my question

since i am not sure which section to post in...
i hope this one is ok...
after reading a lot of the posts here in this forum
after reading comments by the maker of Casir interacting with others...
this is my question...

it seems to me that rootkits or trojans are able to deactivate,
or otherwise limit the usefulness of av software...
on my notebook i currently do not have this problem
i use Comodo Firewall Pro.. Boclean.. Avira free..
along with Spybot teatimer.. Malware bytes.. Superantispyware...
and i also use a2cmd..
on my other notebook used for kids..
originally i was not going to allow them to use it on the Net
however, they did.. before i had installed Comodo and so on...

also in a classroom where there is a Chinese WinXP / English Win XP
there is a similar problem...

i would guess that the notebook has enough embedded rootkits
or trojans .. so that Avira is unable to delete or quarantine
TR/Crypt.Xpack.Gen trojan
which is C:\Windows\system32\jwedsfdo0.dll
the dialog box will just continue to remain there...
eventually i use the task manager
and kill the avira process several times....

C:\programfiles\Avira\....personal edition\preupd.exe
which had a trojan but Avira was able to move it into
quarantine...

this was this morning...
now while writing this post...
Avira is able to deal with this trojan...

according to the maker of Casir
rootkits and trojans are able to modify
Kaspersky or many other AV to limit their use...

how can an end user know if their AV has been modified...
and how do AV products deal with this situation?

also i read from AV test.org or a related link
that current AV products are suffering from rootkit
or trojans .. not being able to remove them..
or not being able to correct, restore the proper
registry settings...

from what i had read
an AV product or Malware product
detects and quarantines or removes a trojan
but might not undo the damage done by the trojan

daily .. or at least very often
with the 13 computers that i manage
explorer is unable to access usb flash disks
or CD...
to get around this situation
i installed another file manager...
instead of using Winrar...

can a product such as Casir
restore the proper settings of Windows...
such as registry or other settings...?
the maker does not wish to let the enduser
know exactly what is happening
due to his way of handling and dealing with malware
i do not agree with this approach
but he has the choice to do this...

spending $$$ for a product
over free products might have good benefit
but i wonder...

if rootkits and trojans are able to disable
or make it appear that the AV product is
working but actually it is not...
it troubling to me...

as a poster who prefers AVG
and is a reseller..
i concur with his comments
using what (seems - my addition) to work
is to be preferred...

although i am a fan of Comodo
and i continue to hope that Boclean
really does contribute useful protection
i have not noticed much...
which is either good news or not so good news...

for me...
i like to learn from the msg that i see
on the screen from Comodo...
i am continually surprised at how many
settings or registry entries or processes
that many software products are involved with
this at least can make me more informed...

long post...
rambling thoughts...

but back to my main point

how does an enduser
know whether or not their AV product
has been compromised or modified?

Which, if any, products are able to restore
the original settings after detecting and quarantine
rootkits or trojans?

I have used Malwarebytes for some time...
and Spybot and Superantispyware also...

however, after installing a2cmd and Avira
i noticed that there were quite a number of
malware? trojans or viruses that were detected
as i quarantine them...

i know after reading a lot of forum posts
that there is not any AV product that is able
to provide 100% protection...
in spite of the enthusiastic fans for each product

to me it seems that currently
surfing on the Net brings a high probability
of too many rootkits, trojans and other malware...

excuse me for the long post...

 

You can check if your AV detects the EICAR test virus.