appears to be
                                damaged or wrong.

             If  you know the disk was damaged,  what the id byte  should 
        be,  and the correct location to put it,  you can try to edit the 
        disk  using  the DISK function and make an attempt to reread  the 

             Following the errors dealing with Disk Tool itself and  your 
        disks  are  the errors due to your actions.   These messages  are 
        more informative than anything else, and nothing is affected when 
        you see one of these messages.

             The following error message can happen in the ALTER,  ERASE, 
        and RENAME functions.  Before Disk Tool changes a directory entry 
        for a file,  it checks to make sure that the file is in the place 
        it  expects it to be.   If you see the error message,  Disk  Tool 
        couldn't find the file in the place it thought it was  in.   This 
        basically means, as the message states, that you probably changed 
        disks  somewhere along the line and forgot to CHANGE the  current 
        drive letting Disk Tool know you did this.

                        File "OLD-FILE.NAM" was not found
                         You might have switched disks.

             Note  that  the word OLD-FILE.NAM refers to a file  on  your 
        disk,  while  the words NEW-FILE.NAM and NEW-FIL?.* refer to  new 
        file name that you typed in in response to a prompt.

             The next two error messages appear exclusively when you 
        are in the RENAME function.   The first message,  below, is shown 
        when  you try to rename a file to one that already exists in  the 
        current directory.   In this example,  the old file, OLD-FILE.NAM 
        has  been  attempted to be renamed to the new  file  NEW-FILE.NAM 
        when NEW-FILE.NAM is already a file in the directory.

                         File "OLD-FILE.NAM" cannot be
                         renamed to "NEW-FILE.NAM"; the
                         new file name already exists.

             The next error message below shows up when you try to rename 
        a  file to something ambiguous.   The characters '?' and '*'  are 
        allowed from DOS, but unfortunately not from within Disk Tool.

                         File "OLD-FILE.NAM" cannot be
                         renamed to "NEW-FIL?.*  "; '*'
                             and '?' aren't allowed.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 22

                               A P P E N D I X   C

                                  Program Notes

             Since Disk Tool was conceived less than a year ago,  it  has 
        gone through an almost complete circle of evolution.  It has been 
        rewritten  almost  entirely  several times to bring  it  to  this 
        point,  starting  as a simple routine to draw a box on the screen 
        and  mushrooming  into what you can see and  run  now.   The  box 
        drawing routine is no longer present in the code,  but it was the 
        reason why the program got started.  

             As  the model for Disk Tool,  I used various commercial  and 
        public domain utilities of the same type.   I picked out the best 
        or  most  useful  features from all of the programs  I  used  and 
        improved  upon  them  wherever I saw possible.   I hope  that  my 
        decisions on what is needed are similar to yours.

             I am open to receive ideas for inclusion in future  releases 
        of Disk Tool.   In fact,  I would rather implement other people's 
        ideas than mine.  

        Disk Tool -- Disk Management Utility, version 1.0A        Page 23

                               A P P E N D I X   D

             Both  Disk  Tool  and  this  documentation  are  distributed 
        without  any  express  or implied  warranties.   No  warranty  of 
        fitness for a particular purpose is offered.   You, the user, are 
        advised  to experiment and become familiar with Disk Tool  before 
        relying on it.   You assume all risk for the use and operation of 
        Disk Tool,  and you shall be responsible for any loss of profits, 
        loss  of  savings,  or other incidental or consequential  damages 
        arising  out of the use or failure to use Disk Tool,  even  if  I 
        have  been advised of the possibility of such damages.   I do not 
        warrant  that this documentation is accurate,  or that Disk  Tool 
        operates as I have claimed or designed it to operate.  

             By using Disk Tool, you agree to the above limitations.

             IBM  is  a registered trademark  of  International  Business 
        Machines Corporation.

             MSDOS is a trademark of Microsoft Corporation.

             TURBO Pascal is a trademark of Borland International, Inc.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 24

                               A P P E N D I X   E

                                    WARNING !

             BEFORE  doing  any work with Disk Tool,  I ask that you  are 
        conscious  of the power you posses when running it and  are  very 
        careful.   Disk Tool is able, purposefully or accidentally, to be 
        used to wipe out some very important parts of your disks.  If you 
        are  not well acquainted with the technical details of  different 
        disk  formats,  please  do not select the DISK  function  without 
        extreme care.  

             The areas that should be avoided unless absolutely necessary 
        are  the  boot record (the first sector),  the FAT (the next  few 
        sectors),  and  the directory.   Making blind changes in  any  of 
        these  areas  has  a  good possibility of  rendering  your  disks 
        useless.   If  you find a pertinent need to change one  of  these 
        areas,  it is a good idea to make a backup copy (with DISKCOPY or 
        something similar) or your disk before you begin. 

             Also  be cautious about where you get Disk Tool from and  of 
        any new versions.   Disk Tool,  before being released,  undergoes 
        extensive  testing.   I have taken every effort possible to  make 
        sure  most known bugs have been eliminated from the  program  and 
        that it functions properly when released.  

             A  problem  with a shareware distribution of Disk  Tool  may 
        arise  because  the source code to Disk Tool is  available.   Al-
        though I hope it never happens,  someone could easily modify  the 
        source  code  to produce a trojan horse type  of  program.   This 
        isn't  as far fetched as it may seem;  it happened in the  recent 
        past  with  the ARC program.   For that reason,  either  get  the 
        latest  release of Disk Tool from a very reliable source or  from 
        me directly.

        Disk Tool -- Disk Management Utility, version 1.0A        Page 25

                               A P P E N D I X   F


             Disk Tool is supported by the users that find it productive.  
        I  ask that,  if you have benefited in some way from Disk Tool or 
        make regular use of it,  you donate $20.00.  A person who donates 
        will  be given a legitimate copy of the program (see the  WARNING 
        in  appendix E) and documentation and will receive any  published 
        announcements of future releases of Disk Tool.

             The donation is not an optional matter if Disk Tool is  used 
        in a commercial environment.

             You  may make copies of the Disk Tool program and documenta-
        tion files for your own use,  and you may make copies to give  to 
        others.   If  the  program is given away,  I ask that no  fee  be 
        charged for the copy and that ALL of the files (program, documen-
        tation, and miscellaneous files) are distributed together, intact 
        and unmodified.

             The  source code is also available,  although is not in  any 
        way  to be freely distributed.   Anyone interested in the  source 
        code should inquire about that on an individual basis.

             Your  comments,   suggestions,   friendly  criticisms,   bug 
        reports,  and improvement ideas are welcome.   Please contact  me 
        ONLY at the address listed below.  

                      Disk Tool and this documentation are:

                              Copyright (c) 1986 by

                                   R. P. Gage
                               1125 6th St. N. #43
                               Columbus, MS  39701

        Disk Tool -- Disk Management Utility, version 1.0A        Page 26


                             FLU_SHOT+, Version 1.5

                            A Form of Protection from
                            Viral and Trojan Programs

                                Ross M. Greenberg
                            Software Concepts Design
                                594 Third Avenue
                            New York, New York 10016
                       BBS:(212)-889-6438 1200|2400|N/8/1

              FLUSHOT+ is a trademark of Software Concepts Design.
                Copyright (C), 1988 by Software Concepts Design.
                              All Rights Reserved.

        Not for Commercial Distribution without written permission by the
        copyright holder. Noncommercial copying of this software and this
        documentation is encouraged.  Commercial Distribution is easily
        defined: if you distribute this software, or the enclosed
        documentation, for more than your cost of such distribution, then
        you're a Commercial Distributor and require our written
        permission.  Not-for-profit organizations and computer user
        groups, and their bulletin board systems (if any) are
        specifically *not* considered commercial distributors.

        By your using this software, you agree to the terms herein. 
        Specifically, that you do not have the right to copy this
        software except as outlined above, and that you are granted a
        license to use this software only by registering this software as
        mentioned elsewhere in this document.

        You also agree, and signify that agreement by using this
        software, that Software Concepts Design and Ross M. Greenberg
        will not be held liable for any reason for any cost you may
        incur, or any potential income you might lose as a result of
        using this software.  Finally, this software is provided "AS IS",
        meaning that what you see is what you get.  If you use this
        software and a tree falls on your house, or your spouse leaves
        you for someone younger and more virile, please do not bother
        having your lawyer call -- it isn't the fault of the software, no
        matter what the lawyer tries to convince you!

        Table of Contents

        I.   Introduction
             a.   What is a Trojan.....................................1
             b.   What is a Virus......................................4
             c.   The Challenge to the Worm............................6

        II.  About the FLUSHOT Series
             a.   A Brief History......................................8
             b.   FLU_SHOT+ Features and Enhancements..................9
             c.   Registering FLU_SHOT+................................10
             d.   Site Licensing of FLU_SHOT+..........................10

        III. Using FLU_SHOT+

             a.   The FLUSHOT.DAT file.................................12
                  1.   Protecting files from Write Access..............13
                  2.   Protecting files from Read Access...............13
                  3.   Excluding files.................................13
                  4.   Checksumming files..............................14
                  5.   Registering a TSR program.......................15
                  6.   Restricted Access...............................15
                  7.   Protecting the FLUSHOT.DAT file.................16
                  8.   Protection Recommendations......................16
                  9.   Allowing "dangerous" programs to run............17

             b.   Running FLU_SHOT+....................................18
                  1.   Checksumming the in-memory table................18
                  2.   Intercepting Direct Disk Writes Through INT13...19
                  3.   What about INT26................................19
                  4.   Turning off the header message..................19
                  5.   Disabling Triggering on Open With Write Acces...19
                  6.   Changing the Trigger Window Attributes..........19
                  7.   Allowing trusted TSR's to work..................21
                  8.   Disabling FLU_SHOT+.............................21
                  9.   Disabling FLU_SHOT+ Toggle Display..............22
                 10.   Forcing FLU_SHOT+ to only use the BIOS..........22
                 10.   Defining the "Special" Keys.....................23
                 11.   Putting FLU_SHOT+ to sleep when run.............23

        IV.  Interpreting a FLU_SHOT+ Trigger..........................24

        V.   How Good is FLUSHOT+, Really?.............................29

        VI.  Reward Offered............................................31

        VII. Appendix..................................................33


        What is a Trojan?

        Back in the good old days (before there were computers), there
        was this bunch of soldiers who had no chance of beating a
        superior force or of even making it into their fortress.  They
        had this nifty idea:  present the other side with a gift.  Once
        the gift had been accepted, soldiers hiding within the gift would
        sneak out and overtake the enemy from within.

        We can only think of the intellectual giants of the day who would
        accept a gift large enough to house enemy soldiers without
        checking its contents.  Obviously, they had little opportunity to
        watch old WWII movies to see the same device used over and over
        again.  They probably wouldn't have appreciated Hogan's Heroes
        anyway.  No color TV's -- or at least not ones with reliable

        Consider the types of people who would be thrilled at the concept
        of owning their own rough hewn, large wooden horse!  Perhaps they
        wanted to be the first one on their block, or something silly
        like that.

        Anyway, you're all aware of the story of The Trojan Horse.

        Bringing ourselves a bit closer to the reality we've all grown to
        know and love, there's a modern day equivalent:  getting a gift
        from your BBS or user group which contains a little gem which
        will attack your hard disk, destroying whatever data it contains.

        In order to understand how a potentially useful program can cause
        such damage when corrupted by some misguided soul, it's useful to
        understand how your disk works, and how absurdly easy it is to
        cause damage to the data contained thereon.  So, a brief
        technical discussion of the operation of your disk is in order. 
        For those who aren't concerned, turn the page or something.

        Data is preserved on a disk in a variety of different physical
        ways having to do with how the data is encoding in the actual
        recording of that data. The actual *structure* of that data,
        however, is the same between MS-DOS machines.  Other operating
        systems have a different structure, but that doesn't concern us

        Each disk has a number of "tracks". These are sometimes called
        cylinders from the old type IBMer's.  These are the same people
        who call hard disks DASDs (Direct Access Storage Devices), so we
        can safely ignore their techno-speak, and just call them tracks. 
        Tracks can be thought of as the individual little grooves on an
        audio record, sort of.

        Anyway, each track is subdivided into a number of sectors.  Each
        track has the same number of sectors.  Tracks are numbered, as


        are sectors.  Any given area on the disk can be accessed if a
        request is made to read or write data into or out of Track-X,
        Sector Y.  The read or write command is given to the disk
        controller, which is an interface between the computer itself and
        the hard disk.  The controller figures out what commands to send
        to the hard disk,  the hard disk responds and the data is read or
        written as directed.

        The first track on the hard disk typically will contain a small
        program which is read from the hard disk and executed when you
        first power up your machine.  The power up sequence is called
        "booting" your machine, and therefore the first track is typical
        known as the "boot track".

        In order to read information from your disk in a logical
        sequence, there has to be some sort of index.  An unusual index
        method was selected for MS-DOS.  Imagine going to the card index
        in a library, looking up the title you desire, and getting a
        place in another index which tells you where on the racks where
        the book is stored.  Now, when you read the book, you discover
        that only the first chapter of the book is there.  In order to
        find the next chapter of the book, you have to go back to that
        middle index, which tells you where the next chapter is stored. 
        This process continues until you get to the end of the book. 
        Sounds pretty convoluted, right?  You bet!  However, this is
        pretty much how MS-DOS does its "cataloguing" of files.

        The directory structure of MS-DOS allows for you to look up an
        item called the "first cluster".  A cluster represents a set of
        contiguous ("touching or in contact" according to Random House)
        tracks and sectors.  It is the smallest amount of information
        which the file structure of MS-DOS knows how to read or write.

        Based on the first cluster number as stored in the directory, the
        first portion of a file can be read.  When the information
        contained therein is exhausted, MS-DOS goes to that secondary
        index for a pointer to the next cluster.  That index is called
        the File Allocation Table, commonly abbreviated to "FAT".  The
        FAT contains an entry for each cluster on the disk.  An FAT entry
        can have a few values: ones which indicate that the cluster is
        unused, another which indicates that the associated cluster has
        been damaged somehow and that it should be marked as a "bad
        cluster", and a pointer to the next cluster for a given file. 
        This allows for what is called a linked list:  once you start
        looking up clusters associated with a given file, each FAT entry
        tells you what the next cluster is.  At the end of the linked
        list is a special indicator which indicates that there are no
        more clusters associated with the file.

        There are actually two copies of the FAT stored on your disk, but
        no one really knows what the second copy was intended for. 
        Often, if the first copy of the FAT is corrupted for some reason,
        a clever programmer could recover information from the second
        copy to restore to the primary FAT.  These clever programmers can
        be called "hackers", and should not be confused with the thieves


        who break into computer systems and steal things, or the "worms"
        [Joanne Dow gets credit for *that* phrase!] who would get joy out
        of causing you heartache!

        But that heartache is exactly what can happen if the directory
        (which contains the pointer to the first cluster a file uses),
        the FAT (which contains that linked list to other areas on the
        disk which the file uses), or other areas of the disk get

        And that's what the little worms who create Trojan programs do: 
        they cause what at first appears to be a useful program to
        eventually corrupt the important parts of your disk.  This can be
        as simple as changing a few bytes of data, or can include wiping
        entire tracks clean.

        Not all programs which write to your hard disk are bad ones,
        obviously.  Your word processor, spreadsheet, database and
        utility programs have to write to the hard disk.  Some of the DOS
        programs (such as FORMAT), if used improperly, can also erase
        portions of your hard disk causing you massive amounts of grief. 
        You'd be surprised what damage the simple "DEL" command can do
        with just a simple typo.

        But, what defines a Trojan program is its delivery mechanism: the
        fact that you're running something you didn't expect.  Typical
        Trojan programs cause damage to your data, and were designed to
        do so by the worms who writhe in delight at causing this damage. 
        May they rot in hell -- a mind is a terrible thing to waste!

        Considering the personality required to cause such damage, you
        can rest assured that they have few friends, and even their
        mother doesn't like to be in the same room with them.  They sit
        back and chortle about the damage they do with a few other lowly
        worms.  This is their entire social universe. You should pity
        them.  I know that I do.



        What is a Virus?

        Trojan programs are but a delivery mechanism, as stated above. 
        They can be implemented in a clever manner, so that they only
        trigger the malicious part on a certain date, when your disk
        contains certain information or whatever.  However they're coded,
        though, they typically affect the disk only in a destructive
        manner once triggered.

        A new breed of programs has the capability of not only reserving
        malicious damage for a given event's occurrence, but of also
        replicating itself as well.

        This is what people refer to when they mention the term "Virus

        Typically, a virus will spread itself by replicating a portion of
        itself onto another program.  Later, when that normally safe
        program is run it will, in part, execute a set of instructions
        which will infect other programs and then potentially, trigger
        the Trojan portion of the program contained within the virus.

        The danger of the virus program is twofold. First, it contains a
        Trojan which will cause damage to your hard disk.  The second
        danger is the reason why everyone is busy building bomb shelters. 
        This danger is that the virus program will infect other programs
        and they in turn will infect other programs and so forth.  Since
        it can also infect programs on your floppy disks, you could
        unknowingly infect other machines!  Pretty dangerous stuff,

        Kenneth van Wyck, one of the computer folks over at Lehigh
        University, first brought a particular virus to the attention of
        the computer community.  This virus infects a program, which
        every MS-DOS computer must have, called COMMAND.COM.  This is the
        Command Line Interpreter and is the interface between your
        keyboard and the MS-DOS operating system itself.  Whatever you
        type at the C> prompt will be interpreted by it.

        Well, the virus subverts this intended function, causing the
        infection of neighboring COMMAND.COMs before continuing with
        normal functionality of the command you typed.  After a certain
        number of "infections", the Trojan aspect of the program goes
        off, causing you to lose data.

        The programmer was clever.  But still a worm.  And still
        deserving of contempt instead of respect.  Think of what good
        purposes the programmer could have put his or her talents to
        instead of creating this damage.  And consider what this
        programmer must do, in covering up what they've done.  They
        certainly can't tell anyone what they've accomplished. 
        Justifiable homicide comes to mind, but since the worms they must


        hang around are probably as disreputable as they are, they must
        hold their little creation a secret.

        A pity.  Hopefully, the worm is losing sleep.  Or getting a sore
        neck looking behind them wondering which of their "friends" are
        gonna turn them in for the reward I list towards the end of this



        The Challenge to the Worm

        When I first released a program to try to thwart their demented
        little efforts, I published this letter in the archive (still in
        the FLU_SHOT+ archive of which this is a part of).  What I say in
        it still holds:

                    As for the designer of the virus program: most
                    likely an impotent adolescent, incapable of
                    normal social relationships, and attempting to
                    prove their own worth to themselves through
                    these type of terrorist attacks.

                    Never succeeding in that task (or in any
                    other), since they have no worth, they will one
                    day take a look at themselves and what they've
                    done in their past, and kill themselves in
                    disgust.  This is a Good Thing, since it saves
                    the taxpayers' money which normally would be
                    wasted on therapy and treatment of this

                    If they *really* want a challenge, they'll try
                    to destroy *my* hard disk on my BBS, instead of
                    the disk of some innocent person.  I challenge
                    them to upload a virus or other Trojan horse to
                    my BBS that I can't disarm.  It is doubtful the
                    challenge will be taken: the profile of such a
                    person prohibits them from attacking those who
                    can fight back.  Alas, having a go with this 
                    lowlife would be amusing for the five minutes
                    it takes to disarm whatever they invent.

                    Go ahead, you good-for-nothing little
                    slimebucket:  make *my* day!

        Alas, somebody out there opted to do the cowardly thing and to
        use the FLUSHOT programs as a vehicle for wrecking still more
        destruction on people like you.  The FLUSHOT3 program was
        redistributed along with a companion program to aid you in
        reading the documentation.  It was renamed FLUSHOT4.  And the
        reader program was turned into a Trojan itself.

        I guess the programmer involved was too cowardly to take me up on
        my offer and prefers to hurt people not capable of fighting back. 
        I should have known that, I suppose, but I don't normally think
        of people who attack innocents. Normally, I think of people to
        respect, not people to pity, certainly not people who must cause
        such damage in order to "get off".

        They are below contempt, obviously, and can do little to help


        themselves out of the mire they live in.

        Still, a worm is a worm.


                                  About FLUSHOT

        A Brief History

        The original incarnation of FLU_SHOT was a quick hack done in my
        spare time.  It had a couple of bugs in it which caused it to
        trigger when it shouldn't, and a few conditions which I had to
        fix.  A strangeness in how COMMAND.COM processed certain
        conditions when I "failed" an operation caused people to lose
        more data than they had intended -- certainly not my intent!

        FLU_SHOT was modified and became FLUSHOT2.  It included some
        additional protections, protecting some other important system
        files, and protecting against direct disk writes which can be
        used to circumvent FLUSHOT's protection mechanisms.

        Additionally, FLUSHOT2 forced an exit of the program currently
        running instead of a fail condition when you indicated that an
        operation should not be carried out.

        FLUSHOT2 was also now distributed in the popular archive format
        (have you remembered to send your shareware check into Phil Katz
        for his efforts?  You really should.  It ain't that much money!).

        Next came FLUSHOT3. A bug was fixed which could have caused
        certain weird things when you denied direct disk I/O to certain
        portions of DOS 3.x.

        The enhancements to FLUSHOT3 included the ability to enter a 'G'
        when FLUSHOT was triggered.  This allowed FLUSHOT to become
        inactive until an exit was called by the foreground task.  So,
        when you used some trustworthy program which did direct disk I/O,
        you wouldn't be pestered with constant triggering after you enter
        the 'G'.  Primarily this was a quick hack to allow programs such
        as the FORMAT program to run without FLUSHOT being triggered each
        time it tried to do any work it was supposed to.


                                  About FLUSHOT

        FLU_SHOT+ Features and Enhancements

        This release of FLU_SHOT has a new name: FLU_SHOT+.  Because
        FLUSHOT4 was a Trojan, I opted to change the name.  Besides,
        FLU_SHOT+ is the result of some real effort on my part, instead
        of being a part-time quick hack.  I hope the effort shows.

        FLUSHOT is now table driven.  That table is in a file which I
        call FLUSHOT.DAT.  It exists in the root directory on your C:
        drive.  However, I'll advise you later on how to change its
        location so that a worm can't create a Trojan to modify that

        This file now allows you to write and/or read protect entire
        classes of programs.  This means that you can write protect from
        damage all of your *.COM, *.EXE, *.BAT, and *.SYS files.  You can
        read protect all of your *.BAT files so that a nasty program can
        not even determine what name you used for FLU_SHOT+ when you
        invoked it!

        Additionally, you can now automatically check programs when you
        first invoke FLU_SHOT+ to determine if they've changed since you
        last looked at them.  Called checksumming, it allows you to know
        immediately if one of the protected programs has been changed
        when you're not looking.  Additionally, this checksumming can
        even take place each time you load the program for execution.

        Also, FLU_SHOT+ will advise you when any program "goes TSR".  TSR
        stands for "Terminate and Stay Resident", allowing pop-ups and
        other useful programs to be created.  A worm could create a
        program which leaves a bit of slime behind.  Programs like
        Borland's SideKick program, a wonderful program and certainly not
        a Trojan or virus, is probably the best known TSR.   FLU_SHOT+
        will advise you if any program attempts to go TSR which you
        haven't already registered in your FLUSHOT.DAT file.

        Finally, FLU_SHOT+ will also now pop-up a little window in the
        middle of your screen when it gets triggered.  It also will more
        fully explain why it was triggered.  The pop-up window means that
        your screen won't get screwed up beyond recognition -- unless
        you're in graphics mode when it pops up.  Sorry, 'dems the

        This version, FLU_SHOT+, Version 1.5 has some other substantial
        improvements on the security side, has a couple of bug fixes here
        and there and is generally the same program - just a little more
        reliable, and a little more user friendly.  And, more closely
        attuned to what you, the user community, have asked me for.


                                  About FLUSHOT

        Registering FLU_SHOT+

        FLU_SHOT+ is not a free program.  You're encouraged to use it, to
        distribute it to your friends and co-workers.  If you end up not
        using it for some reason, let me know why and I'll see if I can
        do something about it in the next release.

        But, the right to use FLU_SHOT+ is contingent upon you paying for
        the right to use it.  I ask for ten dollars as a registration
        fee, plus four dollars to meet my costs for shipping, handling,
        and processing each order.  This entitles you to get informed
        when the next update is available, and to have someone available
        to help support you with any problem you might have with the
        program.  And it allows you to pay me, in part, for my labor in
        creating the entire FLU_SHOT series.  I don't expect to get my
        normal consulting rate or to get a return equal to that of other
        programs which I've developed and sell through more traditional
        channels.  That's not my intent, or I would have made FLU_SHOT+ a
        commercial program and you'd be paying lots more money for it.

        Some people are uncomfortable with the shareware concept, or
        believe that there ain't no such thing as Trojan or Virus
        programs, and that a person who profits from the distribution of
        a program such as FLU_SHOT must be in it for the money.  Although
        I sympathize with their feelings, I feel that a user of FLU_SHOT
        simply *must* pay for their usage of the program -- using it for
        free is paramount to stealing, and we know how wrong that is!

        I've created an alternative for these folks.  I'll call it
        "charityware" [first called that, to my knowledge, by Roedy
        Green].  You can also register FLU_SHOT+ by sending me a check
        for $10 made out to your favorite charity. And a check made out
        to me for $4 to handle my costs.  Be sure to include a stamped
        and addressed envelope.  I'll forward the monies onto them and
        register you fully.

        Of course, if you wish, you can send me a check for more than
        $14.  I'll cash it gladly (I'm no fool!).

        Site Licensing of FLU_SHOT+

        So, you run the computer department of a big corporation, you got
        a copy of FLU_SHOT+, decided it was wonderful and that it  did
        everything you wanted and sent in your ten bucks.  Then you
        distributed it to your 1000 users.

        Not what is intended by the shareware scheme.  *Each* site using
        FLU_SHOT+ should be registered.  That's ten bucks a site, me
        bucko!  Again, make the check out to charity if you're
        uncomfortable with the idea of a programmer actually deriving an


        income from their work.

        However, if you've really got 1000 computers, you should give me
        a call.  As much as I'd like to get $10 for each site, that
        wouldn't be fair to you.  So, quantity discounts are available.

        Here's out quantity discount schedule.  Remember to add in the
        four dollar charge for each order.

                  Quantity            Price Each
               ==============       ===============
                1 -  49                $10
               50 - 249                $ 9
              250 - 499                $ 7
              500+                     $ 6
              10,000+                No Charge

        Site licensee's get a "gold" disk, and make their own copies at
        their site, working on the honor system.  Each site license does
        require a separate agreement, so be sure to give us a call to
        work out the details.


                                 Using FLU_SHOT+

        The FLUSHOT.DAT file

        FLU_SHOT+ is table driven by the contents of the FLUSHOT.DAT
        file.  This file normally exists in the root directory of your C:
        drive (C:\FLUSHOT.DAT).

        A little later in this document you'll see how to disguise the
        data file name, making life tougher for the worms out there.  But
        for the purposes of this document, we'll assume that the file is
        called C:\FLUSHOT.DAT.

        The FLU_SHOT+ program will read this data file exactly once. It
        reads the data from the data file into memory and overwrites the
        name of the data file in so doing.  A little extra protection in
        hiding the name of the file.

        This data file contains a number of lines of text.  Each line of
        text is of the form:


        Command can be any one of the following characters:

             P    -    Write Protect the file named
             R    -    Read Protect the file named
             E    -    Exclude the file named from matching P or R lines
             T    -    The named file is a legitimate TSR
             C    -    Perform checksum operations on the file named

        The  filename can be an ambiguous file if you wish for all
        commands except the 'T' and 'C' commands.  This means that:


        will specify all COM files on your C: drive in the level1
        directory (or its sub-directories). Specifying:


        would specify all EXE files in subdirectories under the C:\level1
        directory, but would not include that directory itself.

        You can also use the '?' operator to specify ambiguous characters
        as in:


        would be used to specify files on any drive in the \usr\bin
        directory on that drive.  The files would have to be single
        letter filenames with the extension of 'COM'.

        Ambiguous file names are not allowed for the 'T' and 'C' options.


                                 Using FLU_SHOT+

        Protecting files from Write Access

        Use the 'P=' option to protect files from write access.  To
        disallow writes to any of your COM, EXE, SYS, and BAT files,
        specify lines of the form:


        which protects these files on any disk, in any directory.

        Protecting files from Read Access

        Similarly, you can use the 'R' command to protect files from
        being read by a program (including the ability to 'TYPE' a
        file!).  To prevent read access to all of your BAT files, use a
        line such as:


        Combinations of R and P lines are allowed, so the combination of
        the above lines would prevent read or write access to all batch

        Excluding files

        Programmers in particular should find usage for the 'E' command. 
        This allows you to exclude matching filenames from other match
        operations.  Assume you're doing development work in the
        C:\develop directory.

        You could exclude FLU_SHOT+ from being triggered by including a
        line such as:


        Of course, you might have development work on many disks under a
        directory of that name.  If you do, you might include a line
        which looks like:



        Checksumming files

        This line is a little more complicated than others and involves
        some setup work.  It's worth it though!

        A checksum is a method used to reduce a files validity into a
        single number.  Adding up the values of the bytes which make up
        the file would be a simple checksum method.  Doing more complex
        mathematics allows for more and more checking information to be
        included in a test.

        If you use a lie on the form:


        then when FLU_SHOT+ first loads it will check the validity of the
        file against the number in the square brackets.  If the checksum
        calculated does not match the number presented, you'll be advised
        with a triggering of FLUSHOT, which presents the correct

        When you first set up your FLUSHOT.DAT file, use a dummy number
        such as '12345' for each of the files you wish to checksum. 
        Then, when you run FLUSHOT, you should copy down the "erroneous"
        checksum presented.  Then, edit the FLUSHOT.DAT file and replace
        the dummy number with the actual checksum value you had copied
        down. Voila! If even one byte in the is changed, you'll be
        advised the next time you run FLU_SHOT+.

        But wait! There's more! Not available in stores!

        Sorry.  I got carried away.

        Seriously, there is more.  When a "checksummed" file is loaded by
        MS-DOS, it will, by default, be checksummed again.  So, if you
        had a line such as:


        the venerable old WordStar program (still *my* editor of choice!)
        would be checksummed each time you went to edit a file.

        Of course, you might not want the overhead of that checksumming
        to take place each time you load a program.  Therefore, a few
        switches have been added.  The switches are place immediately
        after the ']' in the checksum line:


        These switches are:

             ,n   -    will only checksum the file only 'n' times. Only
                       one digit allowed.


             -    -    Only checksum this file when FLU_SHOT+ first
                       loads.  ',1' and '-' are equivalent.

             +    -    Only checksum this file when it is loaded and
                       executed, not when FLU_SHOT+ first loads

        Therefore, if you wished to only check your WS.COM file when you
        first loaded the FLU_SHOT+ program, you'd specify a line as:


        If you wished to checksum your program called "MY_PROG.EXE" only
        when it was used, try:


        Registering a TSR program

        Any unregistered TSR program which is run after FLU_SHOT+ will
        cause a trigger when they "go TSR".  You can register a program
        so no trigger goes off by specifying it in a line such as:


        which will keep FLU_SHOT+ from complaining about sk.com.  Make
        sure to take a look at the '-T' option, specified in the next

        Restricted Access

        Normally, when access to a file causes FLU_SHOT+ to trigger, the
        user is given the option of hitting a 'Y' to allow the access, or
        a 'G' to allow the access until program exit or a key is hit. 
        However, in some cases, access to a file should *never* be
        allowed.  If you end a line in your FLUSHOT.DAT file with an '!',
        then the trigger will indicate that this is a restricted access
        file, and the user will be asked to press a key to continue.  In
        any case, trigger accesses resulting from a line with a '!' at
        the end will not be allowed to go forth.  For example, if you
        never want anyone to be able to read an AUTOEXEC.BAT file on any
        of your disks, have a line of the form:


        in your FLUSHOT.DAT file.  That's pretty easy!  (Make sure,
        however, to take a look at the FSP command line arguments for the
        '--' switch.)


        Protecting the FLUSHOT.DAT file

        Obviously, the weak link in the chain of the protection which
        FLU_SHOT+ offers you is the FLUSHOT.DAT file.

        You would think that you'd want to protect the FLUSHOT.DAT file
        from reads and writes as specified above.  However this, too,
        leaves a gaping security hole: memory could be searched for it,
        and it could be located that way.  A better alternative exists. 
        In the distribution package for FLUSHOT+ exists a program called
        FLU_POKE.COM.  This program allows you to specify the new name
        you wish to call the FLUSHOT.DAT file. Simply type:

             FLU_POKE <flushot_name>

        where <flushot_name> represents the full path filename of your
        copy of FLU_SHOT+.

        You'll be prompted for the name of the FLUSHOT.DAT file.  Enter
        the name you've selected (remember to specify the disk and
        directory as part of the name).  Voila!  Nothing could be easier.

        Here's an example, assuming that you've already named your
        FLUSHOT.DAT to FRED.TXT, and it resides in the C:\DOC directory. 
        Assume that FSP.COM is in the current directory and has been
        renamed to MYFILE.COM.  Here's the command line:

             FLU_POKE MYFILE.COM
             File opened ok...

             Enter the FLUSHOT.DAT filename (full pathname): FRED.TXT

        Protection Recommendations

        Here's a sample FLUSHOT.DAT file, basically the same one included
        in the archive.  Your actual checksums will differ, and you may
        want to modify what files and directories are protected.
        Obviously, your exact needs are different than mine, so consider
        this a generic FLUSHOT.DAT:



        Allowing "dangerous" programs to run
        In some cases, though, you'll still want the ability to let
        "trusted" programs to run -- even if they are potentially
        dangerous.  A good example of this is the DOS FORMAT program: 
        here is a program specifically designed to overwrite the data on
        your disk in such a way that it would be difficult, at best, to
        recover.  Yet, the program is a necessary part of your day-to-day
        computer usage.

        Therefore, the 'X=' switch has been added in to allow a program
        such as FORMAT to run without interruption.  THIS IS A POTENTIAL
        SECURITY HOLE.  To prevent an 'X=' program from being corrupted,
        I suggest you also include any 'X=' program as both a 'C=' and a
        'P=' program as well: any writes to the file would cause FLU_SHOT
        to trigger, and you wouldn't be able to run a modified program
        without first giving FLU_SHOT permission.  Use 'X=' sparingly. 
        I'm rather uncomfortable with it myself.


                               Invoking FLU_SHOT+

        Running FLUSHOT+

        For extra protection, after you've run FLU_POKE, you should
        rename the FLU_SHOT+ program is something unique and meaningful
        to you, but not a worm.

        Assuming you didn't rename it, however, you could invoke the
        program simply by typing:


        when at the prompt.  That's all there is to it.  When you're
        satisfied, you can add it to your AUTOEXEC.BAT file, after all of
        your trusted programs have run.

        But there are some options you should know about:

        Checksumming the in-memory table
        Since the wily worm may well be able to thwart some of the
        efforts of FLU_SHOT+ by playing nasty games with the in-memory
        copy of the FLUSHOT.DAT file, FLU_SHOT+ will also check this
        table against a checksum it generates on a regular basis.  If the
        table gets corrupted, you'll be advised of it.  This table is
        checked with each call to DOS, so the table must be in good shape
        before any disk I/O is done.


        Intercepting Direct Disk Writes Through INT13

        The default operation of FLU_SHOT+ is to intercept and examine
        every call to the direct disk routines.  You can *disable* this
        by including the '-F' switch on your command line:

             FSP -F

        This is not recommended, but exists primarily for developers who
        can't use the constant triggering one of their programs may

        What about INT26
        Similarly, the same exists for the direct writes which normally
        are only made by DOS through interrupt 26.  Again, I do not
        recommend you disable the checking, but if you desire to do so,
        use the '-D' switch.

        Turning off the header message
        If you've no desire to see the rather lengthy welcome message 
        which is displayed when you first use FLU_SHOT+, use the '-h'

        Disabling Triggering on Open with Write Access
        Files which are opened with write access allowed are often not
        ever written to.  For example, a COPY A.COM B.COM will open
        *both* files for write access, although DOS will not actually
        write to the A.COM file.  Programmer laziness is the most likely
        excuse, and I'm as guilty of it as anyone else.  However, this
        can cause some false alarms, which can alarm you!  If you specify
        the '-W' switch on your command line, you won't have this
        particular alert come up.

        Since the actual write operation to this file is also protected
        by FLU_SHOT+, there is no real danger with using the '-W' option
        -- except that a "protected" file could be created anew without
        you being triggered.  That's not too big a deal.  Future versions
        of FLU_SHOT+ will most probably have the '-W' option as the
        default operation.

        Changing the Trigger Window Attributes
        Certain displays, particularly monochrome displays which try to
        emulate color displays, have a problem with the default selection
        of attributed in the trigger window of FLU_SHOT+.  If you use the
        '-Axcx:yy' switch, you can modify these attributes.

        The xx:yy represent the hex values (as selected from the table
        below) for the interior and the perimeter of the trigger window. 


        The 'xx' represents the interior attribute, the 'yy', the
        perimeter.  If you use the '-A' switch, you *must* select both of
        these values - failure to do so may give a rather strange

        What follows is a table of color and characteristics associated
        with the attribute byte.  A byte has eight bits. Counting from
        the leftmost bit, the first bit of the attribute byte, if set,
        will cause the character to blink, regardless of other settings. 
        The next three bits represent the background color for a given
        character position.  The next bit indicates whether a character
        should have high intensity turned on.  Finally, the last three
        bits represent the color of the character itself.  To create the
        color of your choice, simply combine the bits, then calculate
        what they are in hexadecimal.  If you're not sure of how to
        create a hexadecimal representation of a binary number, have no
        fear:  that information follows, too.

                                    Bkgrnd    Frgrnd
                                 B   CLR   I   CLR
                                 [] [][][] [] [][][]
                    Brightness----^  | | |  |  | | |
                    Background-------+-+-+  |  | | |
                    Intensity---------------+  | | |

                                              Value in hex
        Bit Pattern    Value      Color       if B or I set
          0  0  0      0         Black            8
          0  0  1      1         Blue             9
          0  1  0      2         Green            a
          0  1  1      3         Cyan             b
          1  0  0      4         Red              c
          1  0  1      5         Magenta          d
          1  1  0      6         Yellow           e
          1  1  1      7         White            f

        For example, to create an attribute byte that is high intensity,
        blinking yellow characters on a green background, the attribute
        byte would be:

                                    Bkgrnd    Frgrnd
                                 B   CLR   I   CLR
                                 1  0 1 0  1  1 1 0
                                \--------/ \-------/
                                    |          |
                                    A          E
                    Attribute char:     AE

        IMPORTANT: If the value is less than 10 (hex), you *must* include
        a leading zero or strange things will happen to the selected


        Allowing Trusted TSR's to Work
        Normally, you'd load all of your trusted TSR's before FLUSHOT+ is
        loaded from within your AUTOEXEC.BAT file.  However, you might
        want to use SideKick once in a while, removing it from memory as
        you desire.  This could cause some problems, since SideKick, and
        programs like it, take over certain interrupts, and FLU_SHOT+
        could get confused about whether this is a valid call or a call
        that shouldn't be allowed.  Normally, FLU_SHOT+ will trigger on
        these calls, which is safer, but can be annoying.  If you use the
        special '-T' switch upon program invocation, then calls which
        trusted TSR's (those specified with the 'T=' command in your
        FLUSHOT.DAT file) make will be allowed.  Understand, please, that
        this basically means that calls made by a Trojan while a trusted
        TSR is loaded may not be caught.  Please, use this switch with

        Disabling FLU_SHOT+
        There may be times when you're about to do some work which you
        know will trigger FLU_SHOT+.  And you might not want to be
        bothered with all of the triggering, the pop-up windows and your
        need to respond to each trigger.  If you look in the upper right
        hand corner of your screen, you'll see a '+' sign.  This
        indicates that FLU_SHOT+ is monitoring and attempting to protect
        your system.  Depress the ALT key three times.  Notice that the
        '+' sign' turned into a '-'?  Well, FLU_SHOT+ is now disabled,
        and will not trigger on any event.  If you depress the ALT key
        three more times, you'll see the '-' turn back into a '+' -- each
        time you depress the ALT key three times, FLU_SHOT+ will toggle
        between being enabled and disabled.

        Disabling the Disabling of FLU_SHOT+
        Yes, I know about the poor grammar used in the heading, but I
        couldn't think of a better way of expressing it.

        You can cause FLU_SHOT+ to ignore the "strike ALT three times"
        function discussed above.  If you'd rather that the people using
        the machine FLU_SHOT is working on *not* be able to disable it,
        then enter the '--' switch on the command line, as in:

              FSP --

        this is important when used in combination with the '!'
        restricted file access option you may have opted to use in your
        FLUSHOT.DAT file.


        Disabling FLU_SHOT+ Toggle Display
        Alas, there are graphics applications which will be screwed up be
        the '-' or '+' in the upper right hand corner of your display.
        Therefore, if you depress the CTRL key three times, you'll be
        able to toggle the display capability of FLU_SHOT+.  The default
        configuration of FLU_SHOT+ is to "come up" with display turned
        on.  You can reverse this capability if you include the '-G' (for
        graphics) switch on your command line when you run FLU_SHOT+.

        When you toggle this function, the '-' or the '+' won't appear or
        disappear immediately.  Simply that the repainting of them will
        no longer take place.

        Defining Your Own "Special Keys"
        If you would like to, you can define your own "special keys" (as
        in the default Alt and Ctrl keys in a similar way as you define
        your attributes above.  Use the '-Kxx:yy' option, which takes the
        hexadecimal scan code value for the replacement Alt key as the
        first argument (the 'xx') and the hexadecimal scan code value for
        the replacement Ctrl key value.  If you're not sure of what your
        scan codes are, you should look them up in your BIOS tech ref
        manual -- or there are a multitude of programs which will print
        out the scan code for a given key. Most of these programs are
        available on BBS's throughout the world, including the Software
        Concepts Design, RamNet BBS at (212)-89-6438.

        Due to extreme programmer fatigue, the "Welcome" message you see
        when you first run FLU_SHOT+ with the '-K' option will not change
        to reflect your selection.  Maybe in the next version.  And, of
        course, it depends upon how much you, the end-user want such an

        IMPORTANT: If the value is less than 10 (hex), you *must* include
        a leading zero or strange things will happen to the selected

        Forcing FLU_SHOT+ to only use the BIOS

        Certain machines are not totally compatible with the IBM BIOS,
        which is the BIOS for which FLU_SHOT+ was written.  Because
        FLU_SHOT has to be able to deal with the hardware in a pretty
        direct manner in order to "pop-up" a screen, these machines were
        not able to use FLU_SHOT.  If you specify the '-B' switch in your
        command line when you first run FLU_SHOT+, then only the BIOS
        will be used for screen output.  This is *drastically* slower
        than direct screen memory writes (the method used unless you
        specify to use the BIOS), but at least it works.  However, the
        "hit ALT and/or CTRL three times" options may not work in these
        machines - only your experimentation will tell.


        Putting FLU_SHOT+ to Sleep When Its First Run
        One of the idiosyncrasies of DOS is how a batch file is
        processed.  Basically, DOS opens the batch file, reads the next
        command, closes the batch file, executes the command, and then
        starts over again until the batch file is exhausted of commands.

        This would, normally, not be a problem, but can become when you
        opt to place the FLU_SHOT command line in your AUTOEXEC.BAT file
        *and* you've opted to Read Protect (with the 'R=' option) the
        AUTOEXEC file itself:  you'll be advised that some program is
        reading this protected file.  Not a big deal, really, but
        certainly a hassle when you fist boot up your system.  Therefore,
        protections within FLU_SHOT are not turned on a certain amount of
        time.  The default is set to ten seconds, or until you enter a
        key.  You can modify the default "sleep" time by entering a '-Sn'
        option on the command line, where 'n' represents the number of
        eighteenths of a second (1/18) you wish to have FLU_SHOT+ sleep
        before becoming active.  Since you will most likely have
        FLU_SHOT+ as one of the final commands in your AUTOEXEC.BAT, you
        probably won't have to modify this parameter, but the capability
        exists, nonetheless.


        Interpreting a FLU_SHOT+ Trigger

        So, you've run FLU_SHOT+, and you're at your C> prompt. Great! 
        Now stick a blank disk which you don't care about into your A:
        drive and try to format it.

        Surprise!  FLU_SHOT+ caught the attempt!  You have three choices
        now:  typing 'Y' allows the operation to continue, but the next
        one will be caught as well.  Typing a 'G' (for Go!) allows the
        operation to continue, disabling FLU_SHOT+ until an exit from the
        program is made. When FLU_SHOT+ is in the 'G' state, a 'G' will
        appear in the upper right hand corner of your screen.

        Any other key will cause a failure of the operation to occur.

        When you've got FLU_SHOT+ running and you get signaled that there
        is a problem, you should think about what might have caused the
        problem.  Some programs, like FORMAT, or the Norton Utilities or
        PC-Tools, or DREP have very good reasons for doing direct reads
        and writes to your hard disk.  However, a public domain checkbook
        accounting program doesn't.  You'll have to be the judge of what
        are legitimate operations and which are questionable.

        There is no reason to write to IBMBIO or IBMDOS, right?


        When you format a disk with the '/S' option, those files are
        created on the target diskette.  The act of creating, opening up
        and writing those files will trigger FLU_SHOT+ as part of its
        expected operation. There are many other legitimate operations
        which may cause FLU_SHOT+ to trigger.

        So will copying a COM or EXE file if you have those protected
        with a 'P=' command.  FLU_SHOT+ is not particularly intelligent
        about what is allowed and what isn't.  That's where you, the
        pilot, get to decide.

        Here's a fuller listing of the messages which you might see when
        you're using FLU_SHOT+:

        Checking ===><filename>

        This message is displayed as FLU_SHOT+ checks the checksum on all
        of the "C=" files when you first invoke FLU_SHOT+.  The files
        must be read in from disk, their checksum calculated and then
        compared against the value you claim the checksum should equal.


        If the checksum does *not* equal what you claim it should (which
        means that the file may have been written to and might therefore
        be suspect), a window will pop up in the middle of your screen:

        |  Bad Checksum on <filename>                                   |
        |  Actual Checksum is: <checksum>                               |
        |Press "Y" to allow, "G" to go till exit, any other key to exit.|

        This message simultaneously advises you there is a problem with
        the checksums not matching, shows you what the checksum should be
        and then awaits your response.

        Except for the initial run of FLU_SHOT+, if you type a 'Y' or a
        'G', then the program will load and execute.  Typing any other
        key will cause the program to abort and for you to be returned to
        the C> prompt.  When FLU_SHOT+ is in the 'G' state, a 'G' will
        appear in the upper right hand corner of your screen.

        If this is the initial run of FLU_SHOT+, however, you'll be
        advised of the program's actual checksum, but FLU_SHOT+ will
        continue to run, checking all remaining "C=" files in the
        FLUSHOT.DAT file.

        If you're running a program and you see a screen like:

        |  ? WARNING! TSR Request from an unregistered program!         |
        |Number of paragraphs of memory requested (in decimal) are:<cnt>|  
        |                   (Press any key to continue)                 |

        you're being advised that a program is about to go TSR.  If this
        is a program you trust (such as SideKick, of KBHIT, or a host of
        other TSR programs you've grown to know and love), then you
        should considering installing a "T=" line in the FLUSHOT.DAT file
        so that future runs of this program will not trigger FLU_SHOT+.

        However, if you get this message when running a program you don't
        think has any need to go TSR (such as the proverbial checkbook
        balancing program), you should be a little suspicious.  Having a
        TSR program is not, in of and of itself, something to be
        suspicious of.   But having one you don't expect --- well, that's
        a different story.

        Most TSR's "hook into" an interrupt vector before they go TSR. 
        These hooks might intercept and process key strokes ("hotkeys"),
        or they might hook and intercept direct disk writes themselves. 
        In any event, FLU_SHOT+ (in this version!) doesn't have the
        smarts to do more than advise you of the TSR'ing of the program. 
        If you're truly suspicious, reboot your machine immediately!


        If a program attempts to write directly to the interrupts which
        are reserved for disk writes, FLU_SHOT+ will also be triggered
        and you'll see something like:

        |====>Direct Disk Write attempt by program other than DOS! <====|
        |                   (From Interrupt <xx>)                       |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        where the <xx> represents either a 13 (indicating a direct BIOS
        write to the disk) or a 26 (indicating a direct DOS write). 
        Again, pressing a 'Y' or a 'G' allows the operation to continue,
        pressing any other key will cause the operation to return a
        failed status to DOS, and the operation will not take place. When
        FLU_SHOT+ is in the 'G' state, a 'G' will appear in the upper
        right hand corner of your screen.

        If an attempt is made to format your disk, which may be a
        legitimate operation made by the DOS FORMAT program, you'll see a
        message such as:

        |          ====>Disk being formatted! Are You Sure?<====        |
        |                                                               |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        which follows similarly to the direct disk write operations. You
        should question whether the format operation is appropriate at
        the time and take whatever action you think is best.

        If one of your protected files is about to be written to, you'll
        see a message like:

        |Write access being attempted on:                               |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        where <filename> represents the file you're trying to protect
        from these write operations.  Your red flag should fly, and you
        should question why the program currently running should cause
        such an operation.


        You may also see the same type of message when one of your "Read-
        Protected" files is being accessed:

        |Read Access being attempted on:                                |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        Again, the same red flag should fly, but it doesn't mean that
        you're infected with some nasty virus program!  It could be
        something harmless or intended.  You'll have to be the judge.

        |Open File with Write access being attempted on:                |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        If you see the above message:  Don't Panic!  When a program opens
        a file, it may open the file for different types of access.  One
        access method prohibits writing to the file.  Another allows you
        to write to the file.  However, lazy programmers (myself included
        in this category from time to time) will often open a file for
        read *and* write access, even though they have no intention of
        ever doing a write into the file.  FLU_SHOT+ isn't smart enough
        to be able to figure out what a program *might* do in the future,
        so it will alert you to an attempt to open the indicated
        protected file with write access allowed.  Again, you'll have to
        consider whether the program opening the file is a "trusted"
        program or not and you'll have to then decide what action to

        |Handle Write Access being attempted on:                        |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        If you see this message, it means that some program is trying to
        write to a protected file through an access method known as
        "handle access".  This should normally never happen, with the
        caveats raised above in the "Open With Write Access" section.


        There are three separate messages you'll see if a program
        attempts to rename a protected file (you'll only see one of these
        messages at a time, though):

        |FCB Rename being attempted on source file:                     |
        |FCB Rename being attempted on target file:                     |
        |Handle Rename being attempted on:                              |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        This indicates what type of operation is attempting to rename a
        protected file.  FCB's are a relic of the older CP/M days, and
        "handles" are a newer concept, a little more modern.  In any
        event, this tells you that a file is being renamed.  It is
        possible that a trojan or virus writer will attempt to rename an
        existing protected file to some other name, then rename a
        trojaned or virused program in its stead.  FLU_SHOT will alert
        you to this action:  again, though, you'll have to decide what to
        do about it.

        |Delete being attempted on:                                     |
        | <filename>                                                    |
        |Press "Y" to allow, "G" to go till exit, any other key to fail.|

        Pretty much self-evident as to what's happening here, there are
        very few reasons why one of the files you've opted to protect
        should be deleted.


                          How Good is FLUSHOT+, Really?

        FLU_SHOT+ is a pretty handy piece of code.  But, it can't
        absolutely protect you from a worm.  No software can do that. 
        There are ways around FLU_SHOT+.  I'm of two minds about
        discussing them, since the worms out there are reading it this,
        too.  So I'll only discuss them in passing.  And I'll tell you
        what I use here to protect myself from worms.  First, though, a
        little story to tell you what it's like here, and how I protect
        myself from getting wormed.

        The RamNet Bulletin Board System site I run is open access. No
        need to register, or to leave your phone number or address,
        although a note to that effect is always appreciated.  As
        mentioned above, I dare the worm to try to affect the disk of
        somebody who can fight back.  A couple of of worms have tried and
        I have a nice collection of Trojans and viruses.  Obviously, I
        run FLU_SHOT+ on my board, along with checking incoming files
        with CHK4BOMB.  My procedure for testing out newly uploaded code
        involves me doing a backup, installing all sorts of software to
        monitor what is going on, and doing a checksum on all files on
        the disk.  I then try out all of the code I get, primarily to
        determine if the code is of high enough quality to be posted. 
        After testing out all of the weeks uploads, I run the checksum
        program again to determine of any of my files might have been
        modified by a worm's virus program.

        Recently, what looked like a decent little directory lister was
        posted to the board.  For some reason I've yet to fathom,
        directory aid programs seem to be the ones which have the highest
        percentage of Trojans attached to them.

        This directory aid program listed my directories in a wonderful
        tree structure, using different colors for different types of
        files.  Nice program.  When it exited, however, it went out and
        looked for a directory with the word "FLU" in it.  Once it found
        a directory with a match in it, it proceeded to try to erase all
        of the files in that directory. An assault! No big deal.  That's
        what backups are for.

        But it brings up an interesting point:  I was attacked by a
        clever worm, and it erased a bunch of files which were pretty
        valuable.  All of the protection I had would have been for naught
        if I didn't use the first line of defense from these worms:  full
        and adequate backup.

        I've spent three years of my life developing one particular
        software package.  Imagine what would have happened if that had
        been erased by a worm!  Fortunately, I make backups at least once
        a day, and usually more frequently than that.  You should, too.

        Now, I quarantine that machine as well.  I spent a couple of
        dollars and bought a bunch of bright red floppy disks.  The basic
        rule around here is that Red Disks are the only disks that go
        into the BBS machine, and the Red Disks go into no other machine. 


        You see, I *know* that there is some worm out there who is gonna
        find some way to infect my system.  No matter what software
        protection I use, there *is* a way around it.

        You needn't be concerned though -- you're making backups on a
        regular basis, right?  And, you aren't asking for trouble.  I am,
        I expect to find it, and it is sort of amusing to see what the
        worms out there are wasting their efforts on.

        At this point, Trojans and Viruses are becoming a hobby with me:
        watching what the worms try to do, figuring out a way to defend
        against it, and then updating the FLU_SHOT series.

        However, there is a possibility that the FLU_SHOT series (as well
        as other protection programs which are just as valuable) are
        causing an escalation of the terms of this war.  The worms out
        there are sick individuals.  They must enjoy causing the damage
        they do.  But they haven't the guts to stand up and actually do
        something in person.  They prefer to hide behind a mist of

        But you have the ultimate defense!  No, not the FLU_SHOT+


        There are a variety of very good backup programs which can save
        you more work than you can imagine.  I use the FASTBACK+ program,
        which is a great little program.  I backup 30Megs once in a
        while, and do an incremental backup on a very frequent basis. 
        There are a variety of very good commercial, public domain, and
        shareware backup programs out there.  Use them!  Because, no
        matter what software protection you use, somebody will find a way
        around it once day.  But they can't find a way around your
        backups.  And, if you (and everyone else) do regular backups,
        you'll remove the only joy in life these worms have.  They'll
        kill themselves, hopefully, and an entire subspecies will be
        wiped out -- and you'll be partially responsible!

        My advance thanks for helping to exterminate these little
        slimebuckets.  But that brings me to something else.


                                 Reward Offered

        Somebody out there knows who the worms are.  Even they must have
        someone who is a friend. True, I can't think of any reason
        someone would befriend a worm.  But somebody who doesn't know
        better has.

        Well, I'm offering a reward for the capture and conviction of
        these worms.

        Enough already with software protection schemes, hardware
        protection schemes, or any protection at all.  It shouldn't be
        required, dammit!

        Here's the deal:

        In this archive is a form called REWARD.FRM.  If you're a
        software or hardware manufacturer, or you have some software or
        hardware you don't need, consider filling out that form, and
        donating it to a worthy cause.  I don't know what the legal and
        tax ramifications of that donation would be.  I'm not a lawyer
        and we can cross that bridge when we get to it.

        Anyway, if you know one of these worms, turn them in!  Call me
        up, send me a letter, a telegram, or leave a message for me on my
        BBS.  Indicate who you *know* is worming about.  I'll keep your
        name confidential.

        It is surprisingly easy to get the authorities in on this --
        they're as concerned about what is happening to our community as
        we are.  I'll presume that they'll end up putting a data tap on
        the phone line of the accused worm.  Then, when he next uploads a
        Trojan or a virus to a BBS, he'll get nailed.  The authorities
        are pretty good about this stuff: they'll not tap a phone or take
        any action whatsoever without adequate proof.  Will your dropping
        a dime on this worm be adequate proof?  I don't know.   Again, a
        bridge to cross when we approach it.

        However, assuming that this slimeball gets nailed, you'll get all
        of the software and hardware which other people have donated. And
        the satisfaction of knowing that you've done a Good Thing, that
        you've helped an industry and community continue to grow.  This
        *is* your community, and the vast majority of people in it are
        good people who shouldn't have to fear from your friend.  Your
        friend is not really a friend: he uses you to justify his own
        existence.  When someone uses you like that, they're not a
        friend, they're a leach.  And you've probably got better things
        to do then let somebody use you like that.

        Most importantly, the worm out there won't know if one of his
        friends has already turned him in.  So he won't know if his phone
        is tapped.  If *I* were a worm, and considering what kind of
        friends I would have, I'd be sure that somebody dropped a dime on
        me.  And therefore an intelligent worm (perhaps I'm giving the
        worm too much credit?) must presume that their line is tapped and


        that they're gonna go to jail if they continue what they're

        So just stop, you miserable little lowlife, huh?  You're going to
        be arrested. You're going to have to put up with indignities
        which even you don't deserve!  Your equipment will be
        confiscated.  You'll never get a job in the industry.  You're
        going to go to jail. 

        All because one of your friend's actually has a conscience and
        knows what is right and what is wrong.  And what you're doing is

        So, let me get back to the kind of programming I enjoy --
        productive programming.  And turn your programming to useful,
        interesting, and productive programming.  You have the talent to
        do something useful and good with your life.  What you're doing
        is hurting the industry and hurting the community which would
        welcome someone with your talents with open arms.

        And the satisfaction of helping far surpasses the satisfaction
        you must get from hurting innocent people.

        So just stop.

        Sincerely, Ross M. Greenberg



║          <<<<  Disk No 1119 FLUSHOT+, HDSENTRY and more  >>>>           ║
║ To copy the documentation for FLUSHOT to your printer, type             ║
║                             PRINT (press enter)                         ║
║                                                                         ║
║ In order to run FLUSHOT you must first copy all of the needed files     ║
║ to the root directory of your hard drive. We have simplified this task  ║
║ for you, all you have to type to copy all needed files to your hard     ║
║ drive is, INSTALL (press enter)                                         ║
║                                                                         ║
║ To start FLUSHOT, type FSP (presss enter) from your C: prompt           ║


FLU_SHOT+ can not, by itself, absolutely protect your disks from the
damage a determined worm attempts.  It does as much as I can think
of, but that may not be sufficient for the sites which really can not
afford to have their data damaged.

We're in the process of designing and producing a hardware board which
will interface with a future release of FLU_SHOT+.  This will be a
commercial product.  We don't expect it to cost an arm and a leg, but
we haven't got the costs nailed down as of yet.  When we do, we'll
announce the product, its limitations and advantages and, of course,
its price.

If you'd like more information on our future hardware board, please
check off the appropriate box on the registartion form and we'll keep
you advised.

Ross M. Greenberg


HDSENTRY.ARC contains:

HDSENTRY, whether you run the .EXE or the smaller .COM file, is an interrupt
handler that intercepts service requests to the hard disk.  If the service
call is not destructive in any way, the call is passed on to DOS, and is
executed in normal fashion.  Calls to floppies are also merely passed on.
However, if a call is made to the hard disk that is destructive (write or 
format), the handler prevents it from occuring.  To alert you that something
is amiss, the handler will notify you with a beep in the speaker and a sign:
<<< ALERT >>> Destructive disk call prevented!
HDSENTRY is intended for use while you are checking out newly downloaded
programs from a bulletin board and you suspect those programs to be TROJAN
HORSEs, i.e., a program that purports to be something useful but that in
fact intends to scramble your hard disk for you (this could be done by keeping
you amused with colorful graphics and overwriting your File Allocation
Table, or reformatting your hard disk to the tune of Beethoven's Fifth, 
although I doubt anyone low enough to try such things have any breeding).
A good strategy is to NEVER download from a BBS to your hard disk, always
to a floppy.  However, the TROJAN may think of that and make calls to the
hard disk anyway.  HDSENTRY will put a stop to that!  If you have HDSENTRY
installed and YOU try to erase something on the hard disk, YOU will be
prevented (the filename will disappear as though you were successful, but
when you reboot, you'll find the file is still there.  This is part of the
strategy just in case the TROJAN tries to see if it successfully erased
a file.)  When you're finished checking your downloads, reboot your system
without HDSENTRY.
If you have any problems, notify Andrew M Fried (address is in the .ASM
file), NOT me!


LOCK.COM - Run this to write- and format-protect your hard disk.  Useful
           when letting someone else use your PC or when trying out
           new BBS software.  Each time it is run it
           toggles the protection off or on - no need to reboot to get
           rid of it.  The toggle ON/OFF feature will not work if, after
           running LOCK, you run another RESIDENT program that 
           re-vectors INT 13.  In other words, run LOCK after running
           other resident programs, such as Sidekick.
           If the DOS FORMAT command is run when this is on, it will
           appear to be formatting your hard disk, but what it is
           actually doing is VERIFYing each sector, which does not
           harm the disk.  Your data is actually lost during a format
           when DOS writes a new Directory and FAT - LOCK will prevent
           that.  Actually, if LOCK is not installed and you accidentally
           start formatting your hard disk, you can type Ctrl-Break
           to stop the formatting.  The Ctrl-Break will not be
           acknowledged right away, but that's ok - it will still break
           you out of format before any damage is done.  


This  is  a brief blurb about the main product  Software  Concept  Design
derives  income  from.  This is a blatant commercial announcement and  we
have no excuses for it! We have kept it short, though, with the full text
available on the RamNet BBS at (212)-889-6438.  Or,  we can send you more
information  if you check off the box on the registration form.  On  with
the show!

What is RamNet?

RamNet is a background, memory resident program which enables you to:

 *  Run your own Bulletin Board System -- in the background!
 *  Have  Electronic Mail (E-Mail) across the nation or across the  globe
    today....with no hardware other than your PC and modem!
 *  Do  file  transfers  (both  upload  and  download)  totally  in   the 
    background,  so you can continue your normal processing  tasks in the
 *  Run  SCRIPT files that allow you to upload and download to any  other
    computer system.
 *  Utilize  RamNet  as a "normal" communications package  via  a   user-
    selectable  Hot-Key.  Start  transfers in the foreground and   switch
    them  to  the  background -- only a  keystroke  away!  The   transfer
    continues while you work on something else.
 *  Incoming E-Mail may be immediately printed if you desire.   You'll be
    notified, in any case, when mail has arrived.
 *  RamNet uses the XMODEM protocol for error free file   transfer.  Both
    Checksum  (with  about 99% error detection) and  CRC (with  at  least
    99.9% error detection) have been  implemented.
 *  UUCP,  the  protocol  of choice between UNIX sites is now   available
    between RamNet sites as well. Your RamNet site  will appear as a UUCP
    allowing file transfers to take place  between UNIX systems and  your
    PC in "native" mode.  You can  send and receive UNIX mail to and from
    your PC -- in the  between UNIX systems and your PC in "native" mode.
    You  can   send and receive UNIX mail to and from your PC  -- in  the 
    background! A free update to handle UNIX News is in the works, too!
 *  Now  your PC can act as a Telex machine,  too!  Your incoming   telex
    messages  are  stored and/or printed without requiring an   expensive
    dedicated machine.
 *  Use RamNet as a Source Librarian!  You can specify a given   download
    directory  as a "locked directory".  Files which are  downloaded  are
    "locked" from future downloads until  released.
 *  Wildcard  Transfers via a special Batch file allow you to   customize
    which files you wish to transfer in one shot.
 *  The following Baudrates are supported:  110,  300,  600, 1200,  2400,
    4800, 9600, 19200, 38400.
 *  Easily works with any modem, intelligent switch, or direct,  hardwire

With  RamNet you won't have to schedule your time with the person at  the
other  end:  if they're running RamNet,  they'll just continue with their
work as you continue with yours.

RamNet retails for only $149,  and we offer a full money back  guarantee. 
No questions asked.  You can't lose!

We  can  be  reached via MCI and BIX as 'greenber',  on  the  RamNet  BBS
specified above,  on CIS as [72241,36], or as bellcore!ditka!ramnet!root. 



                FLU_SHOT+ (V1.5) Registration

Please fill out this form, then mail it along with a check for
$14 ($10 Registration, $4 Shipping/Handling/Processing) (or
more!) to:

                        Ross M. Greenberg
                        Software Concepts Design
                        594 Third Avenue
                        New York, New York 10016

Thanks for your support!






City:   _____________________     State: _________  Zip:______


Comments and Suggestions:____________________________________________________





Where did you get FLUSHOT+ (V1.5) from? (check one, fill in the blank):

        [__]  User Group  (which one:________________________________________)

        [__]  BBS  (Name:_______________________)(Tel #:_____________________)

        [__]  Other (Such as:________________________________________________)

Please send me more information on:

        [__]  RamNet, the background communications program

        [__]  The Programmer's Co_operative



                                                      FOR IMMEDIATE RELEASE
                               Contacts: Ross M. Greenberg,  (212)-889-6431
                                         Marc Adler,         (201)-792-3954
                                         Greg Comeau,        (718)-849-2355

                  THE PROGRAMMER'S CO_OPERATIVE:                                
                By Programmers and For Programmers

 April  10,  1988 --- The Programmer's Co_operative,  dedicated to providing
 software  authors and developers with the unique services they  require  at
 the lowest prices it can arrange, is opening its doors to new members.

 Founders Marc Adler,  Greg Comeau, and Ross M. Greenberg are three software
 authors  who decided it was time to act to resolve problems they discovered
 all software authors faced.

 "Independent  software developers,  the one or two  person  operation,  are
 overwhelmed  by the costs of providing highly specialized services as  they
 need them.",  said President Ross M.  Greenberg.  "We share costs,  provide
 marketing  and  sales services,  bring volume discounts on advertising  and
 materials, and provide other services our members need."

 Few  software  authors  have expertise in the diverse  fields  required  to
 market  and  support a successful product,  according  to  co-founder  Marc
 Adler.  This  makes  it  difficult and expensive for a new  product  to  be
 introduced or even to appear on the market.

 "Just  producing  a single ad and placing it in a national publication  can
 cost individual developers more time, effort and money then they can afford
 to  spend.  We  offer each software author the benefit of  working  with  a
 larger  organization,  of  having  some  clout.",  Greg  Comeau  of  Comeau
 Computing pointed out.

 Members of The Programmer's Co_operative pay a $250 one-time initiation fee
 and  a small quarterly membership fee.   All Co_op members are entitled  to
 use  any Co_op services at 10% above Co_op cost.  Non-members may use Co_op
 services, as available, at 15-25% above Co_op cost.

 Among  the  services  the Co_op offers or plans to offer  to  its  members:
 volume  advertising  discounts  on  single  or  multiple  inserts,   volume
 discounts  on production and distribution materials,  and distribution  and
 fufillment services. The Co_op will also offer catalog sales, marketing and
 PR services,  documentation preparation and printing,  legal services,  and
 postal services such as mail forwarding and bulk rates.

 The  Co_op is now retaining a telemarketing organization to handle sales of
 products produced by Co_op members.  According to Greenberg this will allow
 the  developers to concentrate on the thing they do  best:  create  quality

 "For  the first time,  even the independent developer can have a chance  to
 succeed as we all band together. By programmers and for programmers. That's
 what the Co_op is all about, and why it's working.", Greenberg stated.

 For more information regarding The Programmer's Co_operative,  contact them
 at 594 Third Avenue, New York, New York, 10016


Version 1.1 of FLU_SHOT+ has a few enhancements:

1.      If you use the '-B' switch when you first run FLU_SHOT+,
        the machines BIOS will be used instead of direct screen
        writes.  Useful for machines which are less than IBM-PC
        compatible.  Or those people still running CGA's who don't
        like snow.  It's a little slow.  For the CGA users: you
        ever think of how nice it would be to see an unblurred
        screen?  EGA's aren;t that expensive anymore....

2.      I neglected to remove some comments, and there was a hole
        in FLU_SHOT+ V1.0 that a worm could have exploited.  The
        hole has been patched securely....

3.      An additional option in the FLUSHOT.DAT file:
        allows a matching program to "turn off" the triggering of
        FLU_SHOT+ for the entire duration of its run.  This could
        leave a security hole if you're not careful....so be careful!
        Do not use an ambigious directory: running a trojan from there
        would not trigger FLU_SHOT+.  I use it for programs like
        FORMAT, Norton Utilities and that kind of stuff.  I'm very
        careful when using it, though.  And you should be, too!

4.      The in-memory protection table is now checksummed so that
        worms can't change the files you're attempting to protect.
Version 1.2 of FLU_SHOT+ has a few enhancements:

1.      A new option, '-I<num>' has been added.  This allows you to
        determine the frequency, in 1/18 seconds, of how often the CMOS
        Check (if enabled) and the Protection Table Check are going to
        run.  The lower the number, the higher your protection, but
        the more impact it will have on system operations:  they'll
        be a little slower.  The default is set to one second.

2.      Some complaints from those having FSP in their AUTOEXEC.BAT and
        having a line of the the form R=\AUTOEXEC.BAT.  FSP was protecting
        the AUTOEXEC.BAT file (an intended option), but the boot sequence
        was causing people to have to hit a 'G' to continue with their
        boot.  I've installed a '-S<num>', where <num> represents how many
        1/18 seconds to sleep before activating the R= option.
        The default is set to 10 seconds.  It will also immediately
        expire on the first key hit.

3.      Because CMOS and Prot Table checks are done via the timer tick
        in Version 1.2, there is no need for the counter to be associated
        with the CMOS flag any longer.  As such, '-C' is the full option
        to turn on CMOS checking.
Version 1.4 of FLU_SHOT+ has a few enhancements:

1.      I've skipped Version 1.3 - something about the number having
        bad luck and all.

2.      A major bug, due to programmer stupidity, has been fixed. Alas,
        this bug actually could cause some damage to your disk.

3.      The X= switch works better now - it was ignored on Direct Disk

4.      Some of the error messages have been made a bit clearer.

5.      Complaints from some of the users have caused me to increase the
        size of the checksum buffer internal to FLU_SHOT+.  This has the
        sad result of increasing the TSR size of the program itself -- but
        I consider it a reasonable increase for speeding up the checksumming
        of files.

6.      If a file to be checksummed could not be found at startup time,
        the previous files checksum was displayed -- this has been fixed.

7.      Certain holes in FLU_SHOT's security system have been patched.

8.      The size of the FLUSHOT.DAT buffer has also been increased to allow
        users to specify more files to be checksummed and/or protected.

Version  1.5,  released on 1/15/89,  has some enhancements and  a
bug-fix or two:

1.   IOCTL's are now checked pretty carefully.  Earlier versions
     had a minor hole.
2.   A new option, '-W' will keep FLU_SHOT+ from triggering on an
     open of a file which allows for write access.  Many lazy
     programmers (and I qualify as one, sometimes!) may open a
     file for write access, even though no write is intended.
     DOS's COPY command, for example, will cause a trigger on the
     open  access to the source file.
3.   FLU_SHOT+ will now trigger when a write is attempted to a
     file through the "handle" method. You'll get more triggers
     than with the original "Open with Write Access" you got,
     but it's better and more precise protection.
4.   If you end a line in your FLUSHOT.DAT file with an '!', then
     the files which match this are considered "restricted". When
     access to these files causes a FLU_SHOT trigger, no options
     are displayed: the user is advised they are attempting to
     access a restricted file and to press any key.  The
     operation will always fail.
5.   However, restricted access isn;t much use if three hits of
     the ALT key can disable FLU_SHOT.  So, a new option '--' has
     been added to disable disabling (yeah, I know it sounds
     weird!).  If you use a '!' in your FLUSHOT.DAT file to
     restrict access to users *local* to your system, then you
     should use the '--' option in your FSP invocation call.
6.   CMOS protection caused a lot of problems:  about three out
     of every four support calls were because of CMOS problems:
     and nine out of ten of those calls were due to people
     attempting to check CMOS on their XT.  XT's don't have
     CMOS!!  Since the protection offered wasn't that big a deal
     anyway, it's been pulled entirely.  As has the '-I' switch.
     The in-memory table is now checked before every DOS
7.   A bug in 1.4 would allow the Lehigh virus through under
     certain circumstances.  This has been fixed.
8.   The price of FLU_SHOT+ remains the same, at $10.  However,
     the cost of FGLU_SHOT went up. Huh? Well, we now charge
     an additional $4 handling/shipping/processing charge on
     each order.  Sorry: I never expected to make a fortune
     off of FLU_SHOT+, but I have to at least break-even.
9.   A bug in the code would allow certain files to slip through
     unprotected.  It's been fixed.
10.  Using the '-A' switch allows you to define what attributes
     you want to use for the trigger window.
11.  Using the '-K' switch allows you to define which "special"
     keys will be used instead of the Alt and Ctrl keys.
12.  A serious bug in the "use BIOS" routine which could cause a disk
     to be trashed has been fixed.

Ross, 1/15/89



    XWORD is a general file format transformer; that is, it con-
verts files from one format to another. Selections are made from
is not tricky to use, this file deals with general operation
procedures, some problems, and what XWORD does not do. I have
made some arbitrary decisions regarding what XWORD does to files.
Sometimes it is not possible, or not possible without great
difficulty, to preserve print options between different word
processing formats. In some of these cases, I have elected to
eliminate them and let the user re-input them anew. For those
word processors which require a line length embedded in the
files, I have chosen one arbitrarily, based on my own experience.
If this proves burdensome for users, I will find another way.
    Since XWORD is not a frozen, static program, but one which I
am continually changing (and, hopefully, improving), no feature
of XWORD need be considered as irrevocable. If users (or par-
ticular users) have a need for a certain type of revision, that
can be done.
    XWORD appends a 1AH to the ends of files under certain
options. Those options that convert files to ASCII format all ap-
pend a 1AH to the file. This is not required for MS/PC-DOS, but
it is necessary in CP/M, to which ASCII files can be ported.


    XWORD supports wildcards (* and ?) in the source file name.
When wildcards are used, XWORD will overwrite the source file (a
warning to that effect appears) except when converting TO MultiMate.

                           MENU ONE

                        REDUCING SPACES

    Use only with WordStar-compatible files. DO NOT USE WITH MUL-
TIMATE FILES OR WITH WORDSTAR 2000 FILES. You will have to reboot
if you try to load a file processed with the P option into Multi-
mate or WordStar 2000.


     No special precautions need be taken regarding these files.
Both WordStar and WordStar 2000 will allow any kind of file name.
There is still a problem with tab handling (by XWORD), but the
rest of the options of the two should be OK. XWORD will support
NORMAL.FRM. It will not support the NOFORM.FRM. This format is
identical to ASCII. Thus, if converting a file produced with
WordStar 2000 and NOFORM.FRM, select ASCII as the source
    Sidekick is compatible with WordStar, BUT, the tabs of
files written in WordStar's non-document mode show up as capital
"I"s in Sidekick. XWORD expands expands these tabs so they will
appear properly.
    If your file in WordStar2000 looks funny when XWORD is
through with it, place the cursor at the beginning of the
paragraph and press any letter (you will have to erase the letter
you input). This will cause WordStar2000 to reformat the


    XWORD supports conversion both into and out of MultiMate. For
conversion out of MultiMate, it is important that you repaginate
your files first. After conversion, check to make sure that there
is no unwanted or misplaced text (MultiMate does not always
eliminate old versions of pages, but stores them and skips over
them when editing a file; also MultiMate sometimes stores pages
out of sequence). Repagination cuts down on this, but may not
eliminate it completely.  When converting from WordStar, be care-
ful of indents. Make sure that indents begin after a hard return
or ^PM (equivalent to 0DH). MultiMate requires all document files
have the extension .DOC; XWORD appends this extension to
MultiMate-target files. You will notice that the converted Multi-
mate file will often have more indents than it should. This is
due to the algorithm I used; a future version of XWORD will solve
this problem. I have used XWORD to convert a 42+K file to Multi-
Mate with no problems.

                        XYWRITE II PLUS

    No special precautions need be taken here, as XyWrite II is
very friendly. (XWORD has been tested on Version 1.00.)


    No special precautions are needed regarding conversion to or
from WordPerfect.

                           MENU TWO

    The options on this menu are for bit and byte manipulation.
Some of them can be used for a quick and dirty type of
cryptography. Three of the options require the user to input a
value in hexadecimal format (digits 0-9 and letters A-F, which
represent our common notion of 10, 11, 12, to 15); they are:
AND,OR, XOR. Another one, NOT, requires no other input from the
user than the source and target file names. ROL and ROR require
the user supply a number between 1 and 7, inclusive.

    The action of NOT, ROL and ROR are fully reversable. That is,
if NOT FileA produces FileB, and NOT FileB produces FileC, then
FileC is identical to FileA. ROR (ROtate through Right) and ROL
(ROtate through Left) circulate the eight bits that compose each
byte. ROR 1 time shifts the bits in each bit right once; the
rightmost bit is moved to the leftmost position (this information
is merely for the elucidation of the user; the user does not have
to understand the action of these options in order to use them).
ROL 1 acts in the same way, but to the left. ROR 2 is the same as
ROR 1 and then ROR 1 again. If FileA is processed with ROR 3,
say, producing FileB, and FileB is processed using ROL 3, produc-
ing FileC, then FileC is identical to FileA. You can use a
sequence of these options to scramble a file pretty well (but
remember to record your sequence and go through it in reverse to
unscramble it). That is, if your sequence was:

                 ROR 4, NOT, ROL 3, NOT, ROL 2

                then to undo this, you must go:

                 ROR 2, NOT, ROR 3, NOT, ROL 4


    The last option on this menu, Replace, is different from the
others. Replace allows the user to replace any text (ASCII) or
hexadecimal string (a string is a sequence of bytes) by any other
text or hexadecimal string. The two strings do not have to both
be ASCII or hex. Additionally, the user can elect to save these
strings and reuse them (especially useful if they were compli-
cated to figure out). The user will be prompted for a source file
and then a target file; then, whether the string is to be entered
in ASCII, hex, or from a previously saved file. If the user en-
ters a string in ASCII or hex, XWORD will ask if the user wants
to save the string. This sequence is repeated for the replacement
(new) string. Each string can be 30 bytes (characters) long. When
entering hex, note that each hex digit must be composed of two
numerals (including letters). Thus, the string more commonly
written as 0DH,0AH,27H,64H,0FFH, would be enterd as 0D0A2764FF.
    Remember that if you rEplace a commonly occurring byte in a
file with a long string, then your target file could become up to
30 times as large as the original file. If users find longer
strings are more useful, I will change XWORD to accommodate
that need.
    If you make an error during hex entry, hit the backspace key,
and you will be reset to the beginning of hex entry. Generally in
XWORD, hitting the space bar, return, or end key will let you es-
cape from one level of the program to another, and, except when
files are actually being converted, control-C always works.


    XWORD is the property of Ronald Gans; XWORD is unpublished
and copyrighted. XWORD may not be sold for profit by anyone. If
you purchased XWORD for more than the price of a disk, shipping,
and handling, you got taken and should notify me of that fact,
along with the name of the person or corporation from whom you
purchased XWORD. XWORD.EXE and XWORD.DOC may be freely copied and
distributed, but may not be altered in any way by anyone. If you
wish an alternate version of XWORD, please let me know. Please
direct all correspondence to:

                          RONALD GANS
                     350 WEST 55TH STREET
                   NEW YORK, NEW YORK 10019
       CompuServe No. 74216,264 Telephone (212) 957-8361


    If you send me $15.00 (N.Y.State residents $16.24), I'll put
your name on a list so when revisions of XWORD are ready, or im-
portant bugs are discovered, I'll inform you by postcard, along
with the names and phone numbers of some BBSs from which they can
be downloaded. For $3.00 more, you'll get a year's worth of revisions
mailed to you.
    WordStar and WordStar 2000 are registerd trademarks of
MicroPro International Corporation. Multimate is a registered
trademark of MultiMate International. XyWrite II Plus is a
registered trademark of XyQuest Inc. Sidekick is a registered 
trademark of Borland International. WordPerfect is a registered
trademark of Satellite Software.

Directory of PC-SIG Library Disk #1119

 Volume in drive A has no label
 Directory of A:\

$READ_ME 1ST      3328   1-15-89
CRYPT    BAS      1267   2-16-87   1:05p
$TOC              1536   1-15-89
DISKTOOL DOC     54528   7-24-86   9:07p
DT       COM     57005   7-24-86   9:18p
DT       PIF       369   3-15-86   5:24p
F        EXE     31872   1-22-85  10:28p
UPDATES  TXT      6682   1-15-89
FINDHIDE COM       605   2-18-87  11:44a
FLUSHOT  DAT       128   1-15-89
FLU_POKE COM       844   1-15-89
FSP      COM     15703   1-15-89
FSP      TXT     79002   1-15-89
F_FEED               1   1-15-89
HARDWARE TXT       896   1-15-89
GO       BAT        38   1-01-80   1:37a
GO       TXT      1002   1-27-89  10:53a
MY_OWN   CPY      1361   1-15-89
HDSENTRY ASC      6789   8-16-88   9:29p
HDSENTRY COM       617   8-16-88   9:29p
HDSENTRY DOC      1920   4-25-88   7:02p
HIDE     COM       565   2-12-87   5:07p
INSTALL  BAT       325   7-22-88   2:53p
LOCK     COM       439   3-05-87   9:23p
LOCK     DOC      1232   3-05-87   9:23p
PRINT    BAT       512   1-15-89
RAMNET   TXT      3245   1-15-89
REGISTER TXT      1895   1-15-89
REWARD   FRM      1920   1-15-89
REWARD   LST      1792   1-15-89
THE_COOP TXT      3328   1-15-89
SCAN     EXE      6352   9-17-86   4:25p
SDIR5    COM      6528   3-05-87   3:13p
SDIR5    DOC      7936   3-05-87   3:13p
UNHIDE   COM       597   2-12-87   5:15p
XWORD221 DOC      9139   2-24-87  12:54p
XWORD223 EXE     30592  11-12-86  12:22a
       37 file(s)     341890 bytes
                        1024 bytes free