Login to Account Create an Account
Is a boot scan better ?
Posted 29 June 2012 - 12:21 PM
Posted 29 June 2012 - 02:12 PM
Got a link to that info? There's variations of viruses/trojans/worms out there. What your referring to (I think) is those that "hide" themselves until placed into Memory.
But I read somewhere that since the virus is not active yet, it is harder to detect by your antivirus. Comments ????
Viruses have a certain "signature" by which the AntiVirus recognizes it, whether On The HDD or In Memory. If you scan your WHOLE HARD DRIVE off-line, they can usually be found, except those that a smart enough to "self-alter" in order to "hide" and then at StartUp (the Registry RUN/RUNONCE keys) "self-alter" again to Activate. That's why if you DO get one then it MIGHT be a booger to eradicate. In that case, special procedures need to be followed along with sometimes special "eradicator" programs. Nothing (AFAIK) is "failsafe".
Sorry, but your question is rather vague in its context.
Posted 30 June 2012 - 08:47 PM
Posted 01 July 2012 - 12:41 PM
That has both a "yes" and "no" answer (as I explained). You have a relatively good chance of catching them "slaved" but some are really smart. Deleting the contents of "TEMP" and "Temporary Internet Files" is also a good idea. Searching for any odd-named files (you need to know what to look for) in Windows Folder and Subfolders (particularly System32) the searching on that name sometimes help to find a "hiding" one.
..slaved hard drive, and that viruses may not be caught that way. Probably for the same reason as you mentioned, that they hide themselves. I guess I thought the BEST way to scan a hard drive, was to remove it from the computer and slave it to another.
I personally normally use 4 basic tools - AntiVirus, SpyBot, MalwareBytes, and CCleaner. I do NOT use the "registry cleaner" of CCleaner but include the TEMP folders in the Options and run it pretty much before each shut-down. I've only been almost hit twice by "drive-by's" (MySpace and Facebook one each). Had a booger of a time ensuring the darn things were gone (both cases were bogus ScareWare AntiVirus).
If you DO get hit (badly), do the "slave" trick, download the 3 free softwares I mentioned (in addition to a good AntiVirus), replace the HDD, boot and install/update/run each. Good chance of eliminating it except for boogers which take more research on "how to eradicate"...
Side note - apparently the latest SpyBot will allow for a Reboot/Rescan-On-Signon (before your user startup but after System Startup) to eliminate anything "in memory". Found that out last night on Daughter's unprotected Laptop...
Posted 05 July 2012 - 11:06 AM
Most active AV evasion techniques can be defeated with a boot time scan, but anything with a custom cryptor (or at least one without a signature) will not be detected. Heuristic detection is almost entirely useless at boot time, not that most AV offerings even have useful heuristic capabilities. Removal is easier, detection is not in most cases.
It's really academic at this point, with a boot time scan not being prevention or security of any sort, it's just another cleanup method.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users