Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safely Disinfect "Sick" Files


  • Please log in to reply
4 replies to this topic

#1 Kirk Gandril

Kirk Gandril

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 14 November 2010 - 06:31 AM

You see, I was once slammed by a wave of w32.Sality virus and I had all my executables 'sick' so only a few ones(probably the OS exe's) can be opened. When I scanned with COMODO AV, and found all of the infected files, I was asked do choose what action should I do with these files. I clicked on "Disinfect" but after all the fuss, I found out that the infected executables were permanently deleted.

I found out that COMODO is not capable of "REPAIRING" all types of infected files. AVIRA on the other hand is capable of doing it. BitDefender can also do that. GDATA is capable. I don't know about Kaspersky but I'm sure it can, too.

What other AntiVirus software is capable of repairing infected executables? You see, not all are able to do it. ESET merely quarantines infected files as well as Norton. I find Norton to have a very high detection rate and has the least usage of resources but unfortunately, it only quarantines infections.

Let's discuss about this "disinfection" module and identify which products have this module and which ones don't

BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:18 PM

Posted 14 November 2010 - 10:07 AM

It depends on the type of malware. In general, a virus infected file can be cleaned. Other types of malware like trojan, worm etc. cannot be cleaned.
In addition, some virus are badly programmed and often damage the original file beyond repair, so there is nothing you can do.

http://service1.symantec.com/sarc/sarc.nsf/info/html/cannot.repair.trojan.or.worm.html
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cannotbecleaned.shtml

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:18 PM

Posted 14 November 2010 - 01:52 PM

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with file infectors which are extremely destructive as they inject code into critical system files making them irreparable.

Win32/Sality is a dangerous polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

I do not know of any security vendor who will guarantee complete removal of file infectors. Even vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. In my experience, users may find their system performing better for a short time after attempted disinfection only to have it become progressively worst again as the malware continues to reinfect thousands of files. Some folks will try every tool or rescue disk they can find in futile attempts to repair critical system files. If something goes awry during the malware removal process the computer may become unstable or unbootable and you could loose access to all your data. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove the infected files.

Since file infectors are often seen with backdoor Trojans your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the infection appears to have been removed.

Many experts in the security community believe that once infected with such malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. I cannot add any more to this Microsoft TechNet article: Help: I Got Hacked. Now What Do I Do?.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Kirk Gandril

Kirk Gandril
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 15 November 2010 - 09:33 PM

So, what antivirus products can remove these file injectors? I know that Avira has this component and as well as BitDefender. What about ESET? I don't know about ESET because all I can see it does it quarantine files.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:18 PM

Posted 16 November 2010 - 08:20 AM

I address that question in my previous reply.

I do not know of any security vendor who will guarantee complete removal of file infectors. Even vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users