76476.337@CompuServe.COM (Robert McClenon) (05/18/91)
An associate of mine had a problem at work today. He was trying
to use IBM's VIRSCAN to scan a diskette for viruses. The diskette
supposedly contained three PowerPoint files with extensions of .PPT
and nothing else. The scan resulted an error message being displayed
three times saying something to the effect of: An invalid opcode was
encountered without an error handler being registered. This message
did not say where the error was found. Then his workstation "froze
hard", and he had to power it off to restart it. Was this error
message coming from VIRSCAN or from DOS? If it was coming from
VIRSCAN, what was VIRSCAN trying to do and what was it really doing?
His theory is that VIRSCAN was scanning the entire diskette rather
than all files and was being confused by fragments of deleted files,
and locked up because of an uncertain situation. I am wondering
whether the error was coming from DOS, and indicates that his copy of
VIRSCAN on his hard disk is bad and should be reinstalled. Has anyone
ever seen this message before? Where does it come from? What does it
mean?
Robert McClenon
Neither my employer nor anyone else paid me to say this.
My opinions may be someone else's, but then again they might
not.CHESS@YKTVMV.BITNET (David.M.Chess) (05/21/91)
> From: "Robert McClenon" <76476.337@CompuServe.COM> > > The scan resulted an error message being displayed >three times saying something to the effect of: An invalid opcode was >encountered without an error handler being registered. This message >did not say where the error was found. Heh! That error message is coming from the FAPI interface code in VIRSCAN.EXE. (VIRSCAN is a "Family Application" that can run under either OS/2 or DOS.) The only time I've seen it before is when something has damaged the VIRSCAN.EXE file (and damaged it enough that it bombs before it gets to the self-check). Could this VIRSCAN.EXE have been damaged by something? Some viruses, the 1813 (Jerusalem) for example, have bugs that keep them from correctly infecting Family Apps, and they sometimes break them instead. I'd suggest that your friend get a known-good copy of VIRSCAN.EXE, and run it from a write-protected floppy. That's the best advice I can think of at the moment... DC