Mail Archives: djgpp/1997/10/23/11:48:57
ringil3 AT hotmail DOT com wrote:
>
> Hi everyone.
> A few weeks ago I heard about DJGPP compiler, and recently downloaded
> it
> from the tasmanian government mirror. When extracting DJDEV201.ZIP on
> my
> win95 machine, ThunderByte AV (V 8.00) interrupted some files,
> claiming
> that they contained "unknown viruses". The files and the messages
> TBAV
> gave are listed below. Is this just part of the files, or are they
> infected with something nasty.
>
> The files are:
> djtart.exe; djtarx.exe; dtou.exe; dexegen.exe; echo.exe; go32-v2.exe;
> merge.exe; redir.exe; split.exe; symif?.exe (not sure of last letter,
> p or
> y I think); update.exe; and utod.exe
>
> All of them had these comments from TBAV:
> *Suspicious or odd stack
> *Checks for exe or com files
> *invalid opcode (non 8088) or out of range branch
> Some also had this comment:
> *additional data at end of file, probably internal overlay
Dave, you'd better get a newer virus checker,
non 8088 opcodes are fairly common these days. Probably
the thing get thoroughly confused by the stub.
FIW, here is the output of unzip -v djdev* |grep bin/
from my UNIX machine (so no chance on my side to
introduce a virus).
Cross check your output, especcially the CRC-32 fields
Archive: djdev201.zip
Length Method Size Ratio Date Time CRC-32 Name
------ ------ ---- ----- ---- ---- ------ ----
23 Stored 23 0% 02-27-95 02:46 c19367f2
bin/coff2exe.bat
187110 Defl:X 74154 60% 09-26-96 22:51 680d0c59 bin/djasm.exe
81408 Defl:X 45847 44% 10-31-96 19:14 984c0852 bin/djtar.exe
2048 Defl:X 1526 26% 10-05-96 20:49 537f381b bin/djtart.exe
2048 Defl:X 1526 26% 10-05-96 20:49 537f381b bin/djtarx.exe
53760 Defl:X 31808 41% 10-31-96 19:14 f6b6ba02 bin/dtou.exe
61440 Defl:X 34653 44% 01-23-96 22:03 c357b3a3 bin/dxegen.exe
39424 Defl:X 22718 42% 10-31-96 19:14 645b3c16 bin/echo.exe
79360 Defl:X 41746 47% 10-31-96 19:13 bd50cac9
bin/edebug32.exe
30184 Defl:X 12314 59% 01-23-96 22:07 d4f1b2e2 bin/emu387.dxe
91431 Defl:X 36173 60% 09-26-96 22:51 b5cddede
bin/exe2coff.exe
139776 Defl:X 76628 45% 10-31-96 19:13 927c16e5 bin/fsdb.exe
62468 Defl:X 34781 44% 08-12-96 22:57 803b2e81
bin/go32-v2.exe
37376 Defl:X 21339 43% 10-31-96 19:14 0da4668f bin/merge.exe
60416 Defl:X 34949 42% 10-31-96 19:14 a92a8863 bin/redir.exe
5 Stored 5 0% 10-01-95 00:12 ad287931 bin/rem.com
425 Defl:X 262 38% 06-16-95 01:56 0e87e06d
bin/setdjgpp.bat
37888 Defl:X 21752 43% 10-31-96 19:14 58db3765 bin/split.exe
104224 Defl:X 41773 60% 10-26-96 10:09 96011649
bin/stubedit.exe
112277 Defl:X 45986 59% 10-05-96 20:49 04de6197
bin/stubify.exe
53760 Defl:X 30316 44% 10-31-96 19:13 31f9ca4a
bin/symify.exe
82432 Defl:X 39487 52% 01-14-96 19:13 3b0159fa
bin/texi2ps.exe
37376 Defl:X 21390 43% 10-31-96 19:14 ac6b41fd
bin/update.exe
53760 Defl:X 31808 41% 10-31-96 19:14 e15311f1
bin/utod.exe
--
Ciao
Tom
*************************************************************
* Thomas Demmer *
* Lehrstuhl fuer Stroemungsmechanik *
* Ruhr-Uni-Bochum *
* Universitaetsstr. 150 *
* D-44780 Bochum *
* Tel: +49 234 700 6434 *
* Fax: +49 234 709 4162 *
* http://www.lstm.ruhr-uni-bochum.de/~demmer *
*************************************************************
- Raw text -