View Single Post
  #4  
Old June 18th 13, 04:18 AM posted to microsoft.public.windowsxp.general
Paul
external usenet poster
 
Posts: 18,275
Default O.T. - computer virus?

wrote:
I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert


I've had an AV scanner complain about password-protected
files before. If you have a ZIP archive or other kind of
archive, if the scanner can't "see inside", it'll give a
warning dialog (just to annoy you).

If your AV is good, it'll have a log file and hopefully,
any files not scanned, will be in the "warnings" section.
If the log is empty, open the preferences and see if
the log level can be adjusted so all warnings are logged
as well.

In some obscure cases, inability to scan files, occurs
because of a timing issue. At the instant the AV attempts
to scan, some other process on the machine is opening files
and doing stuff, and the two programs "collide", leading
to a few random files not getting scanned. Usually, when
you look into it, it's a correlated failure, and the
two programs tend to be looking in the same places, at
roughly the same time. Your paint program and your AV,
probably won't be bumping heads. But two AV scanners might
bump into each other (one makes the file busy, just as the
other one wants to open it).

*******

Kaspersky makes an "offline" scanner.

http://support.kaspersky.com/8092

"Iso image of Kaspersky Rescue Disk 10 (237 MB)"

You download the 237MB ISO9660 file (.iso), then use
a program like Nero or ImgBurn, that know how to convert
an ISO9660, into a bootable CD.

You leave your internet connected, then boot from that CD.
You tick the partitions you want scanned, and the tool scans
the partitions for you. Since Windows is not booted at the
time, and just that CD is booted, it is termed an "offline"
scan.

Advantages of an offline scan are, no file is kept "busy" so it
can avoid being scanned. The CD "owns" all the files. The scanner
still cannot see inside password protected archives though, so if
you're stupid enough to hide malware inside a password protected
archive, then that scanner cannot see it. You'd need a tool which
can "break all cryptography" to guarantee that everything gets
scanned (and nobody wants to think their password protected
files can be opened of course).

The disadvantage of the offline scanning method, is there is no
opportunity for behavioral analysis. Some malware, gives away its
presence, by "fiddling with stuff". And a good AV program,
detects the suspicious activity and blows the whistle. An offline
scanner can't check for that, because the malware isn't running
at the time. And only certain online scanners, have anything
approaching decent behavioral detection. Some online AV tools are
completely lacking in that department.

And no tool catches everything, but I think you knew that already :-)
It's a big help, if the user is careful about what they're doing.

Paul
Ads