-=PCTechTalk=- Re: spyware software?
- From: "Don" <dsw32952@xxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Wed, 29 Jun 2005 19:57:09 -0400
Thanks for that explanation. I read "scan" as to mean scan as in preventive
measures rather than scan as in finding infections. I concur that virtually
all scans for clean up reasons must be done in Safe mode.
Don
----- Original Message -----
From: <dktrfaustus@xxxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Wednesday, June 29, 2005 5:35 PM
Subject: -=PCTechTalk=- Re: spyware software?
> On 29 Jun 2005 at 13:05, milady wrote:
>> One persons opinion? or do others concur??
>
> That one wasn't an opinion, I'm afraid. It may seem like a bold
> claim, but I'll explain in detail (based on my own experiences of
> attempting to remove malicious software on every Microsoft Windows
> operating system from Win95 onwards).
>
> Most virii has the ability to self-replicate indefinitely. Spyware is
> similar in nature, although not as destructive.
>
> If a malicious program is already present in your system memory,
> removing the file from the hard drive is no better than removing a
> copy. The version held in memory will immediately produce another
> copy of itself upon finding the disk-version gone (and vice-versa).
> That's why you can't run these scans with any degree in confidence in
> "normal" Windows. There is always the danger that the malicious
> program is present in a 32-bit environment.
>
> Moving to the bare-bones, 16-bit environment of Safe Mode removes the
> possibility of Windows loading the virus in the first place.
>
> Standard scans in a 32-bit environment, even with quality programs
> like Norton Antivirus, don't do much more than:
>
> (1) remove or "quarantine" the file from the hard drive,
>
> and
>
> (2) attempt to remove the copy already present in memory.
>
> [Note that I didn't mention the "attempt to fix" setting, which is
> set as the default setting on some antivirus programs, and the most
> ineffectual of all.]
>
> But if you look at some of the removal instructions for many of the
> more-widespread virii out there, you'll notice that most of them not
> only place file(s) on your hard drive, but also place entries in the
> standard "startup" sections of your registry, and supply possible
> alternate names for the disk-based source file, should it be deleted.
> Another common tactic is for the malicious software to aggressively
> bar attempts to manually remove the program held in memory, so that
> the user has trouble closing it down via the normal method [Task
> Manager; Ctrl-Alt-Del]. These things go to great lengths to protect
> themselves.
>
> My experience with antivirus scanning programs attempting to remove a
> virus from both memory AND the hard drive has been that, very often,
> they don't properly catch the memory version. In that situation,
> you're no better off than if you hadn't run the scan at all.
> Therefore, permanent removal of certain types of virus is _only_
> possible when using Safe mode.
>
>
> Faustus
>
>
>
> --
> <Please delete this line and everything below.>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
>
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
