Free software for DOS >  
 
home
   
about

Antivirus

     

[2016-10-06: This page is outdated and of historical signifigance only- no one is creating new viruses for DOS these days. If you are running a vintage DOS pc, then your likely already well aware of the ancient risks of total compromise....]

 


> ANTIVIRUS SCANNERS

> FILE CHECKSUM UTILS

> DISK SECURITY

 

ANTIVIRUS SCANNERS

F-Prot — Antivirus monitor, scanner, and disinfectant.

* * * * *

[updated 2005-07-01]

F-Prot is a shareware antivirus package that has received rave reviews. Not only is it free for individual (non-commercial) use, but it is updated frequently in order to keep pace with new virus types – over 311,000 viruses, Trojans, etc. in database. Can scan within archives (ARJ / CAB / LZH / RAR / ZIP), many packed executables, and email. Requires 80386+ (DOS extender built in). Runs under DOS, DOS32, OS/2 and under Win9x in box, full screen, or when booted to command prompt (best).

Usage: F-PROT [drive, file or directory] [options]

If a drive, file or directory is given, F-PROT will enter
command-line mode, unless the /INTER option is given as well.

/AI Enable neural-network virus detection.
/APPEND Append to existing report file.
/ARCHIVE=n Scan inside archives (n levels deep)
/AUTO Automatic virus removal.
/BEEP Beep when a virus is found.
/CDROM Scan any attached CD-ROM drives.
/COLLECT Scan a virus collection.
/DELETE Delete infected files.
/DISINF Disinfect whenever possible.
/DUMB Do a "dumb" scan of all files.
/EXT Scan only files with default extensions.
/FREEZE "Freeze" the program if a virus is found.
/HARD Scan the hard disk(s).
/HELP Display this list.
/INTER Force interactive mode.
/LIST List all files checked.
/LOADDEF Load DEF files from a floppy.
/NET Scan network directories mapped to a drive.
/NOBOOT Do not scan boot sectors.
/NOBREAK Do not abort scan if ESC is pressed.
/NOFILE Do not scan files.
/NOFLOPPY For use on system without floppy drives.
/NOHEUR Disable heuristics.
/NOLFN Disable long file name support.
/NOMEM Do not scan memory for viruses.
/NOSUB Do not scan subdirectories.
/OLD Do not complain when using outdated DEF files.
/ONLYHEUR Only use heuristics, not "normal" scanning.
/PACKED Unpack compressed executables.
/RENAME Rename infected COM/EXE files to VOM/VXE.
/REPORT= Send the output to a file.
/SERVER Activate mail filter heuristics.
/TYPE Select files by type. (default)
/VIRLIST List the known viruses.
/VIRNO Count the known viruses.
/WRAP Wrap text so the report fits in 78 columns.

Special options for command-line mode:

/PAGE Pause after each page.
/SILENT Do not generate any screen output.

Special macro virus options:

/NOMACRO Do not scan for macro viruses.
/ONLYMACRO Only scan for macro viruses.
/REMOVEALL Remove all macros from all documents.
/REMOVENEW Remove new variants of macro viruses by
removing all macros from infected documents.
/SAFEREMOVE Remove all macros from documents, if a known
virus is found.

Author: Friðrik Skúlason / Frisk Software International, Iceland (2005).

2005-04-07: v3.16b.

Download all three files (always current)
f-prot.zip
(~2.6MB)
Program, docs
fp-def.zip
(4.4MB+)
Virus signature files
macrdef2.zip
(250K+)
Macrovirus signature files

Go to Frisk Software International's Home page and to the Current versions page, for F-Prot for other OSes (free for Linux, BSD, Solaris, but not Windows), assorted other files, virus news & more.

 

RHBVS (ROSE SWE's Heuristic Based Virus Scanner) — Command line scanner.

* * * *

[added 2000-05-13, updated 2010-03-03]

RHBVS differs from other scanners listed here because it's based solely on heuristic analysis of file characteristics. Compared with their conventional, counterparts, heuristic scanners don't require the often huge virus signature databases, and consequently tend to be smaller and shouldn't require as much updating (except for engine revisions). A good heuristic scanner should be able to detect novel and mutated viruses that are not yet in databases. On the downside, the detection capability of heuristic scanners is only as good as the underlying algorithms. Many heuristic scanners seem to generate more false positives than their conventional counterparts (in our use, RHBVS has tended to bite on DOS TSR executables and on some Windows files). Heuristic scanners can also be slower.

RHBVS detects batch viruses, Trojans, malware, scripting viruses (Corel Draw, VBS, HTML, Windows Batch), JavaScript and IRC worms, and more. Minimum requirements: DOS 5.0, 2MB RAM, 80486.

[ Usage ]=-------- RHBVS  [-/options] [drive:[\path1] [path2]] [-/options]
+-- root in drive c: --- rhbvs c:
Scan recursivly from --+-- given path --- rhbvs drive:\path
+-- current folder --- rhbvs .

-----[ Options ]--------------------------------------------------------------
-help, -? Show this short help. See also RHBVS.DOC. Try also -??
-all Scans all files *.* (Default: Executables, Scripts, HTML & Mirc)
-auto Scan in all local and remote drives (Without A: & B:)
-beep Beep when a virus is found. (Default: OFF)
-comp Include generic DOS companion detection (Default: OFF)
-del -delYN Deletes infected files without any query/with query (Default: OFF)
-showerr Shows file access errors etc.

-----[ Undocumented switches ]-----------------------------------------------
For experienced users only :-))

/Extr Extracts signature from executable files. (Default: OFF)
/FileType Prints after each infected file the file type (DOS COM/EXE)
/NoCheckCRC Skip selftest - useful if RHBVS is infected by a virus
/NoLiveBait Skips "Live Bait Test" suite. /NoMem, skips quick memory test
/NoPathCompanion Skip "Path Companion" tests. /NoHMA, skips HMA memory test
/NoSig Skip RHBVS.SIG (Default: OFF)
/NoSub Do not recursive scan sub directories, only specified directory
/NoVBS Skip scanning of VBS/Mirc/HTML & JS viruses (Default: Do scanning)
/OnlyFull Shows only fully detected script viruses (only useful for teachin)
/Raw Converts DOS charset to UNIX readable format, e.g. -- gets ==
/Rename Smart renaming, depending on the entry point, e.g. MZ/ZM gets .EXE
/RenMarx Smart renaming, using extension .??$ (used by Andreas Marx)
/Renumber /Rename and create unique filename, based on a counter
/Renumber=Value Start counting/renameing with "value".
/RenPE Rename Win/NT portable EXE files to .PE/LX/NE/LE instead of .EXE
/SigOnly Use only RHBVS.SIG for scanning. (Default: OFF)
/Trj- /NoTrj unload the signature file VIRSCAN.TRJ (Default: LOAD)
/Report Logs all scanned files, regardless if infected or not. Req. /LOG=
/UnDoc -?? This guru help (what did you expect?)
/Virsort Generate a log suitable for VirSort & ZOO-Sort (requires /LOG)
/Whole Analyse the whole file (only useful to examine virus behaviour)

Run RHBVS.EXE with:
/?   or   -?   to see the basic options.
/??   or   -??   or   /UNDOC   to see the advanced options.

Limitations: No repair functions, doesn't handle boot sector infectors.

Our recommendations: Use it in addition to, not in place of, a good database-type scanner with repair functions. To avoid losing Windows files (because many executables, including *.OCX, *.DLL and others, generate false positives), back them up or turn renaming and deleting off.

Author: Ralph Roth / ROSE Software Engineering (ROSE SWE), Germany (2010). Suggested by CyberRax.

2010-02: v4.72 available.

Download latest version from author's site....

 

Kaspersky Antivirus 32 (KAV, KAV32) — Antivirus scanner and disinfectant.

* * * * *

[added 2005-08-22, updated 2006-08-21]

KAV is one of the best antivirus programs, with thorough scans, many user options, and hourly updates of its databases. Runs from command line with parameters typed in, or from batch file, or from a graphical shell. Settings can be stored in a plain-text file (default name DEFDOS32.PRF), either by editing directly or from the shell. 32-bit program (DOS extender built in), requires 80386+. Runs under DOS, DOS32, OS/2, and under Win9x in box, full screen, or when booted to command prompt (best).

Some features:
Usage: KavDos32.exe [options] path[\name][...]
Path - any DOS path, * or *: - all local disks
Name - wildcards * or ? Default is executable files
Valid options are:
/- disinfect /D daily
/E delete infected files /F=filename load alternate profile
/XF=masks exclude files /@=filename check files by list
/XD=masks exclude directories /@! delete list after scanning
/1 check only one floppy disk /*[-] check all files
/M[-] skip memory test /S[-] sound off
/P[-] skip Master Boot Record test /R[-] do not scan subdirectories
/B[-] skip DOS Boot Sector test /W[T|A][+|-][=filename] save report
/U[-] disable unpack T truncate existing report
/A[-] disable extract A appends to existing report
/H[-] disable heuristic analysis - or + extended/normal report
/V[-] enable redundant scanning /MD[-] check mail databases
/K[-] disable pack info /MP[-] check plain mail
/O[-] write OK messages /Y[-] skip all dialogs
/Z[-] disable aborting /? help screen
/VL[=filename] display virus list
For all options '-' inverts the default meaning.

Return codes (DOS Errorlevel) for use in batch files:
0 - No viruses were found
1 - Virus scan was not complete
3 - Suspicious objects were found
4 - Known viruses were detected
5 - All detected viruses have been deleted
7 - File KAVDOS32.EXE is corrupted

Scan times can be very long: Rather than one or a few database files, Kaspersky supplies ~160 small, specialized files – loading and switching slow operation down. Help: Configure carefully, to avoid scanning unchanged files repeatedly; run overnight.

Author: Eugene Kaspersky / Kaspersky Lab, Russia (2001).

2001-05-31: v3.0 build 135. Last for DOS. No longer supported, but still works with current databases. Program, batch and configuration files are in English, but the README and the optional Windows localization file are in Russian only. A separate, small package contains English README and localization files.

Downloads



kavdos32.rar
(329K)
Program package

Data files are online at these sites:
Germany ftp  —  Germany http  —  Netherlands ftp  —  Netherlands http  —  Russia 1 ftp  —  Russia 1 http  —  Russia 2 ftp  —  Russia 2 http  —  US ftp  —  US http

Get av-i386-cumul.zip (cumulative, all files, ~8MB). Update with av-i386-weekly.zip (~1-2MB). Both packages are released every Sunday at 0500 hours Moscow time (UTC +3). Note that av-i386-weekly.zip is also cumulative, but over a period of two weeks – if you miss two consecutive releases, start over again with av-i386-cumul.zip.

Between Sundays, update with av-i386-daily.zip (200K and up, released hourly). This package is also cumulative, for a period of one week minus two hours – if you don't run KAV every hour or day, you can pass over some, or even all, releases. Note: Updates even with a week's last version of av-i386-daily.zip are not a substitute for regular updates with av-i386-weekly.zip.

Go to Kaspersky Lab for paid versions (with free trial) for other OSes, other related programs, and virus news & info. Pages in Russian, English, French, German, Chinese, Japanese, Polish, Dutch.

 
FILE CHECKSUM UTILS

Using a variety of algorithms, these utils calculate a unique signature or "fingerprint" for a file. By calculating the checksum value for a program file you can compare this value to a reference, valid value and determine if the file has been modified by viruses, hacking / editing, transmission errors, or other actions.

 

MD5SUM — Calculate and verify MD5 hash values for files.

* * * * *

[added 2000-08-09, updated 2005-12-09]

This program, originally for Unix, will calculate an MD5 value for a given file and also allows you to check the values against an existing, valid value to determine if the file has been changed/corrupted. MD5SUM is most often used to validate the integrity of transferred files which have a reference MD5 value stored on the server. But I employ it as a cheap, antiviral "checksum comparer" for files on my local hard drive. 16-bit program, w/ source in package.

As a simple usage example, first generate a file (TEST.MD5) holding a baseline MD5 value for a given file (MY.ZIP):

MD5SUM -b MY.ZIP >TEST.MD5
(-b: assume binary file). To check the MD5 value of the file at a later date (or to validate copy of file) use,
MD5SUM -b -c TEST.MD5
If the values match, output will be:
"C:\MY.ZIP: OK"
If new value doesn't match:
"C:\MY.ZIP: FAILED"

Notes: MD5SUM doesn't accept wildcards – if you want to obtain many file values at once, write an appropriate batch file. For an entire drive, you could use an easy batch helper like Locate to collect baseline values, e.g., all *.exe files on drive C, write a batch similar to:

locate C:*.exe /o:"MD5SUM -b &F>>BASELN.MD5"> MD5DRV.BAT
Run MD5DRV.BAT at any time, or just replace the  /o  switch above with  /c  to execute immediately.

Run
MD5SUM -c BASELN.MD5
after MD5DRV.BAT, to compare later values against baselines.

Authors: Branko Lankester, Netherlands; Colin Plumb, Canada (1993). Compilation & docs by Michael Paul Johnson (1995, 2000).

Versions       
1995-02-04:
Unnumbered release
2000-08-14:
Revised documentation

Download md5sum.zip (34K).

For a 32-bit version w/ Win9x LFN support, see GNU Textutils – Summarizing Files.

 

CHKSUM — Calculates 32 bit CRC and 16 bit checksums.

unrated

[added 1999-06-12, updated 2000-06-05]

CHKSUM calculates two checksums for each file: a 32-bit CRC and a 16-bit checksum. Also 16- and 32-bit "master" total checksums are calculated for all files successfully processed. Handles Win9x long pathnames. Runs on any PC, 8086 & up. NASM source included, distributed under GNU Public License.

Syntax:  CHKSUM  [filespecs] [switches]
/S recurse into subdirectories
/M page output
/H do not hook critical errors

Filespecs may include DR DOS-style file lists.

Author: Charles Dye / Freeware, FreeDOS and 4DOS-related stuff (2000).

2000-04-24: v1.04a.

Download chksum.zip (37K).

More in these pages from Charles Dye.

 
DISK SECURITY
 

ADinf (Advanced Diskinfoscope) — Antiviral, disk integrity checker.

unrated

[added 1999-04-13, updated 2005-06-01]

From the docs:
... a unique and powerful disk integrity checker which scans a disk, reading its sectors...through BIOS. It does not utilize DOS tools in searching for infectors and, therefore, can trap formidable stealth viruses that are known to intercept more than twenty DOS functions. It also traps infectors in disk drivers and hitherto unknown viruses...Unlike other anti-virus tools...ADinf detects viruses on booting a system from the hard disk...[B]esides detecting infectors, ADinf scrupulously x-rays a system for full data integrity and security, and for other data modifications...
ADinf reads vital data about such parameters as the memory size, the address of Int 13h handler in BIOS, Hard Disk Parameter Tables, the master boot record and boot sectors, bad clusters, directory tree, and data on all files under control; then creates a [hidden] diskinfo table for every drive and saves [table in root directory]... At subsequent starts, ADinf first reads these parameters and compares them with those in its diskinfo tables. During scanning it notes any changes in the size of the memory allotted to DOS, Hard Disk Parameter Tables, master boot record, boot sectors of every logical drive, as well as new bad clusters, directories and files newly created or deleted since the last check, and changed files.

Includes Cure Module (ADinfExt), "A Curing Companion to Advanced Diskinfoscope"

Authors: ADinf by Dmitry Mostovoy (2000); ADinfExt by Vitaly Ladygin, Denis Zuyev & Dmitry Mostovoy; Russia (1999). Suggested by Yves Bellefeuille's Best freeware for DOS and Windows 3.1.

2000-05-31: v12.14, last for DOS. Lacks some features found in the commercial (32-bit) version. Available in Russian, German, English language packages. History in Russian package only.

Downloads
English
(337K)
Russian
(353K)
German
(351K)

Get related files at the ADinf ftp archive at the Keldysh Institute of Applied Mathematics, Russia. Note: Link to French version is wrong – gets English only.

Get info on the 32-bit version for DOS & Windows at the ADinf Web-site, in Russian, or in English.

 

DISKSECURE — Protects basic disk files from Viruses.

unrated

[added 1998-10-25]

Reviewed by Howard Schwartz (10-06-98)

DISKSECURE: There are three critical files (well, not actually files) at the beginning of your hard disk that perhaps up to 1/3 of the viruses in the wild like to hide in, or like to attack and corrupt:
  1. The "Master Boot Record" contains basic software that your computer executes every time you start up and boot your computer. If they hide here, "stealth" and/or "boot sector" viruses can get executed each time you start your computer, and then hide in ram.
  2. The "Partition Table" describes how many partitions you have on your disk, what type they are, and where they are.
  3. The "File Allocation Table" probably should be called the directory allocation table. It describes where to find all the directories on each partition, and, where to go on the disk, to find out which files are in each directory.
By corrupting or destroying any one of these three items, a virus can make a disk completely unusable. DISKSECURE protects items #1 and #2 from viruses:

DISKSECURE also includes a program that bypasses its defenses if you want a program to be able to access your hard disk's beginning sectors directly. DISKSECURE cannot protect your File Allocation Table in this way because it is constantly being written to and changed as new files are created, old ones deleted, etc. To protect this critical table, use a utility like STF.COM (save the FAT) to back it up each time you start your computer.

Author: Padgett Peterson (1994).

1994-03-20: v2.42.

Download ds242.zip (31K).

 

Go to Top | Front Page ]


©1994-2016 Rich Green.
©2004-2016, Steve Adelwitz (Short.Stop).