Returnil versus infectors (Virut, Sality)?

If I enable Virtual mode then activate malware samples with Virut, is it possible to infect executable files on another partition? Will my system is clean after reboot?

 

Hi adam993.

1. Yes, it is possible but the malware would be inert until a file infected in this way were to be opened or activated. There are a couple of things you can do here that will help keep files on non-system partitions/disks clean:

A. File Protection feature (Virtual Mode > Tools > File Manager tab > File Protection section). Add files and/or folders that you want protected against unauthorized changes,

B. Anti-Execute (Virtual Mode > Settings > Additional Protection Options): This will keep unknown services (default) or programs (full paranoid mode) from activating so they are unable to infect files on any partition/disk. The AE blocks activation of local and remote content (read: on your computer and/or from outside like that malicious javascript...)

NOTE: Virtual Mode must be active for the AE to be active...

2. Yes, your System Partition will be clean following a restart.

Mike

 

Sounds great. Thank you!
So now I'm full secured

 

Thanks ColdMoon, good info.