MBAM is designed to remove malware as effectively with a Quick Scan as it will with a Full Scan which takes much longer to complete. Both scans use heuristics
that bypasses polymorphic blackhat packers & encryption, MD5
, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers. The Quick Scan looks at the most prevalent places for active malware so scanning every single file on the drive isn't always necessary. The Full Scan only has the ability to catch more traces in rare circumstances but it can be used to scan every drive (including removable) on the system.
to complete an anti-virus or anti-malware scan depends
on a variety of factors
Note: When doing a Full scan, it is not unusal for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files. Certain files in the System Volume Information Folder like the Tracking.log which is created by the Distributed Link Tracking Service to store maintenance information have also been reported as a source causing some scanners to hang.
- The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning for suspicious behavior or a combination of both.
- Options to scan for spyware, adware, riskware and potentially unwanted or unsafe programs (PUPs).
- Options to scan memory, boot sectors, registry and alternate data streams (ADS).
- Type of scan performed: Deep, Quick or Custom scanning.
- What action has to be performed when malware is detected.
- Type of operating system installed on the computer.
- A computer's hard drive size.
- Disk used capacity (number of files to include temporary files) that have to be scanned.
- Types of files (.exe, .dll, .tmp, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
- Whether external drives are included in the scan.
- Competition for and utilization of system resources by the scanner.
- Other running processes and programs in the background.
- Interference from malware.
- Interference from the user.