home *** CD-ROM | disk | FTP | other *** search
-
- The Thunderbyte Anti-Virus utilities provide a collection of sophisticated
- programs which offer various ways to check for, identify and remove known as
- well as unknown viruses from hard and floppy disks on PCs or across networks.
-
- TBAV is upgraded every two months. Free hotline support is provided for all
- registered users via telephone, fax and electronic bulletin board. Read the
- comprehensive documentation files for detailed info. BBS: +31- 85- 212 395
- $
-
- TbScan is written by Frans Veldman.
-
- Usage: TbScan [@][<path>][<filename>...] [<options>...]
-
- Command line options available:
-
- help he =help (? = short help)
- pause pa =enable "Pause" prompt
- mono mo =force monochrome
- quick qs =quick scan (uses Anti-Vir.Dat)
- allfiles af =scan non-executable files too
- heuristic hr =enable heuristic alerts
- extract ex =extract signature (registered only)
- once oo =only once a day
- secure se =user abort not allowed (registered only)
- compat co =maximum-compatibility mode
- ignofile in =ignore no-file-error
- noboot nb =skip bootsector check
- nomem nm =skip memory check
- hma hm =force HMA scan
- nohmem nh =skip UMB/HMA scan
- nosub ns =skip sub directories
- noautohr na =no auto heuristic level adjust
- repeat rp =scan multiple diskettes
- batch ba =batch mode (no user input)
- delete de =delete infected files
- log lo =output to log file
- append ap =log file append mode
- expertlog el =no heuristic descriptions in log
- logname =<filename> ln =set path/name of log file
- loglevel =<0..4> ll =set log level
- wait =<0...255> wa =number of timerticks to wait.
- rename [=<ext-mask>] rn =rename infected files
- exec =.<ext-mask> ee =specify executable extensions
-
- $
- WARNING!
- $
-
- WARNING! memory
- $
-
- Since an active virus in memory may interfere with the
- virus scanning process, it is highly recommended to
- immediately power down the system, and to reboot from a
- write-protected clean system diskette!
-
- Note: if you used any virus scanner just before you invoked
- TbScan, it's possible that TbScan detected a signature of
- the other scanner in memory, rather than an actual virus.
- In that case you should ignore this warning.
- Do you want to Q)uit or to C)ontinue? (Q/C)
- $
- This version of TbScan is more than 6 months old.
-
- Statistics show that the amount of different viruses
- doubles about every nine months. For the safety of your
- data it is highly recommended to obtain a more recent
- version of TBAV.
-
- Consult the file Agents.Doc for information about TBAV
- agents, or consult ESaSS B.V. in The Netherlands:
- Phone: +31 - 80 - 787 - 881
- Fax: +31 - 80 - 789 - 186
-
- Press any key to continue...
- $
- Insert disk, press "Esc" to cancel...�
- $
- Sigfile entries:
-
- File system:
-
- Directories:
- Total files:
- Executables:
- CRC verified:
- Changed files:
- Infected items:
-
- Elapsed time:
- KB / second:
- $
- found
- $
- infected by
- $
- dropper of
- $
- damaged by
- $
- joke named
- $
- overwritten by
- $
- trojan named
- $
- probably
- $
- might be
- $
- virus
- $
- Has been changed!
- $
- an unknown virus
- $
-
- Option 'once' already used today.
-
- $
- Error: Some internal limit exceeded!
- $
- No executable files found!
- $
- Error: Can not create logfile!
- $
- Option 'extract' and 'secure' are available for registered users only!
- $
- Process aborted by user!
- $
-
- Heuristic flags:
- $
- c No checksum / recovery information (Anti-Vir.Dat) available.
- $
- C The checksum data does not match! File has been changed!
- $
- F Suspicious file access. Might be able to infect a file.
- $
- R Relocator. Program code will be relocated in a suspicious way.
- $
- A Suspicious Memory Allocation. The program uses a non-standard
- way to search for, and/or allocate memory.
- $
- N Wrong name extension. Extension conflicts with program structure.
- $
- S Contains a routine to search for executable (.COM or .EXE) files.
- $
- # Found an instruction decryption routine. This is common
- for viruses but also for some protected software.
- $
- V This suspicious file has been validated to avoid heuristic alarms.
- $
- E Flexible Entry-point. The code seems to be designed to be linked
- on any location within an executable file. Common for viruses.
- $
- L The program traps the loading of software. Might be a
- virus that intercepts program load to infect the software.
- $
- D Disk write access. The program writes to disk without using DOS.
- $
- M Memory resident code. The program might stay resident in memory.
- $
- ! Invalid opcode (non-8088 instructions) or out-of-range branch.
- $
- T Incorrect timestamp. Some viruses use this to mark infected files.
- $
- J Suspicious jump construct. Entry point via chained or indirect
- jumps. This is unusual for normal software but common for viruses.
- $
- ? Inconsistent exe-header. Might be a virus but can also be a bug.
- $
- G Garbage instructions. Contains code that seems to have no purpose
- other than encryption or avoiding recognition by virus scanners.
- $
- U Undocumented interrupt/DOS call. The program might be just tricky
- but can also be a virus using a non-standard way to detect itself.
- $
- Z EXE/COM determination. The program tries to check whether a file
- is a COM or EXE file. Viruses need to do this to infect a program.
- $
- O Found code that can be used to overwrite/move a program in memory.
- $
- B Back to entry point. Contains code to re-start the program after
- modifications at the entry-point are made. Very usual for viruses.
- $
- K Unusual stack. The program has a suspicious stack or an odd stack.
- $
- Y Bootsector violates IBM bootsector format. Missing 55AA-marker.
- $
- p Packed program. A virus could be hidden inside the program.
- $
- i Additional data found at end of file. Probably internal overlay.
- $
- h The program has the hidden or system attribute set.
- $
- w The program contains a MS-Windows or OS/2 exe-header.
- $
- .............
