Qs about AV, AT and AS scanners?

I have few Qs in my mind regarding AV and AS scanners for a while. I will like to have any info about theses.

1- After a scan some scanners ask to reboot to clean the malware while others don,t. Why such a difference?

2- Ideally if some malware process is running in real time, it might be impossible to remove it without a reboot( if I am thinking correct). So what about the scanners that never ask for reboot during cleaning.

3- Why it is that almost all AV don,t ask for reboot while AS scanners usually ask for this? If reboot is required to clean spywares, why it is not required to remove viruses?

4- Viruses are almost always detected as files without registry enteries or memeory processes while spywares are detected as files, reg enteries and memory processes. Does it mean viruses don,t touch the registry? oOn the other hand if they do touch the registry, is it not imp to remove these reg enteries just like spywares?

5- Are these scanners always/ mostly have some special built-in tools that are used to terminate malware processes to facilitate the removal of the malware processes that are running in real time?

Thanks for any input.

 

1) Some might schedule a cleaning/removal when the malware can't be removed on spot (eg the exe program is locked up), so a reboot is required.

2) Some anti-virus program may just complain the file can't be deleted/cleaned because it is locked-up. You may need to reboot and re-scan again, or manually delete it.

3) My AS doesn't ask for it. Probably it depends on particular malware, not "reboot is required to clean spyware; no reboot for virus".

4) Virus can screw up the registry as well. It depends on the behaviour of the virus. Actually a malware writer can write anything he wants to do (maliciously). He is not limited to write a particular type of malware. He can write a multi-purpose malware which will spy + infect files + open backdoor. What the industry does is to classify the malware into different types based on the major actions/behaviours of the malware - virus, spyware, trojan and so on.

5) If you don't wish to reboot, you may use some other programs to remove stubborn files and malware.
See http://ccollomb.free.fr/unlocker/ , scroll down and you will see a large list of programs who offer such functionality.

Hope that helps.

 

Hi Wai_Wai! Thanks for the replies.

So those asking for reboot are more clever?

So what about those AT, AS who report that they have cleaned the infection while it might not be possible at all witthout a reboot?

I never saw any AV to ask for reboot while cleaning viruses. However it is common for AS scanners to ask for reboot.

Ya, but my question ia still there. Viruses are almost always detected as files without registry enteries or memeory processes while spywares are detected as files, reg enteries and memory processes.

[/QUOTE]