home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-12
/
tbresc19.zip
/
TBRESCUE.DOC
< prev
next >
Wrap
Text File
|
1992-05-02
|
37KB
|
1,261 lines
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
Table of Contents
1. COPYRIGHT, LICENCES AND DISCLAIMER................ 2
1. Copyright..................................... 2
2. Distribution and usage........................ 2
3. Disclaimer.................................... 3
4. Trademarks.................................... 3
5. Registration.................................. 3
2. INTRODUCTION...................................... 5
1. Purpose of TbRescue........................... 5
2. Who are we?................................... 5
3. USAGE OF THE PROGRAM.............................. 7
1. System requirements........................... 7
2. Program invokation............................ 7
3. Command line options.......................... 7
1. -immunize................................. 7
2. -store.................................... 8
3. -compare.................................. 8
4. -restore.................................. 8
4. Examples:..................................... 8
5. Using the anti-virus partition................ 9
4. THE THUNDERBYTE PARTITION CODE................... 11
1. What is a partition?......................... 11
2. What is a partition table?................... 11
3. The partition code........................... 11
5. MISCELLANOUS INFORMATION......................... 14
1. Exit codes................................... 14
2. Recommendations.............................. 14
6. OUR OTHER PRODUCTS............................... 15
1. TbScan....................................... 15
2. TbScanX...................................... 15
3. Thunderbyte.................................. 15
7. NAMES AND ADDRESSES.............................. 19
1. Contacting the author........................ 19
2. ESaSS........................................ 19
3. Thunderbyte support BBS's.................... 19
4. Recommended magazines and organisations...... 19
Page i
Page 1
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
1. COPYRIGHT, LICENCES AND DISCLAIMER
1. Copyright
TbRescue is copyright 1989-1992 ESaSS B.V.. All rights reserved.
The diskettes provided with TbRescue are not copy protected. This
does not imply that they can be freely copied in unlimited
quantities. TbRescue is protected by copyright law, which applies
to computer software as well.
No part of the printed manual accompanying TbRescue may be
reproduced, transmitted, transcribed, stored in a retrieval system
or translated into any language, in any form or by any means,
without the prior written permission of ESaSS B.V..
2. Distribution and usage
Both TbRescue and the accompanying documentation are SHARE-WARE.
You are hereby granted a licence by ESaSS to distribute the
evaluation copy of TbRescue and its documentation, subject to the
following conditions:
1. The evaluation package of TbRescue may be distributed freely
without charge in evaluation form only.
2. The evaluation package of TbRescue may not be sold or licensed.
Neither may a fee be charged for its use. If a fee is charged in
connection with TbRescue at all, it should only cover the cost of
copying or distribution. UNDER NO CIRCUMSTANCES should payment of
such fees be understood to constitute legal ownership.
3. The evaluation package of TbRescue must be presented in its
complete form. It is not allowed to distribute the program and
its documentation files separately.
4. Neither TbRescue nor its documentation may be amended or altered
in any way.
5. By granting you the right to distribute the evaluation copy of
TbRescue, you do not become the owner of TbRescue in any form.
6. ESaSS accepts no responsibility in case the program malfunctions
or does not function at all.
7. ESaSS can never be held responsible for damage, directly or
indirectly resulting from the use of TbRescue.
8. Using TbRescue means that you agree to these conditions.
Any other use, distribution or representation of TbRescue is
Page 2
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
expressly forbidden without the written permission by ESaSS.
3. Disclaimer
Neither ESaSS B.V. nor anyone else who has been involved in the
creation, production or delivery of TbRescue or this manual grants
any warranties in respect of the contents of the software or this
manual and each specifically disclaims any implied warranties of
merchantability or fitness for any purpose. ESaSS B.V. reserves the
right to revise the software and the manual and to make changes
from time to time in the contents without obligation to notify any
person.
4. Trademarks.
TbRescue, TbScan, TbScanX and Thunderbyte PC Immunizer are
registered trademarks of ESaSS B.V.. All other product names
mentioned are ackowledged to be the marks of their producing
companies.
5. Registration.
THIS IS NOT FREE SOFTWARE! If you paid a "public domain" vendor for
this program, you paid for the service of copying the program, and
not for the program itself. Proceeds from such transactions would
never reach the makers of this product.You may evaluate this
product, but if you decide to make use of it, you should register
either TbScan or TbScanX, or obtain a Thunderbyte add-on card.
Hey, what's this? Do I have to register for a different program in
order to become a legal user of TbRescue?
Well, TbRescue is just one of our anti-virus products. It is
included with our Thunderbyte PC immunizer, and it is also supplied
with the official TbScan(X) shareware diskette. Since TbScan and
TbScanX are already available for a low price and include TbRescue,
a registration for TbRescue as stand alone package would not be
cheaper than the registration of TbScan or TbScanX. So, by
registering for TbScan or TbScanX you get your licensed copy of
TbRescue, and you have TbScan(X) as an additional tool.
To register: fill in the file REGISTER.DOC and return it to us.
We offer several inducements to you for registering. First of all,
you receive the most up-to-date copy of the program that we have
(we do update the product on a regular basis). Secondly, you are
entitled to support for TbRescue, which can be quite valuable at
times. In the third place, you will receive the complete
documentation of this product in print. A "do-it-yourself" update
service is offered to registered users through our own support BBS.
Page 3
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
And finally, we include an evaluation package of some of our other
software products, again without copy protection and fully
oprational.
Once you have become a registered user of TbScan(X) all future
upgrades will be free.
Page 4
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
2. INTRODUCTION
1. Purpose of TbRescue
TbRescue has been developed as a tool to have some defence against
partition table and bootsector viruses.
- It can save the partition table, bootsector and CMOS data area
to a file.
- It can compare and restore the partition table, bootsector and
CMOS data area after an (virus) accident.
- It can remove a partition table virus without having to
low-level format the hard disk, even if there is no backup of
the partition table.
- It can create a partition table that has some first line virus
defence build in.
Unlike most file viruses, partition table viruses are hard to
remove. The only solution is to low-level format the hard disk and
to make a new partition table.
TbRescue makes a backup of the partition table and bootsector, and
this backup can be used to compare and restore the original
partition table and bootsector once they are infected. You don't
have to format your disk anymore to get rid of a partition or
bootsector virus. The program can also restore the CMOS
configuration.
If your partition table is damaged and you don't have a backup of
it, TbRescue will try to create a new partition table, avoiding the
need of a low-level format.
Another important feature is that you can use TbRescue to replace
the partition table code by code that is more resistant against
viruses. The TbRescue partition code will be executed before the
bootsector gains control, so it is able to check the bootsector in
a clean environment. Once the bootsector is executed it is
difficult to check it, because the virus is already resident in
memory and can fool every protection. Instead of booting from a
clean DOS diskette just to inspect the bootsector, the TbRescue
partition code performs a CRC calculation on the bootsector just
before control is passed to it. If the bootsector has been modified
the Tbrescue partition code will warn you about this. The TbRescue
partition code also checks the RAM layout and informs you when it
is changed. It does this every time you boot from your hard disk.
2. Who are we?
Page 5
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
TbRescue has been developed by Frans Veldman, chief executive of the
ESaSS company. ESaSS is the company that developed the well-known
Thunderbyte card, the first hardware PC immunizer, and that has
gained a great deal of experience with and knowledge of viruses and
assembler-written system software. Of course, we do have a large
collection of viruses to test our products on.
Page 6
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
3. USAGE OF THE PROGRAM
1. System requirements
TbRescue should work on any machine with a working hard disk, and
with any DOS version. The program requires only about 64Kb of free
RAM to execute.
2. Program invokation
The use of the program is very easy: just run TbRescue without
parameters to get a help screen.
The syntax:
TBRESCUE <option> [<filename>]
3. Command line options
It is possible to specify so-called options on the command line.
TbRescue recognizes option-characters and option-words. The words are
more easy to remember, and they will be used in this manual for
convenience.
Available options:
-immunize, -i = Immunize and clean partition table
-store, -s = store disk information into rescue data file
-compare, -c = compare disk information to rescue data file
-restore, -r = restore disk information from rescue data file
All options accept a parameter specifying the filename of the
rescue data file. The default filename is TBRESCUE.DAT and the
file will be used in the current directory.
1. -immunize
This is a very powerfull option, it can be used to clean an
infected partition table if there is no rescue data file, and it
replaces the existing partition table code by a new partition
routine that has some virus detection capabilities. The original
partition code will be saved in a file. You have to run TbRescue
from a floppy drive or you have to specify the name of the file
(the specified drive should be a diskette drive) to store the
original partition code. For more information about the
new partition code see the next chapter.
If the original partition table is completely damaged and can not
be used to built a new one, TbRescue will search the entire disk
for information about the original disk layout. TbRescue will
Page 7
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
also search for TbRescue data files on the hard disk. It is
however recommended to store the data file on a diskette, but
it is a good idea to keep a copy of it on the hard disk.
Just for sure!
2. -store
This option stores the partition table, bootsector and CMOS data
area into the rescue data file. Also some additional information
will be stored in the file to make sure TbRescue will recognize
this PC as the owner of the partition table and bootsector. This is
neccesary because restoring the partition table from another PC to
your PC will destroy all your data at once!
TbRescue will ask you to enter a meaningfull description of the
machine. Enter something like "AT 12MHz, 4Mb, room 12, Mr. Smith".
You do NOT have to remember it, TbRescue will display it on the
screen when comparing or restoring, but it helps you to verify that
the data file belongs to the machine.
It is also possible to check the comment from the DOS command
prompt. Enter:
"Type TbRescue.Dat"
This will show the comment of the TbRescue.Dat file (without any
other garbage being displayed).
3. -compare
This option enables you to check that everything is still Ok. If
you specify this option TbRescue will compare the information in
the rescue data file against the partition table, bootsector and
CMOS data area. It will also show the comment stored in the data
file. And of course, if you use this option you will also be sure
that the rescue data file is still readable...
4. -restore
This option enables you to restore the partition table, bootsector,
and CMOS data area. It will ask you to confirm that the data file
belongs to the current machine. Finally it will restore the
partition table, bootsector of the partition to be used to boot,
and the CMOS data area.
4. Examples:
TbRescue -store
TbRescue -store A:TbRescue.Dat
TbRescue -compare A:TbRescue.Dat
Page 8
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
TbRescue -restore A:TbRescue.Dat
TbRescue -immunize A:\TbRescue.Org
Type A:TbRescue.Dat
5. Using the anti-virus partition.
If you install the Thunderbyte partition code (TbRescue -mmunize),
you will see the following while booting a clean system:
Thunderbyte anti-virus partition v1.9 (C) Copyright 1992 ESaSS.
Checking bootsector CRC -> OK!
Checking available RAM -> OK!
Checking INT 13h -> OK!
If there is a virus in the bootsector or partition table you will
see this:
Thunderbyte anti-virus partition v1.9 (C) Copyright 1992 ESaSS.
Checking bootsector CRC -> OK!
Checking available RAM -> Failed!
System might be infected. Continue? (N/Y)
If your system configuration changes, i.e. you update your DOS
version, or change the amount of memory, you need to update the
information stored in the immune partition too. You can do this
with the command "TbRescue -immunize".
Some other messages that can be displayed are:
Thunderbyte anti-virus partition v1.9 (C) Copyright 1992 ESaSS.
No system.
There was no active partition on the disk. If you have used the DOS
program FDISK to define a new partition, it is likely that you
forgot to make one partition "active". Use FDISK to correct the
problem.
If this message appears and you did not run a disk partitioner like
FDISK, the partition table is damaged. Restore the partition code
with TbRescue, or use FDISK to create a new partition table. The
latter will wipe out all data on the disk.
Note that this message is not TbRescue specific, all partition
table routines contain messages like this. If this message appears
it is never the fault of TbRescue.
Thunderbyte anti-virus partition v1.9 (C) Copyright 1992 ESaSS.
Page 9
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
Disk error.
The partition code tried to read the bootsector but the BIOS
returned an error. Probably the disk is defective.
Page 10
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
4. THE THUNDERBYTE PARTITION CODE.
1. What is a partition?
A partition is a logical drive on a hard disk. One physical hard
disk can contain mulitple DOS partitions. Every DOS partition has
its own drive ID (C: D: E:).
2. What is a partition table?
How does the system know about the disk lay-out? How does the
system know where a partition starts and ends?
This is defined by the so called partition table. The partition
table contains the start and end cylinder of every partition. The
partition table also carries information about the operating system
of a partition and which partition should be used to boot. The
partition table is always located at the first sector of the hard
disk.
3. The partition code
The first sector of the hard disk contains the partition table, but
it also contains a piece of code. This code will be called by the
BIOS boot-routine of the machine. It is the first piece of non-BIOS
code that will be executed. The partition code normally interprets
the partition table, and determines which partition should be used
to boot. It reads the bootsector of the bootable partition and
transfers control to it. The bootsector invokes the DOS hidden
files and the system fires up.
Since the partition code does not do very much and is a very small
routine (about 80 bytes) you will never notice that it is there and
is executed every time you boot.
However, there are some viruses which overwrite the existing
partition table or bootsector, and while performing the normal boot
procedure, the code remains resident in memory and infects every
diskette. When there is a virus in a file, you can easily get rid
of the virus by deleting the infected file. However, the partition
table can not be deleted, and the only thing a user can do is to
low-level format the hard disk and to re-partition it, or to use
TbRescue (or a similar product) to restore the original partition
table.
Anyway, it is often difficult to detect a partition or
bootsector virus, since the virus is already resident in memory
when DOS and eventually an anti-virus product fires up. Like any
other memory resident program, a virus can do anything. The virus
intercepts the BIOS calls, and if an anti-virus product (a scanner
Page 11
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
or checksummer) wants to read the bootsector in order to inspect
it, the virus intercepts the BIOS request, and supplies the program
an unaltered copy of the original bootsector stored somewhere on
the disk, instead of the infected bootsector. This means that a
well-designed bootsector virus can hide itself completely for
anti-virus products. To detect the virus, you have to be sure the
virus is not resident in memory. There are only two possibilities
to achieve this:
- By booting from a clean DOS diskette (the virus is not executed
and not resident in memory and can not prevent the anti-virus
program to read it)
- By executing a piece of software that is executed before the
bootsector gains control. The only software that is executed
before the bootsector gains control is the machine BIOS and
additional hardware (like Thunderbyte) and the partition code...
Except for hardware immunizers (like Thunderbyte) only the
partition code will be executed before the bootsector gains
control, so only a routine in the partition code can safely check
the bootsector while booting from the harddisk.
This consideration has lead to the development of the Thunderbyte
anti-virus partition code. The Thunderbyte anti-virus code performs
the normal tasks of the partition code, but it also has some
additional routines, which check the CRC (a sophisticated sort of
checksum) of the bootsector, the amount of free RAM, and the
location of the INT 13h handler.
Smart users will have noticed that we changed our subject from
partition viruses to bootsector viruses. The bootsector can be
checked for 100% by the partition code, but how about the partition
code itself? The answer is that it is not possible to check the
partition code for 100%. This can only be done by hardware like the
Thunderbyte add-on card. However, we have build-in some additional
tools to detect partition table viruses. To know how they work
additional information about partition viruses is required.
A partition virus that wants to hide itself has to remain resident
in memory and has to intercept all attempts to read the partition
code. Since the partition code is normally removed from memory as
soon as DOS fires up, the partition virus has to 1) allocate some
memory to remain resident. The virus also has to intercept all
requests to read the partition code in order to hide itself, so it
has to 2) hook the BIOS INT 13h call. After the virus is memory
resident, the virus reads the original partition code and transfers
control to it. For the user nothing has changed...
When installing the Thunderbyte partition code, TbRescue determines
the amount of RAM at system startup and it calculates the CRC of
the bootsector of the bootable harddisk partition. Both values are
Page 12
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
stored in the partition code.
If there is a virus in the bootsector the CRC does not match
anymore, and the partition code will notify this to the user. If
the partition code has been overwritten by a virus, and the virus
has installed itself in memory before invoking the Thunderbyte
partition code, the amount of available RAM has been decreased.
The Thunderbyte partition code will notify the user from the
unexepected RAM decrease. Finally, the partition code will check
whether INT 13h points to ROM or RAM. Usually, the partition code
is the first piece of software being executed, so INT 13h should
point to ROM. If it points to RAM it means that another piece of
software has been executed before the Thunderbyte partition gained
control, and it is likely that it is a virus. If the virus did not
hook INT 13h, it would be possible to detect the virus with a
normal virus scanner or checksummer. Anyway, if INT 13h points to
RAM, the Thunderbyte partition code will notify this to the user.
Page 13
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
5. MISCELLANOUS INFORMATION
1. Exit codes
TbRescue terminates with one of the following exit codes:
Error level 1 when option -compare fails or an error occurs.
Error level 0 when everything was okay.
2. Recommendations
Since the PC is completely inaccessable for DOS if the partition
table gets damaged, it is HIGHLY RECOMMENDED to store both the
rescue data file and the program TbRescue.Exe itself on a diskette!
It is not nice if the partition table is destroyed, and the only
solution to the problem resides on the same inaccessable disk...
If you own more than one PC, create one TbRescue diskette with all
rescue files of all your PC's on it. Just execute "TbRescue -store
a:Tbrescue.<number>" on every PC's. The nummer specifies the
number (or even name) of the PC.
Do NOT automatically invoke TbRescue from within the autoexec.bat
file with the -store option set. If you do this, the data file will
be overwritten by the virus immediately after the disk gets
infected. However, if you - for some reason - want to use the
-store option without being prompted for the comment, use DOS
redirection to add a standard comment. For example:
TbRescue -store < A:\Comment.Dat
Page 14
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
6. OUR OTHER PRODUCTS
1. TbScan
TbScan is a virus scanner. A virus scanner is a program that checks
all files on the specified disks by searching for "signatures" i.e.
code patterns of known viruses.
TbScan is the fastest scanner available. It is updated very often,
and is has many interesting features. It is not just a scanner, but
it also disassembles the programs to be checked, and it is able to
recognise code to write directly to disk, to make code resident in
memory, self-decrypting code, etc.
TbScan is available on many BBSses. It is of course also available
at any Thunderbyte support BBS. At the end of this document you can
find some phone numbers.
2. TbScanX
Our (shareware) memory resident version of TbScan, called TbScanX,
is also available. This scanner remains resident in memory and
automatically scans those files which are being executed, copied,
de-archived, downloaded, etc.
TbScanX performs even faster than TbScan, and does not require much
memory. It is even possible to reduce the memory requirements of
TbScanX to zero (!) as TbScanX can make use of unused parts of your
video memory.
TbScanX can be downloaded from many BBS systems. Naturally it is
also available at any Thunderbyte support BBS. At the end of this
document you will find some relevant phone numbers.
3. Thunderbyte
Thunderbyte was developed to protect Personal Computers against
computer viruses, Trojan Horses and other such threats to your
valuable data. It is hardware protection, consisting of an adapter
card, an installation and configuration program and a clear manual.
The Thunderbyte add-on card has been designed to protect your
system against ANY virus attack offering you maximum protection
now...and in the future. Do note that Thunderbyte does not need to
know which particular virus is about to harm your system. It
recognizes virus ACTIVITIES and blocks them before they can affect
your system.
Our hardware protection offers much greater security than any
software protection. Thunderbyte is already active before the
Page 15
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
operating system is loaded, so the computer will be totally
protected right from the moment you switch on your PC.
Because of the many configuration possibilities and the application
of intelligent algorithms, the use of Thunderbyte will never become
a burden: you will hardly notice its presence in an environment
without any viruses.
Of course Thunderbyte is Windows-compatible and can be used in
Local Area Networks.
Advantages of our hardware protection:
+ It requires very little (1Kb) RAM
+ The protection is already active before the first boot attempt
of the PC, thereby preventing boot sector viruses from becoming
active. Note that software protection cannot protect you
against boot sector viruses, since such protection will be
activated AFTER the system boot-up.
+ Direct access to hard disk(s) is no longer possible as the hard
disk cable passes through Thunderbyte.
+ Thunderbyte will ALWAYS become active, even if your system is
booting from a diskette.
Thunderbyte offers you many kinds of protection:
+ Protection against loss of data.
Thunderbyte is connected to the hard disk cable on one end and
to the controller cable on the other. This enables it to
prevent the hard disk from being accessed directly. The only
way to access the drive from the moment of Thunderbyte
installation onwards is by using interrupt 13h.
In addition Thunderbyte detects all direct disk writes which
try to modify or damage your data. It also checks which program
is responsible for such harmful instructions. Naturally the
operating system itself should be allowed direct disk access
which Thunderbyte grants without any interference.
Though DOS offers some means of protecting your files against
overwriting and modification through the 'read-only' file
attribute, this protection can be very easily circumvented by
other software. Thunderbyte makes sure that such a file
attribute cannot be removed without you being notified. Hence
in the precence of Thunderbyte you can REALLY protect your
files effectively through the DOS ATTRIB command.
+ Protection against infection.
Page 16
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
Thunderbyte protects programs (files with the extensions EXE,
COM or SYS) against infection by monitoring all their
modifications for any harmful effect they might have. The
operation of your system will not be affected by this in any
way. Compiling, linking, etc. will not be interfered with. Nor
will programs be prevented from storing configuration
information internally. Furthermore, Thunderbyte will make sure
that once DOS attributes have been set, they will remain set.
Attempts to modify the boot sector of the disk are intercepted
by Thunderbyte, so the dreaded boot sector viruses will be
successfully blocked. Keep in mind that the boot sector can
hardly be protected by software. Maximum protection can ONLY be
offered by Thunderbyte here as it is already active before the
system tries to boot!
+ Detection of viruses.
Thunderbyte detects virus-specific activities in a number of
other ways as well. It notices a virus flagging a file as being
infected in order to avoid re-infection. It also notices the
suspicious manner in which viruses attempt to reside in memory
and the abnormal manipulation of interrupt vectors.
+ Password protection.
Thunderbyte has the possibility of installing a password.
There are two kinds of passwords: one that is always requested
or one that you only have to enter when attempts are made to
boot from a diskette instead of the hard disk.
+ Safety.
A lot of attention and care has been devoted to making
Thunderbyte impregnable to viruses. The program code of
Thunderbyte is located in ROM and there is no way it can be
modified there.
It is impossible to manipilate and/or modify Thunderbyte's
operation through software. All the important settings have to
be chosen by means of dipswitches on the adapter card. And
despite all their ill-begotten intelligence, viruses will never
be able to turn switches or to influence their read-outs.
Viruses that approach the controller of the hard disk directly
will have a rude awakening: Thunderbyte will only allow disk
writes when the write or format command has followed its normal
(checked) course.
We supply our Thunderbyte cards in a number of different
internal lay-outs to make sure that knowledge of the internal
workings of only one Thunderbyte card is not sufficient to
Page 17
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
devise means of damaging or destroying the protective working
of all the others. Naturally the different Thunderbyte
versions are functionally identical to each other.
Thunderbyte is continuously checking its own variables with a
checksum that is different for each version. The locations of
the memory where the variables are maintained are also
different for each version.
The particular version of the Thunderbyte card sent to you is
selected on a purely random basis.
+ Extra possibilities.
Thunderbyte offers you some interesting bonuses, like booting
from drive B:.
Page 18
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
7. NAMES AND ADDRESSES
1. Contacting the author.
TbScan has been written by Frans Veldman. You can leave messages for
him at the Dutch support BBS. Registered users can also phone ESaSS for
technical support. To register, see the file REGISTER.DOC.
2. ESaSS
For more information about Thunderbyte you can contact:
ESaSS B.V. Tel: + 31 - 80 - 787 881
P.o. box 1380 Fax: + 31 - 80 - 789 186
6501 BJ Nijmegen Data: + 31 - 85 - 212 395
The Netherlands (2:280/200 @fidonet)
3. Thunderbyte support BBS's.
TbScan, TbScanX and the signature files (TbVirSig) are available on
Thunderbyte support BBS's:
Thunderbyte headquarters in the Netherlands: +31- 85- 212 395
(2:280/200 @fidonet)
Thunderbyte support Germany (Androtec): +49- 2381- 461565
(2:245/50 @fidonet)
Thunderbyte support Italy/S.Marino/Vaticano/Malta: +39- 766- 540 899
(2:335/5 @fidonet)
Thunderbyte support Sweden (Virus Help Centre): +46- 26- 275 710
(2:205/204 @fidonet, 9:9/0 @virnet)
Thunderbyte support Australia (Calmer): +61- 2- 482- 1716
If you are running an electronic mail system, you can also
file-request TBSCAN to get the latest version of TBSCAN.EXE,
TBRESCUE to get the latest version of TBRESCUE.EXE, TBSCANX to get
the resident automatic version of TBSCANX, and VIRUSSIG to obtain a
copy of the latest update of the signature file.
4. Recommended magazines and organisations.
Virus Bulletin.
Virus Bulletin Ltd.
21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England.
Page 19
TbRescue anti virus tool v1.9 (C) Copyright 1988-92 ESaSS B.V.
Tel. +44-235-555139.
National Computer Security Association.
227 West Main Street.
Mechanicsburg, PA 17055, United States.
Tel. +1-717-258-1816
Virus News International.
Berkley court, Millstreet, Berkhamsted, Hertfordshire, HP4 2HB,
England.
Tel. +44-442-877877.
Page 20
