home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Original Shareware 1.1
/
The Original Shareware (WeMake CDs)(Volume 1.1)(CDs, Inc)(1993).iso
/
30
/
tbscnx29.zip
/
TBSCANX.DOC
< prev
next >
Wrap
Text File
|
1991-06-25
|
37KB
|
907 lines
DOCUMENTATION FOR TBSCANX V2.9
REGULATIONS WITH REGARD TO USE AND DISTRIBUTION OF TBSCANX
----------------------------------------------------------
Both TbScanX and the accompanying documentation are SHAREWARE. This
simply means the program is covered by the copyrights of ESaSS, but
can be used and distributed freely as long as the following
regulations are observed.
+ Concerning the distribution of the TbScanX program no
administration and/or shipping costs exceeding the amount of
$5,- may be charged.
+ Distribution of TbScanX may only take place when both the
program and the documentation are left unmodified and only when
the complete program is supplied.
+ So it is not allowed to distribute the program apart from the
documentation.
+ ESaSS accepts no responsibility in case the program
malfunctions or does not function at all.
+ ESaSS can never be held responsible for damage, directly or
indirectly resulting from the use of TbScanX.
+ Using TbScanX means that you agree on these regulations.
DESCRIPTION TBSCANX
-------------------
TbScanX is a program that was developed to trace viruses, Trojan
Horses and other threats to your valuable data. It is a so-called
virus scanner.
A virus scanner is a program that is able to search a signature
that has been determined beforehand. Most viruses consist of a
unique signature, so by means of checking for the appearance of
this signature we can see whether or not a program has been
infected.
By searching all your program files for the signatures of all
viruses already identified you can easily find whether your system
has been infected and, if that is the case, with which virus.
By now already many virus scanners have been developed. The problem
with all these scanners is that you have to execute them. Suppose
you have the virusscanner automatically invoked in your
autoexec.bat file. If no viruses are found, your system is supposed
to be uninfected. But, to be sure that no virus can infect your
system, you have to run the scanner every time before you copy a
file to your harddisk, after downloading a file from your BBS, or
after unarchiving an archive such as a ZIP file. Be honest, do YOU
actually invoke your scanner every time?
TbScanX has a unique feature to overcome this drawback, it will
remain resident in memory, and AUTOMATICALLY scan all files you
execute, copy, download, modify, or unarchive!
TbScanX also scans the boot sector of the removable media
automatically every time you insert a new diskette in a drive. If
the disk is contaminated with a boot sector virus TbScanX will warn
you!
Probably you think that a resident virus scanner consumes much
memory, makes your system slow, and is a source of many problems.
But, if you already know our free-ware scanner TBSCAN, you know
that this scanner can scan your files ten times faster compared
with other scanners. Also TbScanX achieves this lightning fast
speed. Actually, TbScanX is a lot faster, since it will not access
your disk to scan the files, because all files to be created or
modified reside already in memory!
Besides this, TbScanX consumes only 8 Kb of memory, including the
signatures to scan for! If there is expanded memory available,
TbScanX uses even less than 1Kb of memory!
TbScanX carries the same feature of its transient brother TBSCAN:
+ TbScanX is fully programmable by means of a data file.
Most of the time viruses spread quickly. After a new virus has
been found there is often no time to adapt your virus checker
in order to make it capable of recognizing this new virus. That
is why TbScanX uses a data file in which the signatures of the
viruses occur. This file can quickly be adapted, possibly by
yourself, for example when you are informed of a new virus
through the media. TbScanX supports among other things the
format which is used in the file "virscan.dat". This file is
regularly adapted and can be obtained at a lot of data banks.
+ TbScanX supports wildcards in the signature.
A lot of viruses encrypt themselves after each infection, so
the signatures always look different. There is one part of the
virus however that cannot be modified: the routine that has to
"unpack" the modified part of the virus.
But it is a misunderstanding that this part of the virus always
should look the same. The fact is there are viruses that pepper
their unpack-routine with useless instructions which have no
effect and which are continuously replaced by other nonsensical
instructions. Although the unpack-routine always functions the
same, it looks different every time because of these changing
fake instructions!
By inserting wildcards on places where the fake instructions
occur in the signatures of the data file, such a virus can
still be traced and identified. This is the case because any
character may be used on the place of a wildcard.
It is also possible to skip a variable amount of garbage bytes
in the signature.
+ TbScanX supports normal text as the signature.
Most signatures are inserted in ASCII-HEX. But when desired you
can also specify a normal text as the signature. In this case
you put the text between double quotation marks.
+ TbScanX offers other software an universal hook to scan data
for viruses. If you are a programmer, you can instruct your
programs to scan information read from disk for viruses before
using the data.
USAGE OF THE PROGRAM
--------------------
TbScanX is easy to use. Simply type TBSCANX. The program can also
be invoked from within your config.sys file by inserting the line
"device=TBSCANX.COM". The advantage of the last method is that
TbScanX will get a better position in the memory and is able to
protect the system before other programs are executed. TbScanX uses
also less memory in device driver mode. (NOTE: If you invoke
TbScanX from within your config.sys you have to specify the
extension .COM)
If you use MS-Windows you should load TbScanX BEFORE starting
Windows. If you do that there is only one copy of TbScanX in
memory, but every DOS-window will nevertheless have a fully
functional TbScanX in it. TbScanX detects if Windows is starting
up, and will switch itself in multitasking mode if neccesary.
It is possible to specify so-called options on the command line.
TbscanX recognizes option-characters and option-words. The words are
more easy to remember, and they will be used in this manual for
convenience.
Options available:
-help, -h =display this helpscreen
-off, -d =disable scanning
-on, -e =enable scanning
-remove, -r =remove TbScanX from memory
-noexec, -n =never scan at execute
-allexec, -a =always scan at execute
-noboot, -s =do not scan bootsectors
-quiet, -q =do not display *Scanning*
-expanded, -me =use expanded memory
-umb, -mu =use upper memory
-herchalf, -mh =use Hercules-half memory
-hercfull, -mf =use Hercules-full memory
-cga, -mc =use CGA/EGA/VGA memory
-yes, -y =always respond with Yes
-valid, -u =unauthorized signatures allowed
[-data] <filename>, [-f] <filename> =use specified signature file
-help
If you specify this option TbScan will show you the brief help as
shown above.
-off
If you specify this option TbScanX will be disabled, but it will
remain in memory.
-on
If you use this option TbScanX will be activated again after you
disabled it with the -off option.
-remove
This option can be used to remove the resident part of TbScanX from
your memory. All memory used by TbScanX will be freed.
Unfortunately, the removing of a TSR is not always possible.
TbScanX checks whether it is safe to remove the resident part from
memory, if it is not safe it just disables TbScanX. A TSR can not
be removed if some other TSR is started after TbScanX. If this is
the case TbScanX will completely disable itself. If the character
device "SCANX" exists it will be renamed to "$CANX". If you invoke
TbScanX again at some later time the device will be renamed and
re-used automatically.
-data
You can override the default path en name of the signature file by
using this option.
TbScanX looks for the data file in this order:
1) If the -data option is used it will use the specified file.
2) It searches in the active directory for a file with the
name TBSCAN.DAT.
3) It searches for TBSCAN.DAT in the same directory as the
program file TBSCAN.COM itself is located (only DOS 3+).
4) It searches in the active directory for a file with the
name VIRSCAN.DAT.
If TbScanX does not succeed in recognizing or locating the
appropriate data file by default, you should use the -data option.
-noexec
TbScanX normally scans files located on removable media just before
they are executed. If you don't like that you can use this option
to disable this feature completely. This option can only be used at
the initial invokation of TbScanX.
-allexec
TbScanX normally scans files to be executed only if they reside on
removable media. Files on the harddisk are trusted, because files
on the harddisk have to be copied or downloaded before they can
exist on your disk. And by that time TbScanX already scanned them
automatically. But if you also like every file to be scanned before
it will be executed, no matter whether they reside on harddisk or
removable media, you should use this option. This option can only
be used at the initial invokation of TbScanX.
-noboot
TbScanX monitors the disk system: every time the bootsector is
being read, TbScanX automatically scans it for bootsector viruses.
If you change a disk, the first thing DOS has to do is reading the
bootsector, otherwise it can not know what kind of disk is in the
drive. And as soon as DOS reads the bootsector, TbScanX checks it
for viruses. If you don't like this feature, or if it causes
problems, you can switch it off using the -noboot option. This
option can only be used at the initial invokation of TbScanX. If
you specify this option TbScanX will also require less memory,
because the bootsector signatures will not be stored in memory.
-quiet
TbScanX normally displays a rectangle with "*Scanning*" in the
upper left corner of your screen while it performs its scanning.
You can disable that by using this option. This option can only be
used at the initial invokation of TbScanX.
-valid
TbScanX checks the signature file for modifications. If you change
the contents of that file TbScanX will issue a warning. If you
don't want the warning to be displayed, use the -valid option.
-yes
If you are a system operator, you can disable the possibility to
continue after TbScanX detected a signature. Normally the user will
be prompted "Abort Y/N", but if you specify -yes on the command
line, TbScanX will always act like the user responded with "Y". No
stupid user can now give permission for unwanted, dangerous
activities.
-umb
This parameter can be used to load TbScanX into upper memory. Upper
memory is available on many 80386 based machines which run memory
managers like QEMM. TbScanX will load itself in upper memory, so
don't use special highload programs or the DOS highload command.
If you use this option in combination with other memory options it
will load the remaining part of TbScanX in conventional memory to
upper memory. So TbScanX can use Expanded memory and high memory at
the same time. The result is that also the amount of upper memory
required is minimized.
-expanded
If you specify this option TbScanX will use expAnded memory to
store the signatures and part of its program code. Expanded memory
is allocated in 16Kb blocks, so the minimum amount of expanded
memory you loose is 16Kb. However, conventional memory is more
valuable to your programs than expanded memory, so use of this
option is recommended.
-herchalf
If you specify this parameter TbScanX will use some part of the
Hercules videomemory to store the signatures. As long as the
videocard remains in the text mode it uses only a little part of
its videomemory. The rest can be used by... TbScanX. Videomemory is
very slow, so also TbScanX will slowdown somewhat. If you execute a
program that switches the card into the graphics mode TbScanX will
disable itself completely. You can re-activate TbScanX by running
it again. It will automatically remove the old resident part of
TbScanX that might be left in memory.
-hercfull
This parameter does the same as the -herchalf parameter, but it
will switch the Hercules card in the so called full mode. TbScanX
then uses videomemory that will not be used by even most of the
graphics software. You can run a graphics program while TbScanX
remains active at the same time! But watch out! If you have two
videocards in your machine at the same time, DO NOT USE this
option!
-cga
This parameter does the same as the -herchalf or -hercfull option,
but it will now use CGA/EGA/VGA videomemory instead of Hercules
memory.
Examples:
c:\utils\tbscanx -data c:\tb\tbscan.dat -expanded -umb
or:
device=c:\utils\tbscanx.com -data c:\tb\tbscan.dat -umb -noboot
Whenever a program tries to write to an executable file (files with
the extensions .COM and .EXE), you will shortly see the text
"*Scanning*" in the upper left corner of your screen. As long as
TbScanX is scanning this text will appear. Since TbScanX takes not
much time to scan the file, the message will only appear shortly.
If TbScanX detects a signature in a file, it will display the
message:
WARNING, <filename> is infected with <virus name>!
Abort? (Y/n)
Press "N" to continue, press any other key to abort.
If TbScanX detects a signature in a boot sector, it will display the
message:
WARNING, Disk in <drive> is infected with <virus name>!
Press a key...
Although a virus seems to be on the boot sector of the specified
drive, the virus can not do anything. However, if you reboot the
machine with the contaminated diskette still in the drive, the
virus will copy itself to your harddisk.
To display the name of the virus, TbScanX needs the signature file
again. It will automatically use the signature file that was used
when you invoked the program. If the signature file is missing
(because you deleted it, or because you removed the floppy with
it), or no file handles are left, TbScanX will still detect
viruses, but it is no longer able to display the name of the virus.
It will display [Name unknown] instead.
When TbScanX has been started from within the config.sys file (as a
device driver) it has added a character device with the name
"SCANX". When you sent data to this device the data will be scanned
for signatures. Try this:
copy testvir.com scanx /b
No file will be created with the name "scanx" but the input (the
contents of the file "testvir.com") will be scanned for viruses.
This way you can easy inspect any file (also the non-executables)
for the existence of virus signatures without the need to invoke a
special program. If the device "scanx" detects a signature in the
input it will simulate a DOS "write protect error".
Note that you have to specify the "/b" option. Otherwise DOS will
sent the characters to the device one by one. This consumes a lot
of time and of course, no signatures will be found in one byte
sequences!
REGISTERING
-----------
The unregistered version of TbScanX will prompt you to press a key
while starting up, except when you have a Thunderbyte add-on card
installed. To register TbScanX, see the register.doc file.
Only the registered version of TbScanX is able to make use of
expanded memory without random restrictions.
Once registered, you can use all future versions of TbScanX for
free!
--> YOU DON'T HAVE TO REGISTER TBSCANX IF YOU USE IT IN A PC WITH A
THUNDERBYTE ADD-ON CARD INSTALLED!
FORMAT OF THE DATA FILE
-----------------------
The data file (called TBSCAN.DAT or VIRSCAN.DAT) can be read and/or
modified with every ASCII editor.
All lines beginning with ";" are comment lines. TbScanX ignores
these lines completely. When the ";" character is followed by a
percent-sign the remaining part of the line will be displayed on
the screen. A maximum of 15 lines can be printed on the screen.
Nice for "HOT NEWS"...
In the first line the name of a virus is expected. The second line
contains one or more of the next words:
BOOT SYS EXE COM HIGH LOW
These words may be separated by spaces, tabs or commas.
TbScanX will only scan for viruses with the keywords COM, EXE or
BOOT. The other keywords will be ignored, and are only used by the
non-resident version: TBSCAN. Also note that TbScanX will not
distinguish between COM and EXE files. All executable files will be
scanned for both EXE and COM viruses. This saves some memory.
BOOT means that the virus is a bootsector virus. SYS, EXE and COM
indicate the virus can occur in files with these extensions. Also
overlay files (with the extension OV?) will be searched for EXE
viruses. HIGH shows that the virus can occur in the memory of your
PC, namely in the memory located above the TBSCAN program itself.
LOW means that the virus can occur in the memory of your PC, namely
in the memory located under the TBSCAN program itself.
In the third line the signature is expected in ASCII-HEX. Every
virus character is described by means of two characters. Instead
of two HEX characters, two question marks (the wild- card) may also
occur. The latter means that every byte on that position matches
the signature. Below you will find an example of a signature:
A5E623CB??CD21??83FF3E
A single question mark paired with an ASCII-HEX character means
that the wildcard is only valid for the with the question mark
corresponding half of the byte (a so called nibble).
You can also use the asterisk followed by an ASCII-HEX character to
skip a variable amount of bytes in the signature. The ASCII-HEX
character specifies the amount of bytes that should be skipped. The
signature could be:
A5E623CB*3CD2155??83FF3E?BCD
The next sequence of bytes will be recognised as a virus:
A5E623CB142434CD21554583FF3E3BCD
A precent sign (%) followed by an ASCII-HEX character indicates
that the remaining part of the signature should be found a number
of bytes away. The ASCII-HEX character specifies the maximum
distance the remaining part should occur.
You can use the "**" -wildcard to skip an unlimited variable amount
of bytes in the signature.
It is allowed to use spaces in the ASCII-HEX signature to increase
the readability.
Instead of a signature in ASCII-HEX you can also specify a normal
text. This should be put between double quotation marks. A correct
signature is for example:
"I have got you!"
This series of three lines should be repeated for every virus.
Between all lines comment lines may occur.
LIMITATIONS
-----------
+ 128 Kb of free memory is needed to start the program.
(10 Kb of memory once installed in memory)
+ DOS version 3.0 or later is needed.
+ The size of the data file has a maximum of 64 Kb.
+ The name of a virus may consist of maximally 30 characters.
+ The ASCII-HEX signature can consist of maximally 80 characters.
+ Up to 600 different signatures may be specified.
+ All filenames have a maximum length of 48 characters.
ERRORMESSAGES
-------------
Errormessages that can be displayed:
+ Not enough memory
There is not enough free memory.
+ Error in data file at line <number>.
There is an error in the specified line of the data file.
+ Limit exceeded.
The data file was too long or too many virus signatures
occur in it.
+ Data file not found.
TbScanX has not been able to locate the data file.
+ Processor type does not match.
You are using a processor dependant version of TbScanX and
it can not be executed by the current processor.
SPECIAL VERSIONS
----------------
The file TBSCANX.COM is fully functional. However, we supplied two
special versions of TbScanX to be used with certain processor
types. If you use the special 286 or 386 version of TbScanX you
will get the best out of your processor concerning memory usage and
speed. If you want to use the 286 version of TbScanX, just rename
the file TBSCANX.286 to TBSCANX.COM. The same applies to the file
TBSCANX.386.
TBSCANX.COM: Universal version. Runs on all processor types.
Supports Windows 386-enhanced-mode.
Uses more memory and is somewhat slower compared to
the other versions.
TBSCANX.286: Runs on machines with a NEC-V20, NEC-V30, 80286,
80386 and 80486 processor.
Does NOT support Windows 386-enhanced-mode. This
version uses almost 100 bytes less compared to the
other versions and is somewhat faster.
TBSCANX.386: Runs on machines with a 80386 or 80486 type
processor. Supports Windows 386-enhanced-mode.
Uses less memory compared to the standard version,
but more than the 286 version due to the Windows
support. It is the fastest version available.
Application Interface
---------------------
If you are a software developer you can use TbScanX to check data
for viruses. A program can perform a self check as soon as it is
invoked by sending its code to TbScanX. A program that processes
other programs or parts of it (by example scramblers or executable
file compressors) should check the data for viruses before
processing it.
High-level control
This method is most usefull for the so-called high level
programming languages and languages that lack the ability to
generate interrupts.
Try to open the file "SCANX". If this file exists TBSCANX has been
invoked from within the config.sys and is active in the machine.
Open the file in the binairy mode. Write the data to be scanned to
the opened file. If the data contains a signature of a virus
TbScanX simulates a DOS "write protect error". If nothing happens
and the data is accepted no signature could be found in it.
Low-level control
This method is more complex, but offers more possibilities. If your
programming language supports issuing interrups you should be able
to use this method. This method also functions when TbScanX has
not been started as device driver but as a normal TSR.
The interface consist of some multiplex calls (int 2Fh). Register AH
should contain CAh. Register AL contains the function request
number.
Supported function requests:
AL=0 InstallationCheck
Return value:
AL=0 TbScanX not installed
AL=FFh TbScanX installed
If BX was 'TB' then it is now changed into 'tb'.
AL=1 GetStatus
Return value:
AH Version number TbScanX in BCD. (CAh if version < 2.2)
AL=0 TbScanX disabled
AL=1 TbScanX enabled
BX Segment swap area. Zero if not swapped.
CX Number of signatures that will be searched.
DX EMS_Handle. -1 if no expanded memory in use.
AL=2 SetStatus
BL=0 Disable TbScanX
BL=1 Enable TbScanX
Return value:
NONE
AL=3 ScanBuffer
DS:DX Address of buffer to scan.
CX Length of buffer to scan.
Return value:
No Carry flag set No signatures found in buffer.
Carry: Signature found in buffer!
ES:BX ASCIIZ-name of virus (null terminated)
Registers altered:
AX,BX,CX,DX,ES
The contents of the buffer remains unchanged.
AL=4 ScanFile
DS:DX Name of the program file to be scanned.
WARNING! There should be at least 4 Kb of free memory to
perform this function!
Return value:
No Carry flag set No signature found in file.
Carry: Signature found in buffer!
ES:BX ASCIIZ-name of virus (null terminated)
Registers altered:
AX,BX,CX,DX,ES
Assembler example:
mov ah,0CAh ;Multiplex number
mov al,0
int 02Fh ;Installation check
cmp al,0FFh ;If AL=FFh TbScanX has been installed.
jne notinstalled ;Else TbScanX has not been installed.
lea dx,buffer ;Address of the buffer in DS:DX
mov cx,512 ;Length of our buffer
mov ah,0CAh ;Multiplex number
mov al,3
int 02Fh ;ScanBuffer
jnc notinfected ;No carry? Then no virus found!
call print ;Virus found. Print name ES:BX
notinfected:
THUNDERBYTE
-----------
Virus scanners have a number of very serious disadvantages!
+ They cannot prevent infection. Virus scanners can only tell you
whether or not your system has been infected and if so, whether
any damage has already been done. By then only a good
(non-infected) backup can still save you.
+ They can only recognize viruses that have already been
identified. When a new virus has been launched it will take a
while before someone discovers it. After that it will take some
time before a reliable signature is dis- tilled from the virus
and it will also take a while for you to get hold of the newest
virscan.dat. All this means that there is a real chance that
your system is infected at a moment virus scanners have not
yet recognized "your" virus!
Viruses get more and more advanced. Among other things because of
all the attention the media is paying to the phenomenon computer
virus. It has even become a real sport for sick minds to write
computer viruses. Even viruses that have no stable signature
anymore have already been discovered. Because TbScan allows
wildcards in the data file it can still trace this kind of viruses
quite often. But it will not take much time anymore before viruses
will be created that have no special characteristics at all by
which they can be identified. And then even TbScan cannot help you
anymore. Even viruses that look for the DOS entry point in the same
way as TbScan does, avoiding detection by protection programs in an
effective way, already exist.
To provide programs with a checksum is neither a solution: as soon
as a file is read in, viruses can disinfect it, so every infected
program looks like one that is not.
There is however ONE solution for the abovementioned problems:
*** Thunderbyte! ***
Thunderbyte was developed to protect Personal Computers against
computer viruses, Trojan Horses and other threats to valuable data.
It is a hardware protection, consisting of an adapter card, an
installation and configuration program and a clear manual. The
working of Thunderbyte is not based on knowledge of specific
viruses, so Thunderbyte also protects against future viruses.
A hardware protection offers much more protection than a software
protection. Thunderbyte is already active before the operating
system is loaded, so the computer will be totally protected right
after the starting of the PC.
Because of the many configuration possibilities and the intelligent
algorisms, the use of Thunderbyte will never become a burden: you
will hardly notice the presence of Thunderbyte in an environment
without any viruses.
Advantages of a hardware protection:
+ The protection uses very little (1Kb) RAM
+ The protection is already active before the first boot attempt
of the PC, and therefore protects also against bootsector
viruses. A software protection can not protect you against
bootsector viruses, since it has not been executed at boot
time.
+ De hard disks can not be accessed directly anymore, because
Thunderbyte is connected to the hard disk cable.
+ It is impossible to forget to start Thunderbyte, even if the
machine is booting with a diskette.
Thunderbyte offers you many kinds of protection:
+ Protection against loss of data.
Thunderbyte is connected between the cable of the hard disk and
the controller. It prevents the hard disk from being accessed
directly. The only way to access the drive from now on is by
initiating an int 13h.
In addition Thunderbyte detects all direct disk writes which
try to achieve a modification or damage of the data and it
checks which program orders the execution of such operations.
Only the operating system can preform these operations
unmentioned.
Standard DOS already has the possibility of protecting files
against overwriting and modification by means of the read only
attribute. However this protection can be very easily
eliminated by software. But Thunderbyte prevents this
protection from being ruled out without this being noticed, so
now it is nevertheless possible to protect your files
effectively with a standard method.
+ Protection against infection.
Thunderbyte protects programs (files with the extension EXE,
COM or SYS) against infection by judging all modifications on
their intention. The functionality is not influenced by this.
Compiling, linking, etc., are not disturbed and neither are
programs that save their configuration internally. Furthermore,
software can be protected with the help of the aforementioned
read only attribute.
Attempts to modify the bootsector of the disk are detected, so
the dreaded bootsector viruses are also eliminated. Keep in
mind that the bootsector can hardly be protected by software.
Only Thunderbyte already becomes active before the system tries
to boot!
+ Detection of viruses.
In addition to the abovementioned ways of detecting the
presence of viruses, Thunderbyte can also do so because viruses
carry out a number of special operations. For example, the
marking of already infected programs in order to recognize
them, is detected by Thunderbyte. So are the attempts of
viruses to reside in the memory in a suspicious way and the
abnormal manipulations with interrupt vectors.
+ Password protection.
Thunderbyte has the possibility of installing a password.
There are two kinds of passwords: one that is always asked for
or one that you only have to enter when attempts are made to
start from a diskette instead of the hard disk.
+ Safety.
A lot of attention has been paid to the safety of Thunderbyte
The program code of Thunderbyte is located in ROM and there is
no way it can be modified.
There is not one method of eliminating Thunderbyte through
software. All the important settings are realized with the help
of dipswitches on the adapter card. And despite all their
wasted intelligence, viruses will never be able to turn
switches or to influence their read outs.
Viruses that approach the controller of the hard disk directly
will have a rude awakening: Thunderbyte will only pass disk
writes when the write or format command has followed the normal
(checked) course.
There are a lot of different versions of Thunderbyte
(functioning identically however) that are supplied on the
basis of capriciousness. That is why knowledge of the internal
working of only one Thunderbyte system is not sufficient to
damage or destroy its protective working.
Thunderbyte is constantly checking upon its own variables with
a kind of control number that is different for each version.
The positions of the memory where the variables are kept are
also different for each version.
+ Extra possibilities.
Thunderbyte offers you some interesting bonuses, like booting
from drive B:.
CONCLUSION
----------
Are you surprised about the relative great effect and inventiveness
of such a small virusscan program? Get Thunderbyte and keep on
amazing yourself!
If you appreciate TbScanX or if it has already been of help in a
difficult situation:
Buy Thunderbyte, or register TbScanX
For more information you can contact:
ESaSS B.V. Tel: 31 - 80 - 787 771
P.o. box 1380 Fax: 31 - 80 - 777 327
6501 BJ Nijmegen Data: 31 - 85 - 212 395
The Netherlands (2:280/200 @fidonet)
TbScanX is written by Frans Veldman.
TbScan and the signature files are available on ESaSS / Thunderbyte
support BBS, Tel: 31-85-212395 (300/1200/2400 bps).
If you are running a electronic mail system, you can also
file-request TBSCAN to get the latest version of TBSCAN.COM,
TBSCANX to get the resident automatic version of TBSCANX, and
VIRUSSIG to obtain a copy of the latest update of the signature
file.