home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Gold Medal Software 3
/
Gold Medal Software - Volume 3 (Gold Medal) (1994).iso
/
virus
/
tbav612e.arj
/
TBSCAN.LNG
< prev
next >
Wrap
Text File
|
1994-04-13
|
7KB
|
202 lines
| ╒══════ ThunderBYTE ══════════╕ ╒════════ TB-Agent Info ═════════╕
| │|▐|N TBAV utilities offers the |▌|│ │|▐|N CENTRAL COMMAND INC. |▌|│
| │|▐|N fastest anti-virus tools |▌|│ │|▐|N Keith A. Peer |▌|│
| │|▐|N available. License TBAV |▌|│ │|▐|N |▌|│
| │|▐|N software for protection! |▌|│ │|▐|N P.O. Box 856 |▌|│
| │|▐|N To find the closest TBAV |▌|│ │|▐|N Brunswick, Ohio 44212 |▌|│
| │|▐|N authorized reseller call: |▌|│ │|▐|N |▌|│
| │|▐|N 1-800-667-TBAV |▌|│ │|▐|N Phone: (216) 273-5743 |▌|│
| ╘═══════════════════════════════╛ ╘════════════════════════════════╛
$
TbScan is written by Frans Veldman.
Usage: TbScan [@][<path>][<filename>...] [<options>...]
Command line options available:
help he =help (? = short help)
pause pa =enable "Pause" prompt
mono mo =force monochrome
quick qs =quick scan (uses Anti-Vir.Dat)
allfiles af =scan non-executable files too
heuristic hr =enable heuristic alerts
extract ex =extract signature (registered only)
once oo =only once a day
secure se =user abort not allowed (registered only)
compat co =maximum-compatibility mode
ignofile in =ignore no-file-error
noboot nb =skip bootsector check
nomem nm =skip memory check
hma hm =force HMA scan
nohmem nh =skip UMB/HMA scan
nosub ns =skip sub directories
noautohr na =no auto heuristic level adjust
repeat rp =scan multiple diskettes
batch ba =batch mode (no user input)
delete de =delete infected files
log lo =output to log file
append ap =log file append mode
expertlog el =no heuristic descriptions in log
logname =<filename> ln =set path/name of log file
loglevel =<0..4> ll =set log level
wait =<0...255> wa =number of timerticks to wait.
rename [=<ext-mask>] rn =rename infected files
exec =.<ext-mask> ee =specify executable extensions
$
WARNING!
$
WARNING! memory
$
Since an active virus in memory may interfere with the
virus scanning process, it is highly recommended to
immediately power down the system, and to reboot from a
write-protected clean system diskette!
Note: if you used any virus scanner just before you invoked
TbScan, it's possible that TbScan detected a signature of
the other scanner in memory, rather than an actual virus.
In that case you should ignore this warning.
Do you want to Q)uit or to C)ontinue? (Q/C)
$
This version of TbScan is more than 6 months old.
Statistics show that the amount of different viruses
doubles about every nine months. For the safety of your
data it is highly recommended to obtain a more recent
version of TBAV.
Consult TCT Canada or TCT International for info about
licensing, upgrading or support from 8:00 - 17:00 EST.
Phone: (613) 930-4444
Fax: (613) 936-8429
Press any key to continue...
$
Insert disk, press "Esc" to cancel...
$
Sigfile entries:
File system:
Directories:
Total files:
Executables:
CRC verified:
Changed files:
Infected items:
Elapsed time:
KB / second:
$
found
$
infected by
$
dropper of
$
damaged by
$
joke named
$
overwritten by
$
trojan named
$
probably
$
might be
$
virus
$
Has been changed!
$
an unknown virus
$
Option 'once' already used today.
$
Error: Some internal limit exceeded!
$
No executable files found!
$
Error: Can not create logfile!
$
Option 'extract' and 'secure' are available for registered users only!
$
Process aborted by user!
$
Heuristic flags:
$
c No checksum / recovery information (Anti-Vir.Dat) available.
$
C The checksum data does not match! File has been changed!
$
F Suspicious file access. Might be able to infect a file.
$
R Relocator. Program code will be relocated in a suspicious way.
$
A Suspicious Memory Allocation. The program uses a non-standard
way to search for, and/or allocate memory.
$
N Wrong name extension. Extension conflicts with program structure.
$
S Contains a routine to search for executable (.COM or .EXE) files.
$
# Found an instruction decryption routine. This is common
for viruses but also for some protected software.
$
V This suspicious file has been validated to avoid heuristic alarms.
$
E Flexible Entry-point. The code seems to be designed to be linked
on any location within an executable file. Common for viruses.
$
L The program traps the loading of software. Might be a
virus that intercepts program load to infect the software.
$
D Disk write access. The program writes to disk without using DOS.
$
M Memory resident code. The program might stay resident in memory.
$
! Invalid opcode (non-8088 instructions) or out-of-range branch.
$
T Incorrect timestamp. Some viruses use this to mark infected files.
$
J Suspicious jump construct. Entry point via chained or indirect
jumps. This is unusual for normal software but common for viruses.
$
? Inconsistent exe-header. Might be a virus but can also be a bug.
$
G Garbage instructions. Contains code that seems to have no purpose
other than encryption or avoiding recognition by virus scanners.
$
U Undocumented interrupt/DOS call. The program might be just tricky
but can also be a virus using a non-standard way to detect itself.
$
Z EXE/COM determination. The program tries to check whether a file
is a COM or EXE file. Viruses need to do this to infect a program.
$
O Found code that can be used to overwrite/move a program in memory.
$
B Back to entry point. Contains code to re-start the program after
modifications at the entry-point are made. Very usual for viruses.
$
K Unusual stack. The program has a suspicious stack or an odd stack.
$
Y Bootsector violates IBM bootsector format. Missing 55AA-marker.
$
p Packed program. A virus could be hidden inside the program.
$
i Additional data found at end of file. Probably internal overlay.
$
h The program has the hidden or system attribute set.
$
w The program contains a MS-Windows or OS/2 exe-header.
$
.............