Does Dr. Web CureIt install anything?

Discussion in 'other anti-virus software' started by ablatt, Jul 25, 2008.

Thread Status:
Not open for further replies.
  1. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    I know you don't need to install CureIt and can simply run the .exe, but does running the program install any drivers?
     
  2. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Some drivers in temp files for sure, with random names everytime you run it. Also CureIT log under the user folder and if I remember correctly on another thread like this, sth minimal in the registry.
     
  3. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    I believe these drivers stay installed even after you finish running the CureIt exe, but I could be wrong.
     
  4. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    I can't quite remember, but I think yes, they stay as garbage in the temp folder even after the scan finishes.

    You can use the Windows disk-clean or even better CCleaner to dispose of them.
     
  5. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    Yes, I made the mistake of installing it from my Desktop. It left about 20 icons all over the desktop. I then deleted them. When I rebooted, they were back.

    I had to go back to a backup image to get rid of them.

    It is off my system forwever!
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    How radiculous!! I run it from my desktop, not even a single icon. It produces a folder about 12 MB in Temp directory that is auto-deleted when I close it. Not sure about drivers though.

    May be u run some rouge dr.web instead. ;)
     

    Attached Files:

  7. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    I can't be 100% sure without running it again, but I believe it may leave behind drivers in Vista - seen in Device Manager under Non Plug and Play Drivers.

    But I've never seen any mess on the desktop.
     
  8. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I was talking about CureIt!, not Dr. Webb. And I am not lying. It did what I said it did!
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    impossible......
     
  10. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Not here, tested on 3 boxes (W2003 Advanced Server x64 R2 SP2, Windows XP Professional SP3, Windows Vista Ultimate x64 SP1). No junk created or left anywhere.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    See my screenshot. It,s cureit indeed( not Dr.Web AV). How can I believe u when u even can,t recognize it in screen shot!

    BTW CureIt is also from Dr.Web!
     
  12. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Same here. I often use CureIt in my own laptop and other computers and I have NEVER seen that Dr.Web CureIt leaves any junk in the desktop or anywhere else. Just the quarantine folder.
    Not sure about drivers.
     
  13. Serge Popov

    Serge Popov AV Expert

    Joined:
    Feb 10, 2006
    Posts:
    41
    Yes, it does. CureIt! temporarily installs a driver for the anti-rootkit module. When CureIt! scanner exits this driver is automatically removed from the system.
     
  14. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    Thanks for the response Serge.
     
  15. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    It does create a folder in c:/users/username and this folder is not removed, even if you remove CureIt. You have to manually remove it yourself.

    For example, when I run launch.exe, (the CureIt program), and then exit and close it. It still leaves a folder behind in my C:/Users/truth/DoctorWeb/Cureit.log

    And I have to manually delete it.
     
    Last edited: Aug 5, 2008
  16. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Well that's not true, because it does indeed leave a log file behind. For example, C:/Users/truth/DoctorWeb/Cureit.log
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    with Vista it leaes 2 files behind, one in file data and the other in users, but all do.. But they can also deactivate your license if you make them mad, as I found out this weekend.....:cautious:
     
  18. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Sorry, my bad. I ment quarantine and log. What I really haven't seen is the mess described in earlier posts...
     
  19. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    My main point for posting this topic was to point out that applications like CureIT (or any other) can easily install drivers even though most people think that running an .exe program file that doesn't require an installation doesn't install anything.
     
  20. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    You can hardly consider these drivers "installed" though. They are placed in TEMP folders and are put away when the job is done as Serge said.
    It'n not like they are loaded every time you boot your system.

    Now the log and the quarantine are sth not to be removed. They are usefull for dealing with possible false positives (quarantine case) and keeping a recored of what was in infected and etc (log case).
     
  21. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    What do you mean one in file data? Where is that? I have only found the log file in users. Where is "file data"?
     
  22. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Why do you run SandboxIE and how is it helping you achieve anything?
     
  23. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Thats why I use portableapps from http://www.portableapps.com

    Because these portableapps do not write anything anywhere, not in registry, not on hard drive, not anywhere.
     
  24. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Sorry, I don't really understand your question, do you want to know what SandboxIE is for?
    If you want, and in order to not hijack this thread or to avoid going off topic, PM me and I'll gladly answer any doubts you may have...
    ;)
     
  25. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I already know what SandboxIE is, but was just curious why you personally need to use it :) Why are you worried about what is written to your HDD?

    The reason I like it myself is running a web browser in the sandbox, this way any incoming, unsolicited software (spyware, malware and the like) that you download, is trapped in the sandbox and never written to my HDD. Also to install new software and test it before I permantly install it on my HDD.

    Is there any other reasons for using it that I may have overlooked? But it does have trouble with my Webroot firewall. For some reason Webroot keeps blocking IE from accessing the internet when it's sandboxed.
     
    Last edited: Aug 5, 2008
Loading...
Similar Threads
  1. parham
    Replies:
    5
    Views:
    790
  2. waters
    Replies:
    4
    Views:
    682
Thread Status:
Not open for further replies.