home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Software Vault: The Gold Collection
/
Software Vault - The Gold Collection (American Databankers) (1993).ISO
/
cdr32
/
tbav602.zip
/
TBSCAN.LNG
< prev
next >
Wrap
Text File
|
1993-05-04
|
6KB
|
185 lines
The Thunderbyte Anti-Virus utilities provide a collection of sophisticated
programs which offer various ways to check for, identify and remove known as
well as unknown viruses from hard and floppy disks on PCs or across networks.
TBAV is upgraded every two months. Free hotline support is provided for all
registered users via telephone, fax and electronic bulletin board. Read the
comprehensive documentation files for detailed info. BBS: +31- 85- 212 395
$
TbScan is written by Frans Veldman.
Usage: TbScan [@][<path>][<filename>...] [<options>...]
Command line options available:
help he =help (? = short help)
pause pa =enable "Pause" prompt
mono mo =force monochrome
quick qs =quick scan (uses Anti-Vir.Dat)
allfiles af =scan non-executable files too
heuristic hr =enable heuristic alerts
extract ex =extract signature (registered only)
once oo =only once a day
secure se =user abort not allowed (registered only)
compat co =maximum-compatibility mode
ignofile in =ignore no-file-error
noboot nb =skip bootsector check
nomem nm =skip memory check
hma hm =force HMA scan
nohmem nh =skip UMB/HMA scan
nosub ns =skip sub directories
noautohr na =no auto heuristic level adjust
repeat rp =scan multiple diskettes
batch ba =batch mode (no user input)
delete de =delete infected files
move mv =move infected files
expertlog el =no heuristic descriptions in log
wait =<0...255> wa =number of timerticks to wait.
log [=<filename>] lo =append log file
session [=<filename>] sl =create session log file
loglevel =<0..4> ll =set log level
path =<move-path> mp =set move-path
rename [=<ext-mask>] rn =rename infected files
$
WARNING!
$
WARNING! memory
$
Since an active virus in memory may interfere with the
virus scanning process, it is highly recommended to
immediately power down the system, and to reboot from a
write-protected clean system diskette!
Note: if you used any virus scanner just before you invoked
TbScan, it's possible that TbScan detected a signature of
the other scanner in memory, rather than an actual virus.
In that case you should ignore this warning.
Do you want to Q)uit or to C)ontinue? (Q/C)
$
Insert disk, press "Esc" to cancel...
$
signatures:
file system:
directories:
total files:
executables:
CRC verified:
infected items:
elapsed time:
Kb / second:
$
contains
$
infected by
$
dropper of
$
damaged by
$
joke named
$
overwritten by
$
trojan named
$
probably
$
might be
$
virus
$
Has been changed!
$
an unknown virus
$
Error occured while processing AVR's!
$
Error: Some internal limit exceeded!
$
No executable files found!
$
Error: Can not create logfile!
$
Option 'extract' and 'secure' are available for registered users only!
$
Process aborted by user!
$
Heuristic flags:
$
c No checksum / recovery information (Anti-Vir.Dat) available.
$
C The checksum data does not match! File has been changed!
$
F Suspicious file access. Might be able to infect a file.
$
R Relocator. Program code will be relocated in a suspicious way.
$
A Suspicious Memory Allocation. The program uses a non-standard
way to search for, and/or allocate memory.
$
N Wrong name extension. Extension conflicts with program structure.
$
S Contains a routine to search for executable (.COM or .EXE) files.
$
# Found an instruction decryption routine. This is common
for viruses but also for some protected software.
$
V This suspicious file has been validated to avoid heuristic alarms.
$
E Flexible Entry-point. The code seems to be designed to be linked
on any location within an executable file. Common for viruses.
$
L The program traps the loading of software. Might be a
virus that intercepts program load to infect the software.
$
D Disk write access. The program writes to disk without using DOS.
$
M Memory resident code. This program can be a TSR but also a virus.
$
! Invalid opcode (non-8088 instructions) or out-of-range branch.
$
T Incorrect timestamp. Some viruses use this to mark infected files.
$
J Suspicious jump construct. Entry point via chained or indirect
jumps. This is unusual for normal software but common for viruses.
$
? Inconsistent exe-header. Might be a virus but can also be a bug.
$
G Garbage instructions. Contains code that seems to have no purpose
other than encryption or avoiding recognition by virus scanners.
$
U Undocumented interrupt/DOS call. The program might be just tricky
but can also be a virus using a non-standard way to detect itself.
$
Z EXE/COM determination. The program tries to check whether a file
is a COM or EXE file. Viruses need to do this to infect a program.
$
O Found code that can be used to overwrite/move a program in memory.
$
B Back to entry point. Contains code to re-start the program after
modifications at the entry-point are made. Very usual for viruses.
$
K Unusual stack. The program has a suspicious stack or an odd stack.
$
Y Bootsector violates IBM bootsector format. Missing 55AA-marker.
$
p Packed program. A virus could be hidden inside the program.
$
i Additional data found at end of file. Probably internal overlay.
$
h The program has the hidden or system attribute set.
$
w The program contains a MS-Windows or OS/2 exe-header.
$
.............