On 29 Jun 2005 at 13:05, milady wrote: > One persons opinion? or do others concur?? That one wasn't an opinion, I'm afraid. It may seem like a bold claim, but I'll explain in detail (based on my own experiences of attempting to remove malicious software on every Microsoft Windows operating system from Win95 onwards). Most virii has the ability to self-replicate indefinitely. Spyware is similar in nature, although not as destructive. If a malicious program is already present in your system memory, removing the file from the hard drive is no better than removing a copy. The version held in memory will immediately produce another copy of itself upon finding the disk-version gone (and vice-versa). That's why you can't run these scans with any degree in confidence in "normal" Windows. There is always the danger that the malicious program is present in a 32-bit environment. Moving to the bare-bones, 16-bit environment of Safe Mode removes the possibility of Windows loading the virus in the first place. Standard scans in a 32-bit environment, even with quality programs like Norton Antivirus, don't do much more than: (1) remove or "quarantine" the file from the hard drive, and (2) attempt to remove the copy already present in memory. [Note that I didn't mention the "attempt to fix" setting, which is set as the default setting on some antivirus programs, and the most ineffectual of all.] But if you look at some of the removal instructions for many of the more-widespread virii out there, you'll notice that most of them not only place file(s) on your hard drive, but also place entries in the standard "startup" sections of your registry, and supply possible alternate names for the disk-based source file, should it be deleted. Another common tactic is for the malicious software to aggressively bar attempts to manually remove the program held in memory, so that the user has trouble closing it down via the normal method [Task Manager; Ctrl-Alt-Del]. These things go to great lengths to protect themselves. My experience with antivirus scanning programs attempting to remove a virus from both memory AND the hard drive has been that, very often, they don't properly catch the memory version. In that situation, you're no better off than if you hadn't run the scan at all. Therefore, permanent removal of certain types of virus is _only_ possible when using Safe mode. Faustus -- <Please delete this line and everything below.> To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/