to complete an anti-virus or anti-malware scan depends
on a variety of factors
- The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
- Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
- Options to scan memory, boot sectors, registry and alternate data streams (ADS).
- Type of scan performed: Deep, Quick or Custom scanning.
- What action has to be performed when malware is detected.
- A computer's hard drive size.
- Disk used capacity (number of files to include temporary files) that have to be scanned.
- Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
- Whether external drives are included in the scan.
- Competition for and utilization of system resources by the scanner.
- Other running processes and programs in the background.
- Interference from malware.
- Interference from the user.
To speed up your scans, uninstall unnecessary programs, clean out the temporary files
or use ATF Cleaner
first, temporarily disable any other real-time protection tools
, close all open programs and do not use
the computer during the scan. If the scan still seems slow or hangs, then try performing the scan in "safe mode
".Note: It is not unusual for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files. Certain files in the System Volume Information Folder like the Tracking.log (created by the Distributed Link Tracking Service to store maintenance information) have also been reported as a source causing some scanners to hang.Additional Note
: If you are using a CD Emulator (Daemon Tools
, Alchohol 120%
, etc) be aware that they use rootkit-like techniques to hide from other applications and can interfere with investigative or anti-rootkit (ARK) tools. This interference can produce misleading or inaccurate scan results, false detection
of legitimate files, cause unexpected crashes, BSODs
, and general dross. This 'dross' often makes it hard to differentiate between genuine malicious rootkits and the legitimate drivers used by CD Emulators. In some cases, the drivers related to such tools can cause crashes or system hanging when attempting to boot into safe mode. Since CD Emulators use a hidden driver which can be seen as a rootkit and interfere with providing accurate results or cause other problems, it is recommended that they be removed or disabled until your scans have been completed.
Edited by quietman7, 15 March 2010 - 12:00 PM.