A question about manual removal of malware.

Discussion in 'other security issues & news' started by eniqmah, Sep 21, 2007.

Thread Status:
Not open for further replies.
  1. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Hello,

    Because I run my system scans while in Deepfreeze mode, I would have to reboot and manually remove infected files that have been found. My question is: if my scanner finds a file that's infected and the file is not a system file or program file, I can just navigate to the directory and delete the file, correct?

    Thanks for reponse.
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    I don't use Deepfreeze.

    Doesn't just a reboot restore the system to pristine condition?
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Since you use DF, May I suggest this:
    Run your anti-malware app in Frozen mode; if any is found. Then reboot to thawed mode, run the same app again. And let the app to remove these malwares, providing this app has an undo option. IMO, manual removal is not efficient, nor effective as app.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    DeepFreeze installed and still having malware ? You must have installed DF on a dirty system or you turned it off, when it was supposed to be turned on.
     
    Last edited: Sep 21, 2007
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    My thoughts.
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    or it's a transient file until a cleansing reboot, or it's a false positive, or a gray area file (i.e. questionable - could go either way - potential false positive).

    Blue
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Any malware lodged onto your box with DF's freeze mode on will certainly be removed upon reboot. Occasionally, tracking cookies may be implanted onto your box during new app d/l with DF's thawed mode on, therefore a reliable on demand AS scanner can be very handy (I use SAS, and have Prevx2 , threatrfire, AV, Boclean on guard real time)). After system is free of any infection, I freeze drive and conduct my daily routines. I am quite content with this setup.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    or it can be an excluded object (I don't know if that is possible in DF), which is the same as anchoring objects in FDISR.
    Each anchored folder/file in a frozen snapshot is a potential danger to get infected.
    I'm not saying that this can't happen to me, but I can fix it immediately, because my recovery is also layered, just like security can be layered.
     
  9. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Scanners have found files lying around on other partitions that are not frozen. I also mess around with applications all the time, so this particular snapshot is not "clean".

    I can thaw the system and run a scanner, let the scanner do the clean up...but that defeats the purpose of my question...What's the difference between my manual deletion of a noncritical file and the deletion of said file by my AV? In my experience, there is none, just thought I'd ask.
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    For most purposes, there is none. However, many programs do not actually delete the flagged file, they move it to a quarantine folder, which is distinct from and beyond the standard recycle bin.

    Blue
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Oh I see, you have more than one partition, in that case it's understandable.
    I always assume that people have one harddisk/one partition with everything on it.
    I guess you separated your system from data, like me. Good practice.
    I also have that problem, my data partition isn't protected either.
    After having solved my system partition problems, I will try to take care of my data partition.
    KAV, NOD32, SAS + other scanners couldn't find any threat on both partitions, so it can't be that bad, but I have to find a solution to protect my data partition and possible other partitions (maybe a video partition) in the future and close to 100%.
    I can't do it all at once. :)
     
  12. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    Erik. That is why I am waiting with interest for you to try Shadow Defender. Not in a position to do this myself at present, but as it protects multiple partitions/drives, it could be an answer for you.
     
Loading...
Thread Status:
Not open for further replies.