Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to be 100% sure?


  • Please log in to reply
3 replies to this topic

#1 tnt4me

tnt4me

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal Canada
  • Local time:06:31 PM

Posted 16 December 2010 - 12:10 PM

seasons greetings to all; besides the usual in depth scans that can be done with our own protection kit,what can we do for verifying there is really no infections?is there another way of i guess it would be "cleaning"to check for viruses ect.i think the obvious answer would be by analyzing each and every file but that would be very time consuming. finding the suspicious file and doing an online verification could also be done. i was just a bit worried because my anti virus put some infected files in the vault and i emptied it without writing down the name and place of each file.would that be something i should worry about?as long as i don't open the exe i should be okay,no??i don't think they are anything serious,although it did indicate the severity of possible infection was in the red.one more quick question.can you recommend a good anti virus, real time protection that won't use up too much resources? i am presently using avg and i do like it,but i find and have read that it uses too much resources.thanks.

Edited by hamluis, 16 December 2010 - 02:01 PM.
Moved from XP to AV, Firewall, Privacy Protection ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 16 December 2010 - 02:26 PM

how to be 100% sure?

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with backdoor Trojans, Botnets, IRCBots and rootkits that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Security vendors that claim to be able to remove rootkits and backdoor Trojans cannot guarantee that all traces of will be removed as they may not find all the remnants. This means infections will vary and some will cause more harm to your system than others as backdoor Trojans not only compromise your system, they have the ability to download even more malicious files. Since infections and severity of damage will vary, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous.

Many experts in the security community believe that once infected with such malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


i was just a bit worried because my anti virus put some infected files in the vault and i emptied it without writing down the name and place of each file.would that be something i should worry about?

When an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through security routines which may copy, rename, encrypt and password protect the file before moving. One reason for doing this is to prevent deletion of a legitimate file file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list.

If you're not sure about the file placed in quarantine or suspect it may be a "false detection", check your anti-virus user manual or look for documentation, FAQs on the vendor's web site. Some security programs have built-in options for submitting a file directly from the quarantined area to the vendor's lab for analysis. Most user guides will explain how to do that. Other anti-virus solutions automatically submit files or provide an alert to do so if you have checked the option to "Submit for analysis in the program's settings. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

Anytime you come across a suspicious file for which you cannot find any information about or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Other resources:

can you recommend a good anti virus, real time protection that won't use up too much resources

Choosing an anti-virus is a matter of personal preference, your needs, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. You may need to experiment and find the one most suitable for your needs. For more specific information to consider, please read Choosing Your Anti-virus Software.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.


My personal choice is NOD32 Anti-Virus if choosing a paid for program as it leaves a small foortprint or one of the following if choosing a free alternative.
I have been disappointed with AVG ever since they made a decision in April 2010 to partner with LimeWire and promote the use of peer-to-peer (P2P) file sharing, a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

With the release of AVG 2011, there have been numerous complaints about issues and conflicts with other security tools like Malwarebytes' Anti-Malware. Read the related discussions at AVG:There have been reports of issues with the computer starting properly on 64-bit Windows sytems for which AVG has had to release these fix instructions.

There have also been reported problems with computers after using new features like PC Analyzer and PC Tuneup which purport to fix registry errors in order to make the system more stable and various optimizing tools which can make changes to system settings.

I do not recommend the routine use of registry cleaners/optimizers as they are extremely powerful applications that can damage the Windows registry by using aggressive cleaning routines and cause your computer to become unbootable. The registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from booting properly. For routine use, the benefits to your computer are negligible while the potential risks are great.

For these reasons, I no longer recommend AVG as a free alternative.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tnt4me

tnt4me
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal Canada
  • Local time:06:31 PM

Posted 16 December 2010 - 06:00 PM

i have to say thank you for the detailed response,i will definitely be using some of your good advice.i hope in writing this it will also help others as well.your responses are much appreciated.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 16 December 2010 - 08:24 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users