Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Is a boot scan better ?

- - - - -

  • Please log in to reply
4 replies to this topic

#1
mike13

mike13

    Member

  • Member
  • PipPip
  • 148 posts
  • Joined 25-June 02
  • OS:Windows 7 x64
  • Country: Country Flag
I always thought that running a virus / malware a scan during boot up, before Windows loads everything, is better because the virus / malware is not enabled yet. But I read somewhere that since the virus is not active yet, it is harder to detect by your antivirus. Comments ???? Thanks, Mike


How to remove advertisement from MSFN

#2
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,282 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

But I read somewhere that since the virus is not active yet, it is harder to detect by your antivirus. Comments ????

Got a link to that info? There's variations of viruses/trojans/worms out there. What your referring to (I think) is those that "hide" themselves until placed into Memory.

Viruses have a certain "signature" by which the AntiVirus recognizes it, whether On The HDD or In Memory. If you scan your WHOLE HARD DRIVE off-line, they can usually be found, except those that a smart enough to "self-alter" in order to "hide" and then at StartUp (the Registry RUN/RUNONCE keys) "self-alter" again to Activate. That's why if you DO get one then it MIGHT be a booger to eradicate. In that case, special procedures need to be followed along with sometimes special "eradicator" programs. Nothing (AFAIK) is "failsafe".

Sorry, but your question is rather vague in its context.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#3
mike13

mike13

    Member

  • Member
  • PipPip
  • 148 posts
  • Joined 25-June 02
  • OS:Windows 7 x64
  • Country: Country Flag
Submix8c, Thanks for the reply. I do not know how to give you a link, but if you look at my older post on this site called FRAUD.SECURITY ESSENTIALS, in post number two, Tripredacus talked about scanning a slaved hard drive, and that viruses may not be caught that way. Probably for the same reason as you mentioned, that they hide themselves. I guess I thought the BEST way to scan a hard drive, was to remove it from the computer and slave it to another. Thanks, Mike

#4
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,282 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

..slaved hard drive, and that viruses may not be caught that way. Probably for the same reason as you mentioned, that they hide themselves. I guess I thought the BEST way to scan a hard drive, was to remove it from the computer and slave it to another.

That has both a "yes" and "no" answer (as I explained). You have a relatively good chance of catching them "slaved" but some are really smart. Deleting the contents of "TEMP" and "Temporary Internet Files" is also a good idea. Searching for any odd-named files (you need to know what to look for) in Windows Folder and Subfolders (particularly System32) the searching on that name sometimes help to find a "hiding" one.

I personally normally use 4 basic tools - AntiVirus, SpyBot, MalwareBytes, and CCleaner. I do NOT use the "registry cleaner" of CCleaner but include the TEMP folders in the Options and run it pretty much before each shut-down. I've only been almost hit twice by "drive-by's" (MySpace and Facebook one each). Had a booger of a time ensuring the darn things were gone (both cases were bogus ScareWare AntiVirus).

If you DO get hit (badly), do the "slave" trick, download the 3 free softwares I mentioned (in addition to a good AntiVirus), replace the HDD, boot and install/update/run each. Good chance of eliminating it except for boogers which take more research on "how to eradicate"...

HTH

Side note - apparently the latest SpyBot will allow for a Reboot/Rescan-On-Signon (before your user startup but after System Startup) to eliminate anything "in memory". Found that out last night on Daughter's unprotected Laptop...

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#5
Synja

Synja
  • Member
  • 4 posts
  • Joined 05-July 12
  • OS:Windows 7 x86
  • Country: Country Flag
There is a tradeoff in detection capability.

Most active AV evasion techniques can be defeated with a boot time scan, but anything with a custom cryptor (or at least one without a signature) will not be detected. Heuristic detection is almost entirely useless at boot time, not that most AV offerings even have useful heuristic capabilities. Removal is easier, detection is not in most cases.

It's really academic at this point, with a boot time scan not being prevention or security of any sort, it's just another cleanup method.
Synja/Rob
Sr. Systems Engineer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN