to complete an anti-virus or anti-malware scan depends
on a variety of factors
-- Using two security scanning engines at the same time can cause each to interfere with the other, cause systems hangs, false detections, unreliable results and other unpredictable behavior.
- The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
- Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
- Options to scan memory, boot sectors, registry and alternate data streams (ADS).
- Type of scan performed: Deep, Quick or Custom scanning.
- What action has to be performed when malware is detected.
- A computer's hard drive size.
- Disk used capacity (number of files to include temporary files) that have to be scanned.
- Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
- Whether external drives are included in the scan.
- Competition for and utilization of system resources by the scanner.
- Other running processes and programs in the background.
- Interference from malware.
- Interference from the user.
-- If the screensaver, hibernation or Sleep Mode are not turned off before scanning, those features can sometimes have odd effects when attempting to resume normal mode.
Further, it is not unusual for an anti-virus or anti-malware scanner to be suspicious of compressed
, and packed
files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection
because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them. Certain files in the System Volume Information Folder
like the Tracking.log (created by the Distributed Link Tracking Service to store maintenance information) have also been reported as a source causing some scanners to hang.
To speed up your scans, uninstall unnecessary programs, clean out the temporary files
, temporarily disable any other real-time protection tools
, close all open programs and do not use
the computer during the scan. If the scan still seems slow or hangs, then try performing the scan in "safe mode
is Quick Scan really that useful?
Generally there are three types of scans:
- Quick Scan only looks at those folders/files most likely to contain malware...the most prevalent places where malware hides. Quick scans will vary depending on the security engine but they should take about 15-30 minutes.
- Full Scan is much more comprehensive because it scans the entire hard drive (all folders/files) so it can take several hours.
- Custom scan allows the user to select any files and folders on the hard drive to be scanned.
Anti-virus programs can use a scanning engine with Behavioral Analysis
, Heuristic analysis
or a combination of both. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox
. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus
Upon finishing a FullScan today, it removed two threat files: Exploit:Java/CVE-2010-0094.DL and Trojan:Java/Rowindal.G
Your scan results indicate a threat(s) was found in the Java cache
When a browser runs an applet, the Java Runtime Environment
(JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets
, malicious Java class files
are stored in the Java cache directory
and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory
Notification of these files as a threat does not always mean that a machine has been infected
; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:
Edited by quietman7, 15 May 2011 - 08:46 PM.