What is AVScan: AVScan is a scanner that scans for more than 4200 virus signatures, not including the other special identification methods it uses! These methods are used to detect polymorphic viruses, such as MtE, TpE, NED, Tremor, Girafe, Uruguay to name but a few. These viruses are marked with (encr.) or (encrypted). The purpose of this release of AVScan on CompuServe is to receive some feedback on possible false positives and its network features. The last version of AVScan on CIS was nine months old, but AVScan is updated monthly in Germany (and weekly by BBS!) and we will release future versions if time permits. We've added a long list of exciting network features, such as broadcasting, server logout, date-file and so on. More features are under construction, but it seems that not all possibilites of NetWare are published by Novell :-). Parameters: /? gives a complete list of command line parameters. History: 2.19 Added new signatures 2.18 Added new signatures 2.17 Added new signatures 2.16 Added new signatures, solved more mysteries around drive types 2.15 Added new signatures 2.14 Added new signatures 2.13 Added new signatures, changed cursor behaviour 2.12 Added new signatures 2.11a Solved "features" of WFW 3.11 32bit acc. 2.11 Added new signatures 2.10 Added new signatures 2.09 Added new signatures 2.08 Added new signatures 2.07 Added new signatures, added more information into log, changed references of "SUPERVISOR" to "Receipient of Broadcasts" 2.06 Added new signatures, expanded cleared memory area when exiting, /QNV will "silence" AVScan, AVScan will beep only if virus found 2.05 Added new signatures, /DMF for new 1.68MB disk format /VFM to display custom text if virus found 2.04a Added check for RO-flag when XO-attribute is in place, fixed bug of deleting saved full log in daily-log-mode 2.04 Added new signatures 2.03b Added new PKLite found in QEMM For Games 2.03a Added new switch /APL to ignore network drives, NMXssss,eeee to exclude a specific memory area from scanning, \\UNC names 2.03 Added new signatures 2.02 Added new signatures 2.01 Added new signatures 2.00 Added new signatures 1.99 Added new signatures, fixed problem with /DY-switch and drive spec. 1.98 Added new signature, fixed errors within READ.ME and the one-line help. /Ax paramter now doesn't turn on global subdirectory scanning for other additional path identifier issued (e.g. C:\ /AH) 1.97 Added new signatures 1.96 Added new signatures 1.95a Added new signatures, drive letter with colon only now checks whole drive specified, added signature at the end of report 1.95 Added new signatures 1.94 Added new signature 1.93 Added new signature 1.92 Fixed a false positive with Vienna-582 1.91 Added new signatures 1.90 Added new signature 1.89 Added new signature 1.88 Added new signature, fixed HLT on OS/2 and QEMM 1.87a Fixed bug in destroyed-check 1.87 Added new signatures 1.86a Fixed bug in an auxiliary program, added display of boot drive 1.86 Added new signatures 1.85a Changed the way of physical access of boot sector and master boot sector 1.85 Added new signatures 1.84a Changed the way of physical access of boot sector and master boot sector 1.84 Added new signatures 1.83 Added new signatures 1.82 Added new signatures 1.81 Added new signatures 1.80 Added new signatures 1.79 Added new signatures, fixed loop in Desperado routine 1.78 Added new signatures, CMOS drive settings are checked 1.77 Added new signatures 1.76 Added new signatures 1.75 Added new signatures 1.74 Added new signatures, fixed a bug in PSMPC and added two new new parameters regarding warnings 1.73 Added new signatures 1.72 Added new signatures 1.71 Added new signatures 1.70 Added new signatures, fixed MPC-unknown 1.69 Added new signatures, fixed a bug with an additional copy of virus message in turbo mode 1.68 Added new signatures 1.67 Added new signatures 1.66 Added new signatures 1.65 Added new signatures 1.64 Added new signatures 1.63 Added new signatures 1.62 Added new signatures 1.61 Removed one signature, fixed bug with /DY 1.60 Added new signature, fixed internal bug with /XE switch 1.59 Added new signature 1.58 Added new signatures 1.57 Added new signatures, cosmetic changes, command line will now be also included for start of daily-log-file 1.56a Fixed bug with header and OS/2 2.1 1.56 Added new signatures 1.55 Changed signatures, made 'check inside compressed files' default, added scanning of eXecute-only files on NW with VLMs (prelim.) 1.54 Added new signatures 1.53 Added new signatures 1.52 Added new signatures 1.51a Fixed bug with memory below 510K when called with /I 1.51 Added new signatures 1.50 Added new signatures 1.49a Fixed error with trace beyond physical end of file 1.49 Added new signatures, new switch for Vesselin Bontchev: /MNF /MNF means "Manual NO FILES". Corrected 'Too old'-date. Added PAUSE display if PAUSE key is pressed Disabled CTRL-ALT-DEL Display of \ | / - during overwrite of files 1.48 Added new signatures, fixed a bug with CTRL-C checking 1.47a Cosmetic changes of screen output during MBR scan 1.47 Added new signatures 1.46 Added new signatures 1.45 Added new signatures 1.44 Added new signatures 1.43 Added new signatures 1.42 Added new signatures 1.41a Changed restrictive check of .EXE-file headers regarding Windows OS/2, Bound and Windows NT files 1.41 Added new signatures fixed date of "too old message" and some typos /nscrn option added 1.40 Added new signatures XMS usage fully implemented Flagging of immunized files added - who used it anyway? 1.39 Added new signatures, first use of XMS 1.38 Added new signatures 1.37 Added new signatures 1.36a Fixed with bug with no physical floppy drives in system 1.36 Added new signatures 1.35 Fixed false alarm with the Piter signature 1.34 Added new signatures 1.33 Added new signatures 1.32 Added new signatures 1.31 Added new signatures 1.30 Added new signatures 1.29 Added new boot sector signatures and refined the ones used for CRUNCHER. Run-time errors will display some code now. 1.28a Increased retry count to handle different disk formats properly when in /M mode 1.28 New signatures added 1.27 New signatures for boot sector viruses added, this includes Invisible man and Quox II 1.26 Signature for CRUNCHER and other viruses added 1.25 New virus signatures added 1.24a Scrambling of a temporary work buffer added due to LZExe 1.24 New virus signatures added False alarm with inhouse developed cobol programs fixed. Scan string was ZK 900 (A) 1.23 New virus signature added (same emergency) 1.22 Two new bs-viruses added (emergency-on customer demand) 1.21 Signature for DAME added 1.20 New virus signatures added, mostly polymorphic 1.19 New virus signatures added Fixed discrepancy in the file and directory count between the logfile and screen display 1.18b False alarms with two PC-Magazine utilities fixed. LOCK.COM and UNLOCK.COM were flagged as containing MtE-unencrypted. 1.18a Fixed a bug which stopped AVScan from scanning subdirectories on diskettes when in manual mode (/M) 1.18 New virus signatures added KNOWN PROBLEMS WITH OTHER PROGRAMS: Usually all programs from Central Point (CPAV and MSAV) do NOT cipher their scan strings (either memory and program file) which makes it easy to patch these programs. False positives are likely to occur. We've had an enormus outbreak of Tremor in Germany during the last four months. Did you know that Tremor specifically switches the resident part of CPAV and/or MSAV OFF! If you receive an virus alert in memory, please check that you are NOT running CPAV or MSAV: common messages are Vienna-634 or Youth- Silence. Bootsafe.Exe ============ Older versions of this program did not decrypt their scan strings properly. Delete it and replace it with a newer version. Ikarus Antivirus Utilities Advanced Edition =========================================== Warning!, Signature of Eddie-2 (B) found in RMV.VDB Path name: D:\AV\VUAE\RMV.VDB Time: 01:51:50, Date: 27.03.1992, Size: 14690, Attr: R- H- S- A- Cure: Ask developer for encrypted scan strings within their programs Microcomm's Virex-PC ==================== Virexpro.Com Warning!, Signature of Fellow found in VIREXPRO.COM Path name: D:\AV\VIREXPC\VIREXPRO.COM Time: 00:00:00, Date: 20.08.1991, Size: 48984, Attr: R- H- S- A- CURE: Ask developer for encrypted scan strings within their programs VirX.Exe Warning!, Signature of 570 found in VIRX.EXE Virus-Cure Cure.Exe =================== Warning!, Signature of 1210 found in CURE.EXE Path name: D:\AV\VIRUSCU.RE\CURE.EXE Time: 08:50:34, Date: 04.02.1991, Size: 55737, Attr: R- H- S- A- CURE: Ask developer for encrypted scan strings within their programs Mc Affee's Pro Scan: ==================== Warning!, Signature of Slow #2 found in PRO-SCAN.EXE Path name: D:\AV\PRO-SCAN\PRO-SCAN.EXE Time: 11:17:30, Date: 06.08.1991, Size: 75189, Attr: R- H- S- A- CURE: Ask developer for encrypted scan strings within their programs Certus Novi (now Symantec) ========================== Warning!, Signature of Den Zuk #1 found in NOVI.OVL Path name: D:\AV\NOVI\NOVI.OVL Time: 01:01:00, Date: 01.09.1991, Size: 32859, Attr: R- H- S- A- CURE: Ask developer for encrypted scan strings within their programs Old Datacrime-Scanner in CompuServe: ==================================== Warning!, Signature of Datacrime-1168 found in DC89SCAN.EXE Path name: E:\OLD.TAP\TAPARC.5\DC89SCAN.EXE Time: 06:42:18, Date: 07.10.1989, Size: 18209, Attr: R- H- S- A+ CURE: Ask developer for encrypted scan strings within their programs Parson Technology Virucide.Exe ============================== Warning! Signature of Destructor #2 found in VIRICIDE.EXE Warning! Signature of AIDS-II (C) found in VIRICIDE.EXE Warning! Signature of 1210 found in VIRICIDE.EXE Warning! Signature of ItaVir #2 found in VIRICIDE.EXE Warning! Signature of Nomenclatura #3 found in VIRICIDE.EXE CURE: Ask developer for encrypted scan strings within their programs Note: AVScan may also detect Devil's Dance within VIRUCIDE.EXE Got a nice review in Virus Bulletin 1/93. However, they found some other programs, which AVScan 'flags' as infected: Virex-PC V.2.3 ============== 570 Vi-Spy Version 10 ================= Aircop Viruscure-Plus Version 2.41 =========================== Slow Support: ======== Support for AVScan is provided on an as is basis if time permits. Since we make our living out of AntiVir IV, our comercial virus remover (not a simple deleter!), you can reach us ONLY at: CompuServe 71310,3143 InterNet 71310.3143@compuserve.com Fax ++49 7542 52510 Background: =========== AVScan is based on the algorithm behind AntiVir IV, which scans for viruses in destroyed or damaged files. Some viruses do not infect all kind of files quite easily. They usually have big problems on certain files. Scanning and removing viruses on infected files is usually quite easy (advertisment: we can do it), even for encrypting viruses. The problems are damaged files where the virus overwrote parts of the host file. We take this seriously and built a scanning version into AntiVir IV. This special feature enables the user to scan for virus identities or signatures in damaged files. This algorithm is the engine within AVScan and used within AntiVir IV. AntiVir IV is a German product and available in German only. Please don't ask about an English version - new viruses keep us busy to implement new recovering methods than to build an English version. I'm sorry about that. This version of AVScan is supposed NOT to work on systems equipped with German versions of DOS - while the German version of AVScan does. Users inside Germany should get a licensed version. We're thinking of bringing AVScan to North America. Ideas welcome. You can contact us: H+BEDV GmbH Attn: Tjark Auerbach Olgastrasse 4 D-88069 Tettnang West Germany Tel ++49 7542 93040 Fax ++49 7542 52510 CompuServe 71310,3143 InterNet 71310.3143@compuserve.com AntiVir(R)IV and AVScan are copyright H+BEDV GmbH, All Rights Reserved