Can ewido clean parasitic trojans (eg. BEAST) ?

One of TrojanHunter's biggest claims is that it can clean parasitic trojans (eg. The BEAST), even when they have injected themseleves into critical system processes (eg. explorer.exe)

http://www.misec.net/papers/thvsbeast/

Can ewido safely and successfully (ie. removed without crashing the system) remove these types of trojans ?

 

Yes, but for security reasons only after a reboot... Which should be no problem at all if you think about the severity of an infection like this...

 

That's good to know!

It would appear there is some disagreement between Magnus (author of TH), who thinks it is safe to disinfect these processes without the need for a reboot, and Yourself and Wayne (DCS) and Gavin (DCS and now also TH) who think it is unsafe (ie. security reasons and possible system instability) to disinfect these processes without a reboot.

May I ask what the security reasons are for not disinfecting without a reboot ?

 

One of the main security concerns with unloading DLLs is that most of these DLL trojans also do API hooking (which cannot be undone) and if you unload the DLL, the system will crash/hang...

 

That's what I thought. Thanks for confirming.

 

If ewido finds an infection like this and begins dis-infection, but you don't reboot when asked to do so by ewido, is it safe to continuing running (eg. if you're in the middle of performing a long task which cannot be interrupted) ?

 

If you call it safe to have such a trojan still running on your system, there should be no problem