Monster Media 1996 #14

home *** CD-ROM | disk | FTP | other *** search

/ Monster Media 1996 #14 / Monster Media No. 14 (April 1996) (Monster Media, Inc.).ISO / virus / tbavwin.zip / TBSCAN.LNG < prev next >

Wrap

Text File | 1996-02-08 | 9KB | 281 lines

|╒═══════════════════════ ThunderBYTE North American Sales ═════════════════════╕ |│ | TBAV is supported by a coast-to-coast network of authorized agents |│ |│ | For more information please contact: |│ |│ | │ |│ |N ∙ SecureNet Technologies, Inc. ∙ | │ |│ | │ |│ | T|el: 1-800-673-3539 ∙ |F|ax: 313-741-9528 ∙ |B|BS: 313-741-9529| │ |╘══════════════════════════════════════════════════════════════════════════════╛ $ TbScan is written by Frans Veldman. Usage: TbScan [@][<path>][<filename>...] [<options>...] Command line options available: help he =help (? = short help) pause pa =enable "Pause" prompt mono mo =force monochrome quick qs =quick scan (uses Anti-Vir.Dat) allfiles af =scan non-executable files too alldrives ad =scan all local non-removable drives allnet an =scan all network drives heuristic hr =enable heuristic alerts extract ex =extract signature (registered only) once oo =only once a day slowscroll ss =enable conventional (slow) scrolling secure se =user abort not allowed (registered only) compat co =maximum-compatibility mode ignofile in =ignore no-file-error largedir ld =use large directory table fatcheck fc =check the FAT for errors fatinfo fi =display amount of fragmented files old ol =disable "this program is old" message noboot nb =skip bootsector check nofiles nf =skip scanning of files nomem nm =skip memory check hma hm =force HMA scan nohmem nh =skip UMB/HMA scan nosub ns =skip sub directories noautohr na =no auto heuristic level adjust nowin nw =do not scan for Windows/OS2 viruses repeat rp =scan multiple diskettes audio aa =make noise if virus found batch ba =batch mode (no user input) delete de =delete infected files kill ki =kill infected files truename tn =use truename instead of DOS name log lo =output to log file append ap =log file append mode expertlog el =no heuristic descriptions in log logname =<filename> ln =set path/name of log file loglevel =<0..4> ll =set log level wait =<0...255> wa =number of timerticks to wait. rename [=<ext-mask>] rn =rename infected files exec =.<ext-mask> ee =specify executable extensions $ WARNING! $ WARNING! memory $ Since an active virus in memory may interfere with the virus scanning process, it is highly recommended to immediately power down the system, and to reboot from a write-protected clean system diskette! Note: if you used any virus scanner just before you invoked TbScan, it's possible that TbScan detected a signature of the other scanner in memory, rather than an actual virus. In that case you should ignore this warning. Do you want to Q)uit or to C)ontinue? (Q/C) $ This version of TbScan is more than 6 months old! Statistics show that the amount of different viruses doubles about every nine months. For the safety of your data it is highly recommended to obtain a more recent version of TBAV. Consult the file Agents.Doc for information about TBAV agents, or consult ESaSS B.V. in The Netherlands: Phone: +31 (0)24 64 22 282 Fax: +31 (0)24 64 50 899 BBS: +31 (0)59 13 82 011 Press any key to continue... $ You specified option 'allfiles'! Since there are no viruses that only infect non-executable files, it is really sufficient to scan executable files only! The only time you should use option 'allfiles' is after you found at least one virus in an executable file. Be aware that because of the complex nature of TbScan (it performs emulation and disassembling of the file being scanned) treating data files as executable files causes unpredictable results. False alarms may occur. Press any key to continue... $ Insert a disk to be scanned, press "Esc" to cancel... $ Sigfile entries: File system: Directories: Total files: Executables: CRC verified: Changed files: Infected items: Elapsed time: KB / second: $ found $ infected by $ dropper of $ damaged by $ joke named $ garbage: (not a virus) $ trojan named $ probably $ might be $ virus $ Has been changed! $ an unknown virus $ Option 'once' already used today. $ Error: directory table overflow! Use option 'largedir' (ld). $ Error: not enough memory! $ No executable files found! $ Error: Can not access specified disk! $ Error: Can not create logfile! $ invalid allocation size! $ contains an invalid cluster number! $ contains cross linked clusters! $ fragmented files or directories. $ lost clusters, $ files with invalid size, $ invalid cluster numbers, $ cross linked clusters, $ use a disk repair utility to correct! $ This unregistered version of TbScan has a few limitations: - Options 'extract' and 'secure' are not available! - This version will not execute when put on a network drive. You need to install it on your local drive. However you can scan your network drives, as long as TbScan itself is put on a local drive. These limitations will disappear after you have registered TBAV! Select 'Register' from the TBAV main menu for more information. $ The evaluation period of this unregistered version of TBAV has been expired! You should now either register your copy or remove it from your system. If you register, you may continue to use TBAV, and as an extra bonus, some additional features will become available to you! Select 'Register' from the TBAV main menu for more information. $ Process aborted by user! $ No drives to be scanned found! $ Heuristic flags: $ c No checksum / recovery information (Anti-Vir.Dat) available. $ C The checksum data does not match! File has been changed! $ F Suspicious file access. Might be able to infect a file. $ R Relocator. Program code will be relocated in a suspicious way. $ A Suspicious Memory Allocation. The program uses a non-standard way to search for, and/or allocate memory. $ N Wrong name extension. Extension conflicts with program structure. $ S Contains a routine to search for executable (.COM or .EXE) files. $ # Found a code decryption routine or debugger trap. This is common for viruses but also for some copy-protected software. $ V This suspicious file has been validated to avoid heuristic alarms. $ E Flexible Entry-point. The code seems to be designed to be linked on any location within an executable file. Common for viruses. $ L The program traps the loading of software. Might be a virus that intercepts program load to infect the software. $ D Disk write access. The program writes to disk without using DOS. $ M Memory resident code. The program might stay resident in memory. $ ! Invalid opcode (non-8088 instructions) or out-of-range branch. $ T Incorrect timestamp. Some viruses use this to mark infected files. $ J Suspicious jump construct. Entry point via chained or indirect jumps. This is unusual for normal software but common for viruses. $ ? Inconsistent exe-header. Might be a virus but can also be a bug. $ G Garbage instructions. Contains code that seems to have no purpose other than encryption or avoiding recognition by virus scanners. $ U Undocumented interrupt/DOS call. The program might be just tricky but can also be a virus using a non-standard way to detect itself. $ Z EXE/COM determination. The program tries to check whether a file is a COM or EXE file. Viruses need to do this to infect a program. $ O Found code that can be used to overwrite/move a program in memory. $ B Back to entry point. Contains code to re-start the program after modifications at the entry-point are made. Very usual for viruses. $ K Unusual stack. The program has a suspicious stack or an odd stack. $ 1 Found instructions which require a 80186 processor or above. $ @ Encountered instructions which are not likely to be generated by an assembler, but by some code generator like a polymorphic virus. $ X Stealth capabilities. $ Y Bootsector violates IBM bootsector format. $ t Program contains a time or date triggered event. $ p Packed program. A virus could be hidden inside the program. $ i Additional data found at end of file. Probably internal overlay. $ h The program has the hidden or system attribute set. $ w The program contains a MS-Windows or OS/2 exe-header. $ .............