I have been preaching this for awhile. Your AV and mine, may be great at flagging malware, but if it cant clean it and all remnants, then you aint got squat. here (https://www.icsalabs.com/icsa/product.php?tid=dfgdf$gdhkkjk-kkkk)

Hi Jeff,
i have noticed that nod32 and antivir have this problem.
that is why i choose kaspersky because i know it can detect and clean.
according to that chart seems that norton is better at cleaning than it used to be.
the 2003 version couldnt get rid of trojans.
im still surprised that microsoft was certifed for cleaning LOL
lodore

yeah, between Nortons detection and cleaning ability, it is starting to look real good. I am curious to see Esets new suite evaluated. I would say they are close to getting this. But I am leaning to looking at balancing the 2 criterias instead of the 1, when it comes to the future.

nod32 version 3 promises better removal of malware.
lets hope it delivers.
lodore

The fact that some vendors are not present in the "Cleaning criteria" list does not mean they are bad at cleaning . It is up to the vendor to decide if they want to be tested against cleaning (AFAIK the cleaning test means extra tax) . I think it is not important at all because they will test it against limited selection of threats and also "prevention is always better than cure" ;)

Not sure how telling this "certification" really is??

"Therefore the Anti-Virus Certification Criteria does not include requirements for handling malicious and non-malicious spyware, adware, foistware, backdoors, trojan horses, and other such non-replicating software. "

{QUOTE-> The fact that some vendors are not present in the "Cleaning criteria" list does not mean they are bad at cleaning . It is up to the vendor to decide if they want to be tested against cleaning (AFAIK the cleaning test means extra tax) . I think it is not important at all because they will test it against limited selection of threats and also "prevention is always better than cure" ;) <-QUOTE}
hello HiTech_boy,
that is true but wouldnt you agree that there is quite alot of posts in the nod32 offical forum about needing to manual clean malware that is found by nod32 on demand scanner?
and i see that eset know of the problem hence the improved cleaning in the new features on the eset suite beta.
antivir seems be even worse at cleaning.
lodore

Antivir is terrible at cleaning. That has been proven to me in private just as their "Guard" protection is really very weak. I realize some or a lot, will bash this post as another "one" of those sites. But I think it is what the future will hold, for any AV product to stay a float. If you can detect it and clean it, then you stand a chance of staying afloat. I still think Eset will get this, but Avira has publically admitted that their big time customers only care about detection and after today, I cant wear their Avatar with any pride. Not that it matters to all the fanboy haters, but it damn sure matters to me.

Hi again Jeff,
that is why im replacing antivir premium on my sister's laptop with kis7.0 when the license runs out in september.
i will get a 3 user license for £30 and that is enough for all my familys computers.
i hope eset do well with there suite and version 3 of nod32.
i also hoppe drweb gets better.
lodore

I wonder why F-Secure IS was not on the list? Why would it differ much from KIS?
If I were not so slow at start I would like it as well as KIS.

PS
Anyone know where to get another offer like the KIS from Systweak? Didn't we have fun with that?
Best,
Jerry

taken care of Jerry, thanks to ankupan.

{QUOTE-> taken care of Jerry, thanks to ankupan. <-QUOTE}

Hi Jeff, that is great.
Any idea why F-Secure is not on the "cleaning list?"

Best,
Jerry

only certain products were tested, not that the rest had failed.

{QUOTE-> only certain products were tested, not that the rest had failed. <-QUOTE}

Hi C.J.S..
That is a good reason. Thanks.
Regards,
Jerry

My licence with Eset runs out July 2008, now Nod32 v3 was supposed to be out last december 18 2006. It is now july 23 2007! Right now I am using the AntiVir premium 6 month demo, so if AntiVira dosen't improve by the end of the 6 months it gets replaced.

I am pretty much convinced that if one has a good AV, such as AntiVir, and a good AS and firewall, there is nothing that is going to penetrate it. I realize that it is possible, but not likely in my opinion. I would not feel vulnerable with AntiVir or ESET at all.

On the other had if one can have a high detection AV that also cleans well, that is the best of both worlds.

Best,
Jerry

{QUOTE-> I am pretty much convinced that if one has a good AV, such as AntiVir, and a good AS and firewall, there is nothing that is going to penetrate it. I realize that it is possible, but not likely in my opinion. I would not feel vulnerable with AntiVir or ESET at all.

On the other had if one can have a high detection AV that also cleans well, that is the best of both worlds. <-QUOTE}

Well said JerryM, on both cases. As the saying goes: "an ounce of prevention, is worth a pound of cure."

On the other hand :-

Cleaning means crap, if it can't be detected :D

At least you know where to look with a better detection!

Steve

{QUOTE-> Hi Jeff,
i have noticed that nod32 and antivir have this problem.
that is why i choose kaspersky because i know it can detect and clean.
according to that chart seems that norton is better at cleaning than it used to be.
the 2003 version couldnt get rid of trojans.
im still surprised that microsoft was certifed for cleaning LOL
lodore <-QUOTE}NOD cleans up fine for me, but isn't NOD listed as a certified product in the OP's link? Yes or no? By the way I'm glad Kaspersky works fine for you.

IMO, detection should be more important than cleanup. There are several ways that cleanup can be achieved nowadays. Clear the sandbox, reboot if you have a partition virtualization program, revert to a snapshot/backup, reformat/reinstall or manually remove the bugger. I'm probably forgetting something.

Good removal would be ok for those who don't frequent forums like Wilders. I personally would consider stability more important above removal capabilities. Actually in this order: stability,detection,features,removal and then gui. I'm a simple man though :dry: . No jokes please :P

Cheers

{QUOTE-> I have been preaching this for awhile. Your AV and mine, may be great at flagging malware, but if it cant clean it and all remnants, then you aint got squat. <-QUOTE}If a malware infects a file, it can sometime mess up that file so much that the only possible *repair" is to have a back-up copy of that file.

Now that disk imaging software is so cheap, effective, & user-friendly, what I want from an AV is really good detection. Ability to repair is nice to have, but is only a secondary consideration. I make periodic images onto my external drive, & hang on to them long enough that I can be 99.99999% certain of having clean stuff on hand, even if I have to dig back a bit.

{QUOTE-> I personally would consider stability more important above removal capabilities. Actually in this order: stability,detection,features,removal and then gui. <-QUOTE}
Agreed! GUI and it's ease of use may even come before removal. I, too, have other means of removal.

I seem to keep repeating myself on this topic. A machine that has been trojanized, infected or generally got its security breached and has been taken over cannot be trusted anymore. If you rely on cleaning and continue working with that heap of rubble, you will most likely run into issues pretty quickly again, or you may not notice changes that have been made to your system which cannot be detected because they are not malicious on their own, like reduced system security, patched windows binaries, or general modifications of your system settings that affect security or stability.

When we´re talking about real virus infections, we have the same problem + corruption of files that cannot be reversed anymore. This also leads to a clean install as a mandatory requirement as soon as system files are affected.

So once more:

DO NOT RELY ON CLEANING OF INFECTED SYSTEMS

If you do, don´t say i didn´t warn you.

Hello,

For the average user, yes. The ability to clean is very important.

But in general, if you can detect something, even if you cannot delete it, it might be enough. For example, an uber-nasty blah blah, which your AV detects but cannot delete.

1. Take a piece of paper + soft-ball pen.
2. Write down the paths to these infections (assuming they are true).
3. Reboot with live CD (Windows or Linux).
4. Delete offending files.

So even if your AV-in-Windows-session wasn't capable of dealing with the threat, it pointed to the culprit, which can then be later dealt with by alternative means.

Mrk

{QUOTE-> So once more:

DO NOT RELY ON CLEANING OF INFECTED SYSTEMS

If you do, don´t say i didn´t warn you. <-QUOTE}Totally agreed! Here (http://www.pcworld.com/product/testreport/compare?chart_id=6308&orig_url=%2Farticle%2Fid%2C130869-page%2C1%2Farticle.html&chart_title=Antivirus+Software&chart_date=Mon+Apr+23+01%3A00%3A00+PDT+2007&prod_all=&prodid=29895&prodid=29896&prodid=29897&prodid=29898&prodid=29899&prodid=29900&prodid=29901&prodid=29902#)you have some disinfection rates tested by Av-test.org 04-2007. Even the best rated were far away
100 % and one even below 50 % level. ???

Best regards,
Firefighter!

Btw, not a new issue I guess, the better heuristics, the worse cleaning, so... >:( ...you buy a vacuum cleaner that doesn't clean but seals the windows and doors but every time you are going out/in, the dust and dirt brings in. :o

I think that I have found even one more reason to stay on my solid rock isle far away from dust and dirt. ;D

If you detect malware before executing it, no harm is done. So the detection is what counts. Cleaning is of minor importance.

I do think that most forum úsers here don't rely on an AV to be able to disinfect malware. We rely on proactive measures like hips and virtualization to not get infected in the first place.
And if we by get infected somehow, then we reformat or go back to a clean disk image if existing.

Well detection certanly has to be top priority because if you can detect it in the first place you don't have to clean anything (this especially goes to file infectors). But of course they also have to add cleaning routines (especially file infectors which are the most problematic and difficult to properly clean without completelly destroying use files).

{QUOTE-> If a malware infects a file, it can sometime mess up that file so much that the only possible *repair" is to have a back-up copy of that file.

Now that disk imaging software is so cheap, effective, & user-friendly, what I want from an AV is really good detection. Ability to repair is nice to have, but is only a secondary consideration. I make periodic images onto my external drive, & hang on to them long enough that I can be 99.99999% certain of having clean stuff on hand, even if I have to dig back a bit. <-QUOTE}
totally agreeing with you. :)
Cleaning is important also but most of the time it is difficult to be make and you won't get satisfying results. Back up images are a better solution. And anyway, for widely spreade worms like W32\Jeefo or W32\Parite.B, etc most of the AVs have cleaning routines. :thumb:

I see the reasoning behid having the ability for both. Thanks for pointing this out to me. I have decided just to frigging go with Nod, as I always felt I would. But thanks for helping me understand all of this.

Hmmm? Mow I have a 3 year license for the Kaspersky 7 suite I dont need. Shame someone doesnt hae a 2 user license for Nod. Oh well.

{QUOTE-> Shame someone doesnt hae a 2 user license for Nod. Oh well. <-QUOTE}

I'm not so sure you will stay TWO years with the same AV.;D :P

I think the ability of clean is very important,if you have infected with viking,I don't think delete is a good idea,clean is a good idea,nod32 has a good ability of clean,but it is not the best.I notice that norton and panda have the better ability of clean.

Am I wrong, or certification for Avast! is missing on that ICSA page?

{QUOTE-> Am I wrong, or certification for Avast! is missing on that ICSA page? <-QUOTE}
http://forum.avast.com/index.php?topic=27099.0

{QUOTE-> http://forum.avast.com/index.php?topic=27099.0 <-QUOTE}

Thanks

{QUOTE-> I notice that ... and panda have the better ability of clean. <-QUOTE}Have you noticed that in the Av-Test.org test 04-2007 (http://www.pcworld.com/product/testreport/compare?chart_id=6308&orig_url=%2Farticle%2Fid%2C130869-page%2C1%2Farticle.html&chart_title=Antivirus+Software&chart_date=Mon+Apr+23+01%3A00%3A00+PDT+2007&prod_all=&prodid=29895&prodid=29896&prodid=29897&prodid=29898&prodid=29899&prodid=29900&prodid=29901&prodid=29902#) the top 3 heuristics scanners got the top 3 bottom disinfection results? ::)

Best regards,
Firefighter!

{QUOTE-> Have you noticed that in the Av-Test.org test 04-2007 (http://www.pcworld.com/product/testreport/compare?chart_id=6308&orig_url=%2Farticle%2Fid%2C130869-page%2C1%2Farticle.html&chart_title=Antivirus+Software&chart_date=Mon+Apr+23+01%3A00%3A00+PDT+2007&prod_all=&prodid=29895&prodid=29896&prodid=29897&prodid=29898&prodid=29899&prodid=29900&prodid=29901&prodid=29902#) the top 3 heuristics scanners got the top 3 bottom disinfection results? ::)

Best regards,
Firefighter! <-QUOTE}
;D ;D ;D All test results for reference.

{QUOTE-> I notice that norton and panda have the better ability of clean. <-QUOTE}
You have to detect the bugger first, the Deleted file can be replaced. Unless it is a integral part of the program (removal would mean that the program no longer functions), do you really want a program that sole purpose is to infect your computer

I don't think people understand terminology properly.

Cleaning in fact means desinfection. This applies to file infectors only (and to prependers and appenders). It's a removal of virulent bits from original files and documents created by user (or by others and aren't malicious by default).

Cleaning that all of you refer to is simple removal of files that are either locked because they are running or because they have self protection mechanisms.

Second one is often problematic but can be solved by anyone at least a bit techy about Windows system. Desinfecting files infected by file infector virus can only be performed by antivirus that posseses such capability or by expert in programming and malware field. See the difference?

well on clean machines or fresh installs antivir would be the free antivirus program of choice since it's detection rates are top notch. however, if you're trying to clean a friends machine that's already hosed, then antivir (according to stories that it does a suboptimal job at cleaning) isn't going to cut it. i have read that avast and aol's antivirus program are pretty reliable when it comes to removing malware they detect. my question is : which does a better job at removing malware, avast or aol's antivirus?

I can't agree on comment that AntiVir sucks at malware removal. From what i've seen in my personal test it did just as well as AOL AVS and avast!.

What's the purpose of having an antivirus if you don't see the beauty of alerts? Not the crazy false positives type but something actually buried in your system? :gack:

When I first encountered a virus, it was a boot sector virus which was transferred via floppy from a computer lab. Had no idea what the hell boot sector virus was, but it was something transparent and not a file executing (.exe, .doc, etc...) virus. 8)

With the massive amounts of malware produced everyday (av companies are already trying very hard to keep up), how can an av company spend more resource with disinfection? If it's a simple one, that's doable but complex viruses do become an overload in the ever tiring virus lab.

I, personally, prefer detection more than disinfection. If the heuristics are always improving with time, I don't care about the false positives. You have seen the AV comparatives reports. To achieve a perfect heuristic is almost like predicting our mother nature - weather, earthquakes, tsunamis, etc...

Even though Antivir might not be that good in their disinfection, they are top in detection. Thanks to Stefan and his heuristic team. They have demonstrated a great improvement! All the heuristic team in av companies drive the value and ability of an antivirus. ;)

You say "an ounce of prevention, is worth a pound of cure."

Isnt it better if prevention is coupled with the best cure? :)

{QUOTE-> You say "an ounce of prevention, is worth a pound of cure."

Isnt it better if prevention is coupled with the best cure? :) <-QUOTE}In theory yes. But so far it seems to be so like with car engines, either they have maximum torque or maximum horsepower in certain rpm:s, not both. If you can show quantitative test results where those best heuristics scanners were those best scanners to cure too, show me! :-\

So far I'm staying with those best cure scanners combined with those best detection overall and they must be free and trouble free = Avast. ;)

Best regards,
Firefighter!

Regarding Avast and cleaning...
I think that the VRDB in Avast is an excellent idea.;)
"The aim of VRDB is to help when, despite all the security measures, a virus gets inside the computer and the files are infected. With the help of VRDB, it is possible to repair many infected files (return them exactly to their original state)."-from Avast help pages.

{QUOTE-> Regarding Avast and cleaning...
I think that the VRDB in Avast is an excellent idea.;)
"The aim of VRDB is to help when, despite all the security measures, a virus gets inside the computer and the files are infected. With the help of VRDB, it is possible to repair many infected files (return them exactly to their original state)."-from Avast help pages. <-QUOTE}Yes, and the detection overall, there is nothing wrong with Avast, when only few payable av:s are better in OVERALL (http://www.sunbelt-software.com/ihs/alex/marx/detections_2007q2.htm) detection than the FREE Avast and all of these had some major bugs or malfunctions concerning my WinXP Home system.

Best regards,
Firefighter!

While it is nice to be able to do a fresh install on an infected machine, it is not always possible. The original disks may be damaged or missing. There is also a cost factor if the owner of the machine can not do it him/herself. This is often the case with machines owned by teenagers.

Generally, I will clean a machine like that with successive installations of AV's that will run in a trial mode. That would include NOD32 (which has its limits) and ZASS for its KAV 6 engine. After that, AVG and Spybot S&D is what I will usually install and leave on the machine. Kids machines get infected for a variety of reasons, but they all seem to have expired AV's.

I don't run any anti-virus or anti-spyware but if I did the problem would be gone following a reboot. Different machines currently running with Returnil, DeepFreeze6 and FD-ISR Frozen. If I ever did get infected I certainly wouldn't be happy trusting any program that I have seen to clean so would probably go for the re-install option, image restore in practice.