Experimental BBS Explossion 3

home *** CD-ROM | disk | FTP | other *** search

/ Experimental BBS Explossion 3 / Experimental BBS Explossion III.iso / virus / tbav609.zip / TBSCAN.LNG < prev next >

Wrap

Text File | 1993-12-06 | 7KB | 201 lines

|w████████████████████████████████████████████████████████████████████████████████ |p |╒══════════════════════════════════════════════════════════════════════╕|w████ |p |│ |For product support or additional information, please contact: |│|x██|w██ |p |│ │|x██|w██ |p |│ |Thunderbyte USA ∙ P. O. Box 527 ∙ Dagsboro, DE 19939 |│|x██|w██ |p |│ |Phone: (302)732-3105 ∙ Fax: (302)732-3105 ∙ BBS: (302)732-6399 |│|x██|w██ |p |╘══════════════════════════════════════════════════════════════════════╛|x██|w██ |p |x████████████████████████████████████████████████████████████████████████|w██ |w████████████████████████████████████████████████████████████████████████████████ $ TbScan is written by Frans Veldman. Usage: TbScan [@][<path>][<filename>...] [<options>...] Command line options available: help he =help (? = short help) pause pa =enable "Pause" prompt mono mo =force monochrome quick qs =quick scan (uses Anti-Vir.Dat) allfiles af =scan non-executable files too heuristic hr =enable heuristic alerts extract ex =extract signature (registered only) once oo =only once a day secure se =user abort not allowed (registered only) compat co =maximum-compatibility mode ignofile in =ignore no-file-error noboot nb =skip bootsector check nomem nm =skip memory check hma hm =force HMA scan nohmem nh =skip UMB/HMA scan nosub ns =skip sub directories noautohr na =no auto heuristic level adjust repeat rp =scan multiple diskettes batch ba =batch mode (no user input) delete de =delete infected files log lo =output to log file append ap =log file append mode expertlog el =no heuristic descriptions in log logname =<filename> ln =set path/name of log file loglevel =<0..4> ll =set log level wait =<0...255> wa =number of timerticks to wait. rename [=<ext-mask>] rn =rename infected files exec =.<ext-mask> ee =specify executable extensions $ WARNING! $ WARNING! memory $ Since an active virus in memory may interfere with the virus scanning process, it is highly recommended to immediately power down the system, and to reboot from a write-protected clean system diskette! Note: if you used any virus scanner just before you invoked TbScan, it's possible that TbScan detected a signature of the other scanner in memory, rather than an actual virus. In that case you should ignore this warning. Do you want to Q)uit or to C)ontinue? (Q/C) $ This version of TbScan is more than 6 months old. Statistics show that the amount of different viruses doubles about every nine months. For the safety of your data it is highly recommended to obtain a more recent version of TBAV. Consult the file Agents.Doc for information about TBAV agents, or consult ESaSS B.V. in The Netherlands: Phone: +31 - 80 - 787 - 881 Fax: +31 - 80 - 789 - 186 Press any key to continue... $ Insert disk, press "Esc" to cancel... $ Sigfile entries: File system: Directories: Total files: Executables: CRC verified: Changed files: Infected items: Elapsed time: KB / second: $ found $ infected by $ dropper of $ damaged by $ joke named $ overwritten by $ trojan named $ probably $ might be $ virus $ Has been changed! $ an unknown virus $ Option 'once' already used today. $ Error: Some internal limit exceeded! $ No executable files found! $ Error: Can not create logfile! $ Option 'extract' and 'secure' are available for registered users only! $ Process aborted by user! $ Heuristic flags: $ c No checksum / recovery information (Anti-Vir.Dat) available. $ C The checksum data does not match! File has been changed! $ F Suspicious file access. Might be able to infect a file. $ R Relocator. Program code will be relocated in a suspicious way. $ A Suspicious Memory Allocation. The program uses a non-standard way to search for, and/or allocate memory. $ N Wrong name extension. Extension conflicts with program structure. $ S Contains a routine to search for executable (.COM or .EXE) files. $ # Found an instruction decryption routine. This is common for viruses but also for some protected software. $ V This suspicious file has been validated to avoid heuristic alarms. $ E Flexible Entry-point. The code seems to be designed to be linked on any location within an executable file. Common for viruses. $ L The program traps the loading of software. Might be a virus that intercepts program load to infect the software. $ D Disk write access. The program writes to disk without using DOS. $ M Memory resident code. The program might stay resident in memory. $ ! Invalid opcode (non-8088 instructions) or out-of-range branch. $ T Incorrect timestamp. Some viruses use this to mark infected files. $ J Suspicious jump construct. Entry point via chained or indirect jumps. This is unusual for normal software but common for viruses. $ ? Inconsistent exe-header. Might be a virus but can also be a bug. $ G Garbage instructions. Contains code that seems to have no purpose other than encryption or avoiding recognition by virus scanners. $ U Undocumented interrupt/DOS call. The program might be just tricky but can also be a virus using a non-standard way to detect itself. $ Z EXE/COM determination. The program tries to check whether a file is a COM or EXE file. Viruses need to do this to infect a program. $ O Found code that can be used to overwrite/move a program in memory. $ B Back to entry point. Contains code to re-start the program after modifications at the entry-point are made. Very usual for viruses. $ K Unusual stack. The program has a suspicious stack or an odd stack. $ Y Bootsector violates IBM bootsector format. Missing 55AA-marker. $ p Packed program. A virus could be hidden inside the program. $ i Additional data found at end of file. Probably internal overlay. $ h The program has the hidden or system attribute set. $ w The program contains a MS-Windows or OS/2 exe-header. $ .............