Scanning in safe mode?
in [Anti-Virus]
|
From: Art on 12 Jan 2006 08:04 On Thu, 12 Jan 2006 12:42:15 GMT, "TWIST" <TWIST(a)cable.net> wrote: >I understood if you turn off system restore it will flush out any nasties! System Restore is a form of backup. If you happen to know when you took a malware hit, and you have a Restore point prior to that, then you can use Restore to get rid of the malware. The problem is that users usually have no idea of when they took a malware hit, and their Restore points are often infested. That's why flushing System Restore is usually suggested _after_ cleaning up the malware. Art http://home.epix.net/~artnpeg
From: John Coutts on 12 Jan 2006 11:24 In article <5frxf.76$77.9(a)newsfe3-win.ntli.net>, TWIST(a)cable.net says... > >Could someone please remind my why it is better to scan in >safe mode? And also is it an advantage to turn of system restore >temporarily? > >Thanx in advance. > **************** REPLY SEPARATER ******************** If malware is configured as a service (and many are), you will not be able to remove it while it is running. When you start in safe mode, all the programs that are configured to auto start from registry "run" do not auto start. This allows them to be deleted safely. System Restore is an extension of the old "Use the previous successful boot" configuration" in NT and W2K. Unfortunately, it is a tremendous resourse hog, and one of the first things that I disable on a new machine. J.A. Coutts
From: Hoosier Daddy on 12 Jan 2006 11:32 "TWIST" <TWIST(a)cable.net> wrote in message news:5frxf.76$77.9(a)newsfe3-win.ntli.net... > Could someone please remind my why it is better to scan in > safe mode? It is best to scan from within a software environment where the malware isn't running. Safe mode is a way to get you almost there. Better would be to boot into an alternative OS that has the ability to read the contents of the suspect storage areas while not running any code from those areas. > And also is it an advantage to turn of system restore > temporarily? System restore is a non-issue. Flush it if you want to (it's probably infested anyway) or don't. It can be used to restore to a last known good point after some non-malware related screwup, but when there is malware involved there is a good chance that restoring will restore the malware too.
From: Poster 60 on 12 Jan 2006 21:23 kurt wismer wrote: > generally that's for when you're recovering from a > virus/worm/whatever... turning off the virus restore - err *system* > restore - is the means by which you remove any malware that may have > crept into your restore points by removing the restore points > themselves, as not only can they not be manipulated in a more > sophisticated fashion they often can't even be scanned... > Even under controlled conditions of sending trojan files to an AV vendor your restore points can become infected. That has happened to me several times. So, anytime I deal with them I always clear my restore points afterwards.
First
|
Prev
|
Pages: 1 2 Prev: NAV & symnrt.exe Next: How to install f-secure hotfix for Getdbhtp-tool |