76476.337@CompuServe.COM (Robert McClenon) (05/18/91)
An associate of mine had a problem at work today. He was trying to use IBM's VIRSCAN to scan a diskette for viruses. The diskette supposedly contained three PowerPoint files with extensions of .PPT and nothing else. The scan resulted an error message being displayed three times saying something to the effect of: An invalid opcode was encountered without an error handler being registered. This message did not say where the error was found. Then his workstation "froze hard", and he had to power it off to restart it. Was this error message coming from VIRSCAN or from DOS? If it was coming from VIRSCAN, what was VIRSCAN trying to do and what was it really doing? His theory is that VIRSCAN was scanning the entire diskette rather than all files and was being confused by fragments of deleted files, and locked up because of an uncertain situation. I am wondering whether the error was coming from DOS, and indicates that his copy of VIRSCAN on his hard disk is bad and should be reinstalled. Has anyone ever seen this message before? Where does it come from? What does it mean? Robert McClenon Neither my employer nor anyone else paid me to say this. My opinions may be someone else's, but then again they might not.
CHESS@YKTVMV.BITNET (David.M.Chess) (05/21/91)
> From: "Robert McClenon" <76476.337@CompuServe.COM> > > The scan resulted an error message being displayed >three times saying something to the effect of: An invalid opcode was >encountered without an error handler being registered. This message >did not say where the error was found. Heh! That error message is coming from the FAPI interface code in VIRSCAN.EXE. (VIRSCAN is a "Family Application" that can run under either OS/2 or DOS.) The only time I've seen it before is when something has damaged the VIRSCAN.EXE file (and damaged it enough that it bombs before it gets to the self-check). Could this VIRSCAN.EXE have been damaged by something? Some viruses, the 1813 (Jerusalem) for example, have bugs that keep them from correctly infecting Family Apps, and they sometimes break them instead. I'd suggest that your friend get a known-good copy of VIRSCAN.EXE, and run it from a write-protected floppy. That's the best advice I can think of at the moment... DC