==========================================================================
          F-Force Malware Disinfection Utility Version 1.00.0012
==========================================================================

F-Force  is  a free  malware  disinfection  utility  created  by  F-Secure
Corporation.


==========================================================================
                     IMPORTANT! PLEASE READ CAREFULLY!
==========================================================================

By running this Software, you agree to the  End User License Terms  as set
out in the rtf file supplied with the Software (designated as "EULT.rtf").
Any use  of the Software  is subject  to your acceptance  and adherence to
such  End User License Terms.  If you do not accept  such End User License
Terms, you are not allowed to use the Software in any manner.

This Software is  intended only  for certain advanced  malware removal and
does not  provide comprehensive protection from viruses  and other malware
by itself.


==========================================================================
                               Features
==========================================================================

The F-Force utility  disinfects computers  infected with known variants of
the following malware:

 Agobot		(Backdoor.Win32.Agobot)
 Aimbot		(Backdoor.Win32.Aimbot)
 Bagle		(Email-Worm.Win32.Bagle, except .N, .O, .P, .Q, .R variants)
 Bozori		(Net-Worm.Win32.Bozori)
 Codbot		(Backdoor.Win32.Codbot)
 Dumaru		(Email-Worm.Win32.Dumaru)
 Fanbot		(Backdoor.Win32.Fanbot)
 Feebs		(Worm.Win32.Feebs)
 Forbot		(Backdoor.Win32.Forbot)
 IRCBot		(Backdoor.Win32.IRCBot)
 Mitglieder	(Trojan-Proxy.Win32.Mitglieder or Trojan-Spy.Win32.Mitglieder)
 Mydoom		(Email-Worm.Win32.Mydoom)
 Mytob		(Net-Worm.Win32.Mytob)
 Netsky		(Email-Worm.Win32.NetSky)
 Padobot	(Net-Worm.Win32.Padobot)
 Poebot		(Backdoor.Win32.Poebot)
 Rbot		(Backdoor.Win32.Rbot)
 SDBot		(Backdoor.Win32.SdBot)
 Spybot		(P2P-Worm.Win32.SpyBot)
 Wootbot	(Backdoor.Win32.Wootbot)
 Zafi		(Email-Worm.Win32.Zafi)

Also the utility can remove the following malware:

 VB.bi		(Email-Worm.Win32.VB.bi)
 Nyxem.e	(Email-Worm.Win32.Nyxem.e)

In addition the F-Force utility detects EICAR test file.

The F-Force  utility might be able  disinfect computers  that are infected
with new variants of these backdoors and worms, however disinfection  will
only work if these variants are detected generically by AVP engine.

The F-Force utility disinfects Windows HOSTS file by removing entries that
were added by malware.  In addition the utility automatically restores the
default EXE file startup string in case it was modified by malware.

The F-Force  utility creates  a log  file  named  F-FORCE.LOG  in the root
Windows  directory  (usually C:\WINDOWS).  The log file  is appended every
time the F-Force utility is run.


============================================================================
                           System Requirements
============================================================================

 Operating System:    
			Windows 98 or Windows 98 SE
			Windows ME (Millennium Edition)
			Windows NT 4.0 Workstation or Server
			Windows 2000 Professional or Server
			Windows XP Home or Professional Edition
			Windows Server 2003 
 
 Hardware:    
    Processor:		Pentium PC or higher
    Memory:		64 Megabytes

 Disk Space:		At least 10  Megabytes  of  hard  drive  space for
			anti-virus  engine  DLLs  and  anti-virus database
			files.


==========================================================================
                        Running F-Force Utility
==========================================================================

1. Unpack  the F-Force  utility from  the provided ZIP archive either with
WinZip or  PkUnzip utilities.  A trial version  of WinZip archiver  can be
downloaded from the following website:

http://www.winzip.com/ddchomea.htm

2. Download the archive called  LATEST.ZIP from F-Secure web or ftp sites.
This archive  contains  the latest  anti-virus  database files.  It can be
downloaded from these URLs:

http://www.f-secure.com/download-purchase/latest.zip
ftp://ftp.f-secure.com/anti-virus/updates/latest/latest.zip

3. Place the  downloaded  LATEST.ZIP archive in the  same folder where the
F-Force utility is located.
                                   
4. Run the unpacked F-Force.exe file from a hard disk to eliminate malware
infection.  You can run the utility  by either double-clicking on its file
from Windows Explorer or you can start it from a command prompt (to open a
command prompt  click 'Start' button,  select 'Run' menu  and type CMD.EXE
(if you  have  Windows  NT, 2000 or XP) or  type COMMAND.COM  (if you have
Windows 98 or ME). Then  press 'Enter' to run the command  interpreter. In
the opened command  prompt window you  have to type CD command followed by
a folder name where the  F-Force utility is located, for example:

	CD  C:\TEMP

Press 'Enter' to run that  command. To run the  F-Force utility  from that
folder type F-FORCE and press 'Enter'.

First the  F-Force  utility will kill  all detected  malware  processes in
memory.  Then the  utility  will remove all  startup  Registry  key values
created by  the malware and finally  it will scan all available hard disks
and delete all infected files.  If needed, the utility  disinfects Windows
HOSTS file  and restores the default value  of EXE file startup key in the
Registry.

5. Reboot the system. After restart your system should  be clean  from the
above mentioned malware.

If you have  F-Secure Anti-Virus  installed, the utility  will temporarily
disable the  on-access  scanner (OAS) to be able to disinfect your system.
After the utility completes disinfection it enables the on-access scanner.


==========================================================================
                             Command Line Options
==========================================================================

The F-Force utility supports the following command line options:

 /? or /help	- show command line options
 /ver		- get tool's version info
 /silent	- silent mode, no screen output
 /nopause	- do not wait for keypress after scanning
 /restart	- automatically restart a computer after disinfection
 /scanall	- scan all files, ignore the default extension list
 /useavp	- use the external AVP engine to scan for malware
 /useorion	- use the external Orion engine to scan for malware
 /nomem		- do not scan Windows memory (not recommended!)
 /nohdd		- scan memory and Windows Registry only (not recommended!)
 /killnet	- kill network before disinfection and restore connections
		  after disinfection is complete
 /nogk		- do not use F-Secure Gatekeeper handler for file and memory
		  operations (not available in version 1.0)
 /virlist	- generate VIRLIST.TXT file with the list of malware that
		  the tool disinfects (not available in version 1.0)

The '/useavp' and '/useorion' options are enable by default in the utility
that is distributed from F-Secure web or ftp sites.

If  the  F-Force  utility is  run  without  any  command  line  option, it
automatically scans and disinfects all hard drives.


==========================================================================
                  Important Notes About Disinfection
==========================================================================

Please note  that the F-Force utility can disinfect only certain malicious
programs. Besides the  utility  does not  scan inside  archives. So  after
cleaning a computer with the F-Force utility it is recommended to scan all
hard drives with  F-Secure Anti-Virus and the latest  updates to make sure
that no infected files remain there.

A  trial  version  of F-Secure  Anti-Virus  and the latest  updates can be
downloaded from F-Secure's website:

http://www.f-secure.com/download-purchase/list.shtml
http://www.f-secure.com/download-purchase/updates.shtml

If the  infection is in a  network environment, then the network should be
temporarily taken down before all workstations and servers are disinfected.
A single infected workstation can re-infect already cleaned computers. The
detailed instructions for  eliminating an  outbreak of network-aware worms
and backdoors can be found here:

http://www.f-secure.com/v-descs/netdisinf.shtml

If a computer  with  Windows  NT,  2000  or  XP operating  system is being
disinfected,  please log in as Administrator or as a user with local admin
rights, otherwise  the F-Force utility  might not be able to disinfect the
system.

If you have  Windows ME or XP, it is recommended to disable System Restore
feature  of  these  operating  systems   to  prevent  your  computer  from
re-infection  with a malware.  The fact is that  System Restore feature of
these  operating systems  might save  the infected  file into  the special
folder and copy it back to a hard drive it every time it's been deleted by 
F-Force utility. The instructions on how to disable System Restore feature
can be found here:

Windows ME:
http://www.f-secure.com/v-descs/sfc_dis.shtml

Windows XP:
http://www.f-secure.com/v-descs/sfc_dis1.shtml

The F-Force  utility  unpacks  several files  into a temporary folder on a 
hard  drive. These  files  are  not   deleted  after  the  tool  completes
disinfection of a computer. The unpacked files can be deleted manually any
time after disinfection.


==========================================================================
                               Copyrights
==========================================================================

* F-Force Malware Disinfection Utility

 Copyright (c) 2005-2006 F-Secure Corporation

* Portions:

  Copyright (c) 1991-2006 Kaspersky Labs, Ltd.


==========================================================================
                             Contact Information
==========================================================================

If you have any problems using the F-Force utility please contact F-Secure
Customer support using the following URL:

http://support.f-secure.com/enu/home/contactus/ 

