I am new here and have been seeing a lot of the same stuff, and thought this little bit of information might be helpful.
Antivirus program is a program that either passively, or pro-actively scans the traffic and packet injections that go into your computer.
The core of the Antivirus is the the Definitions.
The Definitions is a database with a list of Signatures. These signatures are various lines of ones and zeros that indicate a specific type of malware.
As a new virus is documented, the database of signatures is updated with one more signature, so from then on, if that virus connects with your computer, the av will scan it, to make sure it does not match any of those signatures, if it does, it will mark it, block it, quarantine it, whatever your av does.
This is why you can always still get a virus, depending on how new it is.
For this reason, I recommend an antivirus whos company is based out of a country that is known for producing malware, so that your definitions are up to date before the virus hits the US.
Also, and this is most important: Make for certain that your AV is updated, all recommended patches are installed, your Firewall is active, and you take notice of any information the AV provides you.
The main reason for this article is to talk about different types of malware.
Specifically Logic Bombs.
A Logic bomb is a type of malware that waits for a specifc action, and then once that parameter is met, it executes it's commands.
The reason this is important is because if you have a virus, and you go to remove it, using your AV, or your adware removal tool, or manually deleting the suspicous folder/files, you can cause a lot of damage.
By removing that file, while the virus is active on your system, there could easily be a script within your system that is watching that virus to make sure it is running.
If that Logic Bomb exists and is watching that viral program you have installed, and you manually remove it, or use other tools to remove it, you can initiate that logic bomb codem and then that Logic bomb will execute it's commands... those commands could be something as simple as reinstalling the virus, pulling the virus from various other locations back into that folder, rendering the process of getting it removed, useless.
It could COMPLETELY wipe your files, crash your harddrive, or even potentially do worse:
The simple fix:
Run in SafeMode.
Run scans in safemode, and delete files in safemode.
If it is Safemode, non-windows systems files are unable to load. This means that viral programs are unable to load. This means there are no logic bombs that can watch for running applications.
This gives you the chance to remove all of those programs, while they are not running, therefore safely and fully removing them.
Also, if a virus is on your computer, it has already succeeded. Especially beyond simple greyware, it is not likely to just let the AV remove it. That is why it needs to no longer be running before you try.
Please respond if you have any questions, or concerns, or disagreements, or if this information has already been shared.
Edited by computerxpds, 06 August 2015 - 08:47 PM.
Moved to AV/AM software forum from AII