home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
High Voltage Shareware
/
high1.zip
/
high1
/
DIR14
/
TBAV608.ZIP
/
TBSCAN.LNG
< prev
next >
Wrap
Text File
|
1993-10-19
|
7KB
|
201 lines
| ╒═════════Product info══════════╕ ╒══════════Agent info══════════╕
| │|▐|NThunderbyte Anti-Virus is the|▌|│ │|▐|N Thunderbyte USA |▌|│
| │|▐|Nfastest and most extensive |▌|│ │|▐|N P. O. Box 527 |▌|│
| │|▐|Nanti-virus system available. |▌|│ │|▐|N Dagsboro, DE 19939 |▌|│
| │|▐|N |▌|│ │|▐|N |▌|│
| │|▐|NFree support is available to |▌|│ │|▐|N Phone: (302) 732-3105 |▌|│
| │|▐|Nall registered users via fax,|▌|│ │|▐|N Fax: (302) 732-3105 |▌|│
| │|▐|Nphone, or computer BBS. |▌|│ │|▐|N BBS: (302) 732-6399 |▌|│
| ╘═══════════════════════════════╛ ╘══════════════════════════════╛
$
TbScan is written by Frans Veldman.
Usage: TbScan [@][<path>][<filename>...] [<options>...]
Command line options available:
help he =help (? = short help)
pause pa =enable "Pause" prompt
mono mo =force monochrome
quick qs =quick scan (uses Anti-Vir.Dat)
allfiles af =scan non-executable files too
heuristic hr =enable heuristic alerts
extract ex =extract signature (registered only)
once oo =only once a day
secure se =user abort not allowed (registered only)
compat co =maximum-compatibility mode
ignofile in =ignore no-file-error
noboot nb =skip bootsector check
nomem nm =skip memory check
hma hm =force HMA scan
nohmem nh =skip UMB/HMA scan
nosub ns =skip sub directories
noautohr na =no auto heuristic level adjust
repeat rp =scan multiple diskettes
batch ba =batch mode (no user input)
delete de =delete infected files
log lo =output to log file
append ap =log file append mode
expertlog el =no heuristic descriptions in log
logname =<filename> ln =set path/name of log file
loglevel =<0..4> ll =set log level
wait =<0...255> wa =number of timerticks to wait.
rename [=<ext-mask>] rn =rename infected files
exec =.<ext-mask> ee =specify executable extensions
$
WARNING!
$
WARNING! memory
$
Since an active virus in memory may interfere with the
virus scanning process, it is highly recommended to
immediately power down the system, and to reboot from a
write-protected clean system diskette!
Note: if you used any virus scanner just before you invoked
TbScan, it's possible that TbScan detected a signature of
the other scanner in memory, rather than an actual virus.
In that case you should ignore this warning.
Do you want to Q)uit or to C)ontinue? (Q/C)
$
This version of TbScan is more than 6 months old.
Statistics show that the amount of different viruses
doubles about every nine months. For the safety of your
data it is highly recommended to obtain a more recent
version of TBAV.
Consult the file Agents.Doc for information about TBAV
agents, or consult ESaSS B.V. in The Netherlands:
Phone: +31 - 80 - 787 - 881
Fax: +31 - 80 - 789 - 186
Press any key to continue...
$
Insert disk, press "Esc" to cancel...
$
Sigfile entries:
File system:
Directories:
Total files:
Executables:
CRC verified:
Changed files:
Infected items:
Elapsed time:
KB / second:
$
found
$
infected by
$
dropper of
$
damaged by
$
joke named
$
overwritten by
$
trojan named
$
probably
$
might be
$
virus
$
Has been changed!
$
an unknown virus
$
Option 'once' already used today.
$
Error: Some internal limit exceeded!
$
No executable files found!
$
Error: Can not create logfile!
$
Option 'extract' and 'secure' are available for registered users only!
$
Process aborted by user!
$
Heuristic flags:
$
c No checksum / recovery information (Anti-Vir.Dat) available.
$
C The checksum data does not match! File has been changed!
$
F Suspicious file access. Might be able to infect a file.
$
R Relocator. Program code will be relocated in a suspicious way.
$
A Suspicious Memory Allocation. The program uses a non-standard
way to search for, and/or allocate memory.
$
N Wrong name extension. Extension conflicts with program structure.
$
S Contains a routine to search for executable (.COM or .EXE) files.
$
# Found an instruction decryption routine. This is common
for viruses but also for some protected software.
$
V This suspicious file has been validated to avoid heuristic alarms.
$
E Flexible Entry-point. The code seems to be designed to be linked
on any location within an executable file. Common for viruses.
$
L The program traps the loading of software. Might be a
virus that intercepts program load to infect the software.
$
D Disk write access. The program writes to disk without using DOS.
$
M Memory resident code. The program might stay resident in memory.
$
! Invalid opcode (non-8088 instructions) or out-of-range branch.
$
T Incorrect timestamp. Some viruses use this to mark infected files.
$
J Suspicious jump construct. Entry point via chained or indirect
jumps. This is unusual for normal software but common for viruses.
$
? Inconsistent exe-header. Might be a virus but can also be a bug.
$
G Garbage instructions. Contains code that seems to have no purpose
other than encryption or avoiding recognition by virus scanners.
$
U Undocumented interrupt/DOS call. The program might be just tricky
but can also be a virus using a non-standard way to detect itself.
$
Z EXE/COM determination. The program tries to check whether a file
is a COM or EXE file. Viruses need to do this to infect a program.
$
O Found code that can be used to overwrite/move a program in memory.
$
B Back to entry point. Contains code to re-start the program after
modifications at the entry-point are made. Very usual for viruses.
$
K Unusual stack. The program has a suspicious stack or an odd stack.
$
Y Bootsector violates IBM bootsector format. Missing 55AA-marker.
$
p Packed program. A virus could be hidden inside the program.
$
i Additional data found at end of file. Probably internal overlay.
$
h The program has the hidden or system attribute set.
$
w The program contains a MS-Windows or OS/2 exe-header.
$
.............