home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 1998 June
/
PCWorld_1998-06_cd.bin
/
software
/
sharware
/
antiviry
/
tb95805
/
av3end.exe
/
TBSETUP.DAT
< prev
next >
Wrap
Text File
|
1998-03-12
|
16KB
|
337 lines
; This TbSetup file contains information for the Thunderbyte Utilities.
% The TbSetup program stores checksum, validation, and cleaning information of
% programs in hidden Anti-Vir.Dat files. Several Thunderbyte Anti-Virus (TBAV)
% utilities use this information to enhance detection and removing of viruses.
%
% Programs that require special attention of TBAV utilities are listed in the
% TbSetup.Dat file. Send files that require special TBAV attention to our BBS
% for inclusion into this file! You can also add them to this file yourself!
; To make sure that any "special" program file on your system is equal
; to the program file we have put into this list, every filename has
; a acompanying 32-bit CRC. Only if this CRC matches, the file is
; granted its special attention/exclusion.
; Note that this implies no security hole: if a file is infected, it
; does not match the CRC anymore, so it will not be subject to any
; special handling and treated like any other file. This applies to files
; that are modified before running the TbSetup program, as well as for
; files that are modified afterwards.
; The file length and/or CRC can be wildcarded (*). In this case the
; flags apply to all matching files.
; Thunderbyte flags field definition:
; bit 0: (0001) Do not perform heuristic analysis
; bit 1: (0002) Ignore CRC changes (self-modifying file)
; bit 2: (0004) Scan for all signatures (lan remote boot file)
; bit 3: (0008) Do not change read-only attribute of this file
; bit 4: (0010) The program stays resident in memory.
; bit 5: (0020) The program performs direct disk access.
; bit 6: (0040) The program modifies readonly attributes or exe header.
; bit 15: (8000) Interrupt rehook required for TbDriver.Exe
; Lines beginning with a '#' are directives and have a special meaning:
; #RO Add read-only attribute by default to executable files
; filename Length 32-bit CRC Flags Comment
; -----------------------------------------------------------------------------
; Files that trigger the heuristic alarm of TbScan:
4DOS.COM * * 0001 ;4DOS
AAPISG.COM * * 0001 ;Galaxy
ACZAR.EXE * * 0001 ;Archive shell
AFD.COM 0FEFE EBA21A86 0001 ;AFD debugger
AMISETUP.EXE * * 0001 ;CMOS setup utility
ARGV0FIX.COM 001D8 431E70C0 0011 ;Argv[0]fix
ASOUND.EXE * * 0001
CAMERA.COM 00679 * 0001 ;Utility
CGRAPHIC.EXE 03E4F BAEF8AAD 0001 ;Utility
CMD.COM * * 0001 ;MCA utility
CMSDRV.COM 013C1 * 0001 ;Sound Blaster utility
CONFMT.COM * * 0001 ;Format utility
CONTINUM.COM * * 0001 ;Video utility
COPYPC.COM * * 0001
COPYQM.COM 067FE BB71FA7D 0001 ;Disk copy utility
COPYWRIT.COM * * 0001
CVS.EXE * * 0001
DDINSTAL.EXE 0BFC4 8EBC86C2 0001
DMP.COM * * 0011 ;Print spooler
DMPC.EXE 00AEE 4BBEDA5A 0001
DOSAGENT.EXE * * 0001
DSZ2ICOM.EXE 098B0 A09C1F4D 0001 ;DSZ logfile utility
DUMPSCR2.COM 002B5 D12C87F1 0001
EGRAPHIC.EXE 03E09 001F613D 0001 ;Utility
EXE2COM.EXE 00BEA 4927CF1E 0001 ;Exe to Com conversion utility
F-TEST.COM * * 0001 ;Frisk anti-virus module
FAKE.EXE 0048F BD4ED16F 0001 ;A86 utility
FENESTRA.EXE 2FD00 4BDE6869 0001 ;Videotext emulator
FFIX.EXE 006DC AC60E24D 0001
FIX720.COM * * 0001
FLAGFIX.COM 0006D 37C4CD3B 0011 ;FlagFix utility
GIF2EPSN.COM 05080 * 0001
GRABBER.COM 05CD5 6DC5C815 0001 ;Screen capture utility
HDFMTALL.COM * * 0001 ;Disk format utility
HILOAD.COM * * 0001 ;DR DOS TSR loader
#IBMAVSH.COM 03536 C9A78F41 0001 ;IBM anti-virus
IBMAVSH.COM 036AD 57B05B0D 0001 ;IBM anti-virus
ICE.COM 00562 AC1E3517 0001 ;File encryptor
INOCINT.COM 00204 5EC0B38D 0001
ISOUND.EXE 00B12 E4993F51 0001
LOG.COM 0070F FFEF624E 0001 ;Ziff utility
ML.EXE * * 0001 ;MS macro assembler 6.00
MONITOR.COM 01798 F501424B 0001
MOVE.COM 00730 22DAA6CC 0001 ;Utility
MSCDEX.EXE * * 0011 ;CD-ROM driver
NDOS.COM * * 0001 ;NDOS
NNANSI.COM 014DC 9BF50F93 0011 ;Ansi driver
OAS164.EXE * * 0001
PB.COM * * 000B ;PlayBack menu
PC3270.COM 08F00 F9EEE6BC 0001
POVMOD.EXE 18263 2CFA97A8 0001 ;Persistence of Vision 1.0
PS081010.EXE * * 0001
PS241010.EXE * * 0001
QIT.EXE * * 0001
README.COM * * 0001 ;Soundblaster Pro utility
RECORDER.COM 0051D 02A2E3B6 0001 ;Utility
REGEDIT.EXE * * 0001 ;Windows 3.1
RGNC.EXE * * 0001 ;BBS utility
SCROFF.COM 000C9 E2CD35DB 0001 ;utility
SDUMP.COM 00280 * 0001 ;Utility
SERVER.EXE * * 001B ;Novell server
SKPLUS.EXE * * 0011 ;Side Kick plus
SNATCHIT.COM 02BAE CA62C2C3 0001 ;Encrypted utility
SNIPPER.COM * * 0011 ;PC Magazine utility
SPINRITE.COM * * 0001 ;Hard disk utility
SSWAP.COM 04000 972848E4 0001 ;Stacker utility
TCP2PDIS.EXE * * 0001
TINYPROG.EXE * * 0001 ;Executable file compressor
TOAGX.COM 0B932 3B9FA438 0001 ;Harvard utility
TRAK.EXE 02ED0 016ED5DC 0001
UNJUNE4.EXE 02A55 2420E45E 0001 ;4june remover
VALIDATE.COM 0195F 6466439F 0001 ;McAfee checker
VAPINUL.COM * * 0001 ;WP 6.0 file
VAPISG.COM * * 0001 ;Galaxy
VAXDIR.EXE * * 0001
VAXLINK2.EXE * * 0001
VGACOPY.EXE * * 0001 ;Disk copy utility
VIRSTOP.EXE * * 0011 ;Frisk anti-virus module
VMAP.COM * * 0011
VTOUCH.COM 00170 3180AF12 0001
WATCH.COM * * 0011 ;TSR monitoring utility
WIN.COM * * 0001 ;Windows 3.0
WINOS2.COM 00B20 824F7C77 0001
WINWORD.EXE * * 0001 ;Windows word
X00.EXE * * 0011 ;Fossil driver
XTREE.COM * * 000B ;Utility
NETBIOS.EXE * * 001B ;Novell netware
NET3.COM * * 0011
NET4.COM * * 0011
NET5.COM * * 0011
NETX.COM * * 0011
NETX.EXE * * 0011
EMSNETX.COM * * 0011
EMSNETX.EXE * * 0011
XMSNETX.COM * * 0011
XMSNETX.EXE * * 0011
EMENU.COM * * 0001
EXACT.COM * * 0001
EXEFREMD.COM 06200 * 0001 ;Geva utility
FRMCONT.COM 08400 * 0001 ;Geva utility
TRANSMIT.COM 0C600 * 0001 ;Geva utility
TRANSNEU.COM 09A00 * 0001 ;Geva utility
RECVE.COM 08A00 * 0001 ;Geva utility
INHNEU.COM 06E00 * 0001 ;Geva utility
INTER11.COM 06200 * 0001 ;Geva utility
TSETREG7.COM * * 0001
AUTODIAL.COM * * 0001
TIMEGEN.COM * * 0001
TGSUMM.COM * * 0001
AUTOPFL.COM * * 0001 ;Freelance Graphics utility
FL.COM * * 0001 ;Freelance Graphics utility
SIZER.EXE * * 0001 ;DOS 6.0 utility
IBMBIO.COM 05F9A 9CCE2030 0001 ;DR DOS 6.00 system file
COMMAND.COM 0C508 103850F4 0001 ;DR DOS 6.00 command processor
COMMAND.COM 0C518 5390AA5E 0001 ;DR DOS 6.00 command processor
LS-LOAD.COM 00B48 B9302393 0001 ;DESQview utility
LT-LOAD.COM 00BDE 0F435505 0001 ;DESQview utility
PX-LOAD.COM 0037F 84ECF84E 0001 ;DESQview utility
RAMBOOST.EXE * * 0011 ;PcTools utility
PCFORM.EXE * * 0001 ;PcTools utility
ITLFAX.EXE * * 0001 ;PcTools utility
AAPIATI.COM 0121B 6D983DBF 0001 ;ATI utility
VAPIATI.COM 028AF C216963D 0001 ;ATI utility
PANIC.EXE * * 0001 ;Sound file
POINT.EXE * * 0001 ;Sound file
JUKEBOX.EXE * * 0001 ;Sound file
ADLIBDRV.COM * * 0001 ;Sound file
CPCHED.EXE * * 0001 ;Central Point schedular
; Files that need to be scanned completely, for BOOT COM EXE SYS viruses:
NET$DOS.SYS * * 0004 ;Disk image of Novell remote boot disk
; Files that do not have a fixed checksum due to internal configuration area's:
CONFIG.SYS * * 0002 ;This is not a device driver
MENU.COM 03328 * 000A ;PlayBack menu
Q.EXE * * 000A ;Qedit (all versions)
TBCONFIG.COM * * 000A ;all versions
PCBOARD.SYS * * 000A ;PCBoard 14.5a utility
REMOTE.SYS * * 000A ;PCBoard 14.5a utility
EVENT.SYS * * 000A ;PCBoard 14.5a utility
DOOR.SYS * * 000A ;BBS door drop file
; Names of files of which the readonly attribute should not be changed:
IO.SYS * * 0008 ;DOS system file
MSDOS.SYS * * 0008 ;DOS system file
; Names of programs that are allowed to remove the readonly attributes:
TBSETUP.EXE * * 0040 ;TbSetup utility
; Names of programs that stay resident in memory:
APPEND.EXE * * 0010 ;MS-DOS utility
ASSIGN.COM * * 0010 ;MS-DOS utility
DOSKEY.COM * * 0010 ;MS-DOS utility
FASTOPEN.EXE * * 0010 ;MS-DOS utility
KEYB.COM * * 0010 ;MS-DOS utility
MIRROR.COM * * 0010 ;MS-DOS utility
MODE.COM * * 0010 ;MS-DOS utility
PRINT.EXE * * 0010 ;MS-DOS utility
SHARE.EXE * * 0011 ;MS-DOS utility
SMARTDRV.EXE * * 0010 ;Disk cache
FDREAD.EXE * * 0010 ;Resident disk convertor
AE2.EXE * * 0010 ;Lantastic
AILANBIO.EXE * * 0010 ;Lantastic
LANCACHE.EXE * * 0030 ;Lantastic
LANPUP.EXE * * 0010 ;Lantastic
REDIR.EXE * * 0011 ;Lantastic
SERVER.EXE * * 0030 ;Lantastic
TNE-WS.EXE * * 0010 ;Lantastic TNE
LSL.COM * * 0010 ;Network driver
3C509.COM * * 0010 ;Network driver
ODINSUP.COM * * 0010 ;Network utility
IPXODI.COM * * 0010 ;Network utility
PCSXI.EXE * * 0010 ;Terminal emulation utility
RMVPCS.EXE * * 0010 ;Terminal emulation utility
STARTRTR.EXE * * 0010 ;Terminal emulation utility
WSF.EXE * * 0010 ;Terminal emulation utility
STACKMAN.EXE * * 0010 ;Stack Manager
TBDRIVER.EXE * * 0010 ;TBAV driver
TBSCANX.EXE * * 0010 ;TbScanX
TBCHECK.EXE * * 0010 ;TbCheck
TBMEM.EXE * * 0010 ;TbMem
TBDISK.EXE * * 0010 ;TbDisk
TBFILE.EXE * * 0010 ;TbFile
TBGARBLE.EXE * * 0010 ;TbGarble
TBDRIVE0.EXE * * 0010 ;TBAV driver (8088)
TBSCANX0.EXE * * 0010 ;TbScanX (8088)
TBCHECK0.EXE * * 0010 ;TbCheck (8088)
TBMEM0.EXE * * 0010 ;TbMem (8088)
TBDISK0.EXE * * 0010 ;TbDisk (8088)
TBFILE0.EXE * * 0010 ;TbFile (8088)
TBDRIVE1.EXE * * 0010 ;TBAV driver (80186)
TBSCANX1.EXE * * 0010 ;TbScanX (80186)
TBCHECK1.EXE * * 0010 ;TbCheck (80186)
TBMEM1.EXE * * 0010 ;TbMem (80186)
TBDISK1.EXE * * 0010 ;TbDisk (80186)
TBFILE1.EXE * * 0010 ;TbFile (80186)
TBDRIVE2.EXE * * 0010 ;TBAV driver (80286)
TBSCANX2.EXE * * 0010 ;TbScanX (80286)
TBCHECK2.EXE * * 0010 ;TbCheck (80286)
TBMEM2.EXE * * 0010 ;TbMem (80286)
TBDISK2.EXE * * 0010 ;TbDisk (80286)
TBFILE2.EXE * * 0010 ;TbFile (80286)
TBDRIVE3.EXE * * 0010 ;TBAV driver (80386)
TBSCANX3.EXE * * 0010 ;TbScanX (80386)
TBCHECK3.EXE * * 0010 ;TbCheck (80386)
TBMEM3.EXE * * 0010 ;TbMem (80386)
TBDISK3.EXE * * 0010 ;TbDisk (80386)
TBFILE3.EXE * * 0010 ;TbFile (80386)
TBFENCE.EXE * * 0021 ;TbFence
MOUSE.COM * * 0010 ;Every mouse driver is a TSR
MOUSE.EXE * * 0010 ;Every mouse driver is a TSR
GMOUSE.COM * * 0010 ;Genius mouse driver
LMOUSE.COM * * 0010 ;Logitech mouse driver
IPX.COM * * 0010 ;Novell network protocol
F_RTL.EXE * * 0010 ;Postbank utility
F_DISP.EXE * * 0010 ;Postbank utility
F_APPL.EXE * * 0010 ;Postbank utility
F_COMM.EXE * * 0010 ;Postbank utility
CL.EXE * * 0010 ;WP-Office utility
NOTIFY.EXE * * 0010
BITSCHED.EXE * * 0010 ;Bit fax utility
DPMILOAD.EXE * * 0010
3C5X9.COM * * 0010 ;3com driver
KEYSTACK.COM * * 0010 ;4Dos utility
NABIOS.EXE * * 0010 ;PC-Support utility
EC400RTR.EXE * * 0010 ;PC-Support utility
RMVPCS.EXE * * 0010 ;PC-Support utility
FCRREQ2.COM * * 0010 ;PC-Support utility
FLRMCAC2.COM * * 0010 ;PC-Support utility
PCSCOPY.EXE * * 0010 ;IBM PC3270 Emulator
PCSDFT.EXE * * 0010 ;IBM PC3270 Emulator
PCSDOS.EXE * * 0010 ;IBM PC3270 Emulator
PCSLDTBL.EXE * * 0010 ;IBM PC3270 Emulator
PCSPDOS.EXE * * 0010 ;IBM PC3270 Emulator
PCSSDFT.EXE * * 0010 ;IBM PC3270 Emulator
PCSSNA.EXE * * 0010 ;IBM PC3270 Emulator
PCSTLOAD.EXE * * 0010 ;IBM PC3270 Emulator
PCSSPRT.EXE * * 0010 ;IBM PC3270 Emulator
PCSUTIL.EXE * * 0010 ;IBM PC3270 Emulator
TQDOS.EXE * * 0010 ;IBM PC3270 Emulator
; Names of programs that perform direct disk writes:
FORMAT.COM * * 0020 ;This program formats disks.
DEFRAG.EXE * * 0020 ;DOS 6.0 defragmentation utility.
CALIBRAT.EXE * * 0020 ;Norton utility
SD.EXE * * 0020 ;Norton utility
NDD.EXE * * 0020 ;Norton utility
DUPDISK.EXE * * 0020 ;Norton utility
; Names of programs that change the exe header:
EXEMOD.EXE * * 0040
EXEHDR.EXE * * 0040
TERMINAT.EXE * * 0040
; Names of files which keep changing:
RANDSEED.BIN * * 0002
; Names of programs that require interrupt rehook of TbDriver.Exe:
NET3.COM * * 8000 ;Novell LAN
NET4.COM * * 8000 ;Novell LAN
NET5.COM * * 8000 ;Novell LAN
NETX.COM * * 8000 ;Novell LAN
NETX.EXE * * 8000 ;Novell LAN
EMSNETX.COM * * 8000 ;Novell LAN
EMSNETX.EXE * * 8000 ;Novell LAN
XMSNETX.COM * * 8000 ;Novell LAN
XMSNETX.EXE * * 8000 ;Novell LAN