BleepingComputer.com: Safely Disinfect "Sick" Files

You see, I was once slammed by a wave of w32.Sality virus and I had all my executables 'sick' so only a few ones(probably the OS exe's) can be opened. When I scanned with COMODO AV, and found all of the infected files, I was asked do choose what action should I do with these files. I clicked on "Disinfect" but after all the fuss, I found out that the infected executables were permanently deleted.

I found out that COMODO is not capable of "REPAIRING" all types of infected files. AVIRA on the other hand is capable of doing it. BitDefender can also do that. GDATA is capable. I don't know about Kaspersky but I'm sure it can, too.

What other AntiVirus software is capable of repairing infected executables? You see, not all are able to do it. ESET merely quarantines infected files as well as Norton. I find Norton to have a very high detection rate and has the least usage of resources but unfortunately, it only quarantines infections.

Let's discuss about this "disinfection" module and identify which products have this module and which ones don't

It depends on the type of malware. In general, a virus infected file can be cleaned. Other types of malware like trojan, worm etc. cannot be cleaned.
In addition, some virus are badly programmed and often damage the original file beyond repair, so there is nothing you can do.

http://service1.symantec.com/sarc/sarc.nsf/info/html/cannot.repair.trojan.or.worm.html
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cannotbecleaned.shtml

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with file infectors which are extremely destructive as they inject code into critical system files making them irreparable.

Win32/Sality is a dangerous polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

I do not know of any security vendor who will guarantee complete removal of file infectors. Even vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. In my experience, users may find their system performing better for a short time after attempted disinfection only to have it become progressively worst again as the malware continues to reinfect thousands of files. Some folks will try every tool or rescue disk they can find in futile attempts to repair critical system files. If something goes awry during the malware removal process the computer may become unstable or unbootable and you could loose access to all your data. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove the infected files.

Since file infectors are often seen with backdoor Trojans your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the infection appears to have been removed.

Many experts in the security community believe that once infected with such malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. I cannot add any more to this Microsoft TechNet article: Help: I Got Hacked. Now What Do I Do?.

So, what antivirus products can remove these file injectors? I know that Avira has this component and as well as BitDefender. What about ESET? I don't know about ESET because all I can see it does it quarantine files.

I address that question in my previous reply.

Quote