Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How many scans are enough


  • Please log in to reply
15 replies to this topic

#1 rp88

rp88

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 13 November 2014 - 12:40 PM

I was told i should re-post this question within this forum:


Is running a scan with, avg (my antivirus), then mbam, then mbar, then rkill, then tdsskiller, then security check, then minitoolbox, then ESET online scanner, then finally with a fairly recent version of kaspersky virus removal tool(currently i'm using one from the 8th november (ish), in future i would use one for that date and keep using the same one any time needed for a couple of weeks before getting a more recent version) enough to detect any and every virus and if those all come up clean is that proof that the system is not infected at all?

Edited by rp88, 13 November 2014 - 12:40 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 13 November 2014 - 02:29 PM

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with backdoor Trojans, Botnets, IRCBots and rootkits that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. These types of infections are dangerous because they not only compromise system integrity, they have the ability to download even more malicious files. Rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

The severity of infection will vary from system to system, some causing more damage than others. The longer malware remains on a computer, the more opportunity it has to download additional malicious files which can worsen the infection so each case should be treated on an individual basis. Severity of system infection will also determine how the disinfection process goes. Since infections and severity of damage will vary, it may take several efforts with different, the same or more powerful security scanners/tools to do the job. Even then, with some types of malware infections, the task can be arduous.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 13 November 2014 - 05:57 PM

I have a 64 bit system, are things different between 32 and 64 bit? Is the combination i listed above fairly effective or have you often seen malware that was able to dodge all of those products.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 13 November 2014 - 06:33 PM


32-bit vs. 64-bit OS:Related Resources:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88
  • Topic Starter

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 13 November 2014 - 06:41 PM

I'm windows 8 64 bit, not 7 but i guess similar things apply. I have heard that 64 bit has some security features built in that 32 bit doesn't but the links didn't discuss those differences in great detail, is 64 bit invulnerable to the methods of compromising that you have discussed?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 13 November 2014 - 07:05 PM


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rp88

rp88
  • Topic Starter

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 14 November 2014 - 09:48 AM

Sounds much the same then, some security improvements but since windows has been mostly 64 bit for a few years now viruses have been redesigned to keep up. As my list doesn't sound enough against what you have discussed, What in general is enough scanning to absolutely verify/disprove the presence of any virus?

Edited by rp88, 14 November 2014 - 09:48 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 14 November 2014 - 10:02 AM

Are you dealing with malware issues?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 14 November 2014 - 11:49 AM

What in general is enough scanning to absolutely verify/disprove the presence of any virus?

 

Unfortunately, it is impossible to be 100% sure that no malware is present on a machine.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 14 November 2014 - 12:18 PM

What in general is enough scanning to absolutely verify/disprove the presence of any virus?

If we're referring to an actual virus such as a file infector, then you will most likely know your machine is infected. File infectors like Virut, Sality, Ramnit and Expiro infect executable (.exe) files, as well as other file types (eg .php, .asp, .htm, .html, .xml). Alerts from your Anti-Virus, system instability, programmes not functioning, etc, are symptoms you are likely to experience if your machine is infected with a virus. Viruses like Virut, who have buggy code, may in fact render a machine unbootable. 
 
Viruses are relatively uncommon nowadays. Trojans and rootkits (used for malicious intent) dominate the infections currently in the wild. As Didier Stevens says, it is impossible to make any guarantees. No amount of scans or security software can confirm with absolute certainty that a machine is not infected. 


Posted Image

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 14 November 2014 - 12:24 PM

And I do not know of any security vendor who will guarantee complete removal of file infectors for that reason since they cannot ensure that some files will not get corrupted during the disinfection process. This means that infected executables and system files can become unusable after attempting to repair them and afterward, there is still no guarantee the virus is really gone.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 rp88

rp88
  • Topic Starter

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 14 November 2014 - 12:24 PM

Are you dealing with malware issues? : i don't think so but i would like advice for the future.


Unfortunately, it is impossible to be 100% sure that no malware is present on a machine: grr, curses,swearing,thanks.


liquid tension: thanks, useful info. By the way when i say "virus" i mean any type of malware/spyware/rootkit/trojan/ransomware/adware.

Edited by rp88, 14 November 2014 - 12:25 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 AM

Posted 14 November 2014 - 12:34 PM

liquid tension: thanks, useful info. By the way when i say "virus" i mean any type of malware/spyware/rootkit/trojan/ransomware/adware.

Yes, that is what I assumed you meant. :)

It's important to remember that whilst all viruses are malware, not all malware are viruses.

 

This article by a staff member at Malwarebytes does a good job in simply explaining the complexity of Windows. 

https://forums.malwarebytes.org/index.php?/topic/130154-the-complexity-of-finding-preventing-and-cleanup-from-malware/


Posted Image

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:49 PM

Posted 14 November 2014 - 01:06 PM

By the way when i say "virus" i mean any type of malware/spyware/rootkit/trojan/ransomware/adware.

Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Adware (PUPs) do not fall into any of those categories and that is the primary reason some anti-virus programs do not detect or remove them.

A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. That fact adds to confusion and a lot of complaints from end users asking why a detection was not made on a particular file (program) they are having issues with.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,024 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:49 AM

Posted 14 November 2014 - 01:31 PM

PuPs always have to have the ability to be user uninstalled though don't they. If the user can't get rid of them within a few clicks surely they become classed as viruses.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users