FREQUENTLY ASKED QUESTIONS
How do I install my registered version of Wormguard ?
Wormguard has a free trial version, do not uninstall this if you already have it installed. This trial version needs to be installed first, then copy your WGUARD.KF file to C:\Wormguard
If you installed Wormguard to some other folder instead of C:\Wormguard, you need to save the keyfile WGUARD.KF into that folder instead. This file is a special type of file, do not try to open it. WGUARD.KF only needs to be saved into the right folder on your computer to get the full version activated.
How do I install or uninstall Wormguard ?
Wormguard has an installer which puts the files on your machine, but it isn't active until you use the configuration program WGUARD.EXE. This program has a shortcut on your desktop.
Simply press INSTALL and Wormguard becomes active. Scanning is now activated and occurs automatically. Press REMOVE to deactivate Wormguard - there's no need to use the uninstaller. Do not attempt to use the uninstall program unless you press REMOVE first.
I pressed INSTALL and Wormguard says it can't find WGUARD.INF. What do I do now?
1) Press OK in the window that reads "Wormguard core components have been installed".
2) Press CANCEL on the window with the title "Files Needed".
3) Press REMOVE in Wormguard, and press OK in the window that reads "Wormguard core components have been removed".
4) Press INSTALL again, this time there should be no problems.
If you still have problems, feel free to contact us, or download wguard.inf to your Wormguard folder and try again.
What are "dual extensions" ?
Worms such as LoveLetter and LifeStages used names such as loveletter_for_you.txt.vbs and lifestages.txt.shs. Wormguard will detect these files simply because of the dual extensions. The default Windows Explorer view will hide the REAL extension of these files, making them look harmless:
loveletter_for_you.txt
This is still a popular trick to fool users into opening a file, more common examples would be something that appears to be a picture, but is an EXECUTABLE file - such as MYPIC.JPG.exe.
Files with the .SHS extension are even more dangerous because the .SHS extension is known as SUPER HIDDEN - they are never shown due to an option called NeverShowExt. Wormguard blocks all .SHS files from executing by default, since these files are created by the Operating System and its programs, they should never be "opened" as such.
Ok what about excess spaces ?
This is another filename trick. A filename of "readme.txt .exe" will bring up an alarm. When users load explorer, they will see readme.txt ... with the dots hiding the "exe" extension from view. Users may try to open the file thinking it will load in notepad, when in fact the file is surely a hostile application.
Why do I need Wormguard ?
Wormguard can detect brand new worms and trojans before traditional scanners - because it doesn't require any updates, it guards you from many vulnerabilities such as the ones above and more. The ability to block execution of all .VBE .SHS .HTA and other filetypes is another valuable feature. Most important, Wormguard cannot be terminated in the same way other protection could be bypassed - and it uses absoluted no resources until something asks it to scan a file. Even then, the scan is usually instantaneous, the scan engine is exceptionally fast on modern computers.
What types of files does Wormguard scan ?
Wormguard scans all executable types including EXE SCR named files, as well as COM PIF and CMD files. Wormguard scans JS, HTM, HTML and WSH files and all BAT scripts. It also scans VBS, these files are easy for Wormguard and it generically detects any known VBS worm or trojan. Wormguard completely blocks execution of many dangerous types by default - VBE SHS SHA JSE HTA. Other types of file can be blocked ALWAYS by adding them to the blocked type list.
What else can Wormguard do ?
Wormguard also scans DOC, MDB and XLS files for Macros. Macros are very dangerous and these files should also be checked with your antivirus scanner. The macro interpreter scans for common macro code which can be used in viruses across all macro-capable file types.
The Advanced Deep Search & Interpretation (ADSI) Engine is capable of identifying IRC worms as being "probable" or "near-definate". It is capable of detecting some key-loggers, programs that automatically start on Windows load, password-stealers, and more.
What is a worm and what do they do ?
A WORM is a program which spreads (usually) over network connections. In general, a worm does not attach itself to a host program - this is a viral infection. The primary goal of internet worms is SURVIVAL. Destruction may be a secondary objective, but survival will always be put first by the worm author.
Classic internet worms work on the principle that "If I send myself to 50 people, chances are high that at least 1 of them can be fooled into running me" - and thus, the worm gains another chance at life. In order to propagate, worms, like real-life worms, require the right environment in order to reproduce. Worms are only possible due to vulnerabilities in certain software packages, and all worms require at least one of these vulnerabilities to exist in order to exploit it and reproduce. As an example, the Word Macro class of viruses & worms requires the "target" to have Microsoft's Word program installed on their computer. If they don't have MS Word installed, the worm is rendered useless on that machine as it cannot exploit Microsoft Word's macro capabilities. The worms principle is now "If I send myself to 50 people, at least 25 of those should have Microsoft Word, and at least 1 of them can be fooled into running me".
Today, internet worms are a way to spread other malware. Trojan users commonly are using worm methods to spread IRC bot trojans, set up spam relays and to attack online targets. Worms are also used to drop keyloggers, and even steal private data by filetype!
Does Wormguard give "false alarms" ?
Wormguard takes a generic and careful approach. If you receive a warning from Wormguard, read the analysis carefully - it will indicate exactly what Wormguard is suspicious about. If you KNOW the file is clean, you can click ALWAYS ALLOW and Wormguard will never scan this file again. If you THINK the file is clean, the analysis shown will give you a lot better idea. You can also contact support, and its a good idea to scan the file with an updated antivirus scanner on online scan.
Copyright © 2008, Diamond Computer Systems Pty. Ltd. All rights reserved.