home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Monster Media 1994 #1
/
monster.zip
/
monster
/
VIRUS
/
AVS141A.ZIP
/
AVSREAD.ME
< prev
Wrap
Text File
|
1994-03-06
|
7KB
|
219 lines
What is AVScan:
It is a scanner. It now scans with more than 3400 signatures for
viruses, not couting special methods. Special methods are used
for polymorphic style viruses like MtE, TpE, NED, Tremor,
Girafe, Urugay to name a few. These viruses are marked with
(encr.) or (encrypted).
The purpose of this release of AVScan on CompuServe is to get
some feedback of false positives and the new network features.
The last version of AVScan on CIS is now rather nine months old.
AVScan is updated monthly in Germany (weekly by BBS) and we will
release future version also, if time permits.
We've added a long list of exciting network features, such as
bradcasting, server logout, date-file and the like. More
features are under construction, but it seems that not all
possibilites of NetWare are published by Novell:-).
/? gives a complete list of command line parameters.
1.41a Changed restrictive check of .EXE-file headers regarding Windows
OS/2, Bound and Windows NT files
1.41 Added new signatures
fixed date of "too old message" and some typos
/nscrn option added
1.40 Added new signatures
XMS implemented
Flagging of immunized files added - who used it anyway?
1.39 Added new signatures, first work for XMS usage done
1.38 Added new signatures
1.37 Added new signatures
1.36a Fixed with bug with no physical floppy drives in system
1.36 Added new signatures
1.35 Fixed false alarm with Piter signature
1.34 Added new signatures
1.33 Added new signatures
1.32 Added new signatures
1.31 Added new signatures
1.30 Added new signatures
1.29 Added new boot sector signatures and refined the ones used
for CRUNCHER. RunTime errors will display some code now.
1.28a Increased RetryCount to handle different disk formats
properly when in /M mode
1.28 New signatures added
1.27 New signatures for boot sector viruses added, this includes
Invisible man and Quox II
1.26 Signature for CRUNCHER and other viruses added
1.25 New virus signatures added
1.24a Scrambling of a temporary work buffer added due to LZExe
1.24 New virus signatures added
False alarm with inhouse developed cobol programs
fixed. Scan string was ZK 900 (A)
1.23 New virus signature added (same emergency)
1.22 Two new bs-viruses added (emergency-on customer demand)
1.21 Signature for DAME added
1.20 New virus signatures added, mostly polymorphic
1.19 New virus signatures added
Fixed discrepancy with file count and directory count between
logfile and screen display
1.18b False alarms with two PC-Magazine utilities fixed. LOCK.COM
and UNLOCK.COM were flagged as containing MtE-unencrypted.
1.18a Fixed bug which stopped AVScan from scanning subdirectories
on diskettes when in manual mode (/M)
1.18 New virus signatures added
KNOWN PROBLEMS IN OTHER PROGRAMS:
Usually all programs from Central Point (CPAV and MSAV) do NOT
cipher their scan strings (either memory and program file) which
makes it easy to patch these programs. False positives are
likely to occur. We've had an enormus outbreak of Tremor in
Germany during the last four months. Did you know that Tremor
specifically switches the resident part of CPAV and/or MSAV OFF!
If you receive an virus alert in memory, please check that you are
NOT running CPAV or MSAV: common messages are Vienna-634 or Youth-
Silence.
Bootsafe.Exe
============
Older versions of this program did not decrypt their scan
strings properly. Delete it and replace it with a newer version.
Ikarus Antivirus Utilities Advanced Edition
===========================================
Warning!, Signature of Eddie-2 (B) found in RMV.VDB
Path name: D:\AV\VUAE\RMV.VDB
Time: 01:51:50, Date: 27.03.1992, Size: 14690, Attr: R- H- S- A-
Cure: NONE
Microcomm's Virex-PC
====================
Virexpro.Com
Warning!, Signature of Fellow found in VIREXPRO.COM
Path name: D:\AV\VIREXPC\VIREXPRO.COM
Time: 00:00:00, Date: 20.08.1991, Size: 48984, Attr: R- H- S- A-
CURE: NONE
VirX.Exe
Warning!, Signature of 570 found in VIRX.EXE
Virus-Cure Cure.Exe
===================
Warning!, Signature of 1210 found in CURE.EXE
Path name: D:\AV\VIRUSCU.RE\CURE.EXE
Time: 08:50:34, Date: 04.02.1991, Size: 55737, Attr: R- H- S- A-
CURE: NONE
Mc Affee's Pro Scan:
====================
Warning!, Signature of Slow #2 found in PRO-SCAN.EXE
Path name: D:\AV\PRO-SCAN\PRO-SCAN.EXE
Time: 11:17:30, Date: 06.08.1991, Size: 75189, Attr: R- H- S- A-
CURE: NONE
Certus Novi (now Symantec)
==========================
Warning!, Signature of Den Zuk #1 found in NOVI.OVL
Path name: D:\AV\NOVI\NOVI.OVL
Time: 01:01:00, Date: 01.09.1991, Size: 32859, Attr: R- H- S- A-
CURE: NONE
Old Datacrime-Scanner in CompuServe:
====================================
Warning!, Signature of Datacrime-1168 found in DC89SCAN.EXE
Path name: E:\OLD.TAP\TAPARC.5\DC89SCAN.EXE
Time: 06:42:18, Date: 07.10.1989, Size: 18209, Attr: R- H- S- A+
CURE: NONE
*****************************************************************
* These are the ONLY false positives WE received on OUR systems *
*****************************************************************
Got a nice review in Virus Bulletin 1/93. However, they found
some other programs, which AVScan 'flags' as infected:
Virex-PC V.2.3
==============
570
Vi-Spy Version 10
=================
Aircop
Viruscure-Plus Version 2.41
===========================
Slow
Support:
========
Support for AVScan is provided on an as is basis if time
permits. Since we make our living out of AntiVir IV, our comercial
virus remover (not a simple deleter!), you can reach us ONLY at:
CompuServe 71310,3143
InterNet 71310,3143@compuserve.com
Fax ++49 7542 52510
Background:
===========
AVScan is based on the algorithm behind AntiVir IV, which scans
for viruses in destroyed or damaged files. Some viruses do not
infect all kind of files quite easily. They usually have big
problems on certain files.
Scanning and removing viruses on infected files is usually quite
easy (advertisment: we can do it), even for encrypting viruses.
The problems are damaged files where the virus overwrote parts of
the host file. We take this seriously and built a scanning
version into AntiVir IV. This special feature enables the user
to scan for virus identities or signatures in damaged files.
This algorithm is the engine within AVScan and used within
AntiVir IV. AntiVir IV is a German product and available in
German only. Please don't ask about an English version - new
viruses keep us busy to implement new recovering methods
than to build an English version. I'm sorry about that. This
version of AVScan is supposed NOT to work on systems equipped
German versions of DOS - while the German version of AVScan
does.
We're thinking of bringing AVScan to North America. Ideas
welcome. You can contact us:
H+BEDV GmbH
Attn: Tjark Auerbach
Olgastrasse 4
D-88069 Tettnang
West Germany
Tel ++49 7542 93040
Fax ++49 7542 52510
CompuServe 71310,3143
InterNet 71310,3143@compuserve.com
AntiVir IV (R) and AVScan are copyright H+BEDV GmbH