Question on scanning

Discussion in 'other software & services' started by screamer, May 2, 2007.

Thread Status:
Not open for further replies.
  1. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Quick question here:

    How likely is it that a virus, malware or rootkit will settle into an "existing" .doc, .jpg, .xls...?
    What I'm referring to is "My Documents" folder. Mine is quite extensive and takes a while to scan. I'm looking to cut down on scan times and wondering if I can exclude certain folders from the scanning list.

    ...screamer
     
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Why not schedule the scanning while sleeping, or otherwise occupiedo_O
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Screamer,
    I'm still working on securing my system partition.
    My data partition is next and then I might be able to help you, IF I find a solution, because my data partition contains also something like "My Documents".

    Meanwhile you have to run daily as many AV/AS/AT/AK/AR-scanners you can on the folder "My Documents" to keep your data malware-free. :)
     
  4. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    They -are on schedules for when I do sleep.

    What my question was really asking is what files are most susceptible to infection / infiltration. With some malware scanners there is a "Quick Scan" which never scans .doc, .jpg... [MOVE](never say never)[/MOVE]

    For instance: the setup.exe files in my Download folder. If D/L'd clean, are they susectible to later infection / infiltration?

    My .doc, .pdf, .jpg... if previously clean, are these susceptible?

    ...screamer
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm way too stupid, to answer such intelligent question. You will need a real malware expert to answer that question. :oops:
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Screamer

    Now you've touched on why I am loving the newer KAV programs. The FILE AV is scanning new stuff as you touch it, and the scanner part has the option to only scan new and changed files, so if you don't change a file it doesn't automatically get rescanned.

    On my new system's c: drive which is 20g, a complete new scan takes about 30minutes. Subsequent scans take about 5 with the latest beta's. Used to be about 3, but they have added a heuristics scanner and rootkit scanner in the latest beta's.

    Pete
     
  7. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Re: Question on scanning: what files are most susceptible...

    Hey Pete :)

    Yeah, I understand... It'sa great concept. (once scanned, files not touched, they're not scanned again)

    NOD & SWD ver.5 both scan the file on execution. Which in my mind leads me to believe that scheduled scans are not as important as I once thought. I may be wrong though...

    My question is still out there though:

    what files are most susceptible to infection / infiltration??

    ...screamer

    edit: perhaps by changing the title of this thread, I'll get a response.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Re: Question on scanning: what files are most susceptible...

    Fair enough. Quoting from the KAV help file. I am not sure they picked up the MS Office 2007 new extensions.


    com - executable file for a program no larger than 64 KB
    exe - executable file or self-extracting archive
    sys - system file
    prg - program text for dBase, Clipper or Microsoft Visual FoxPro, or a WAVmaker program
    bin - binary file
    bat - batch file
    cmd - command file for Microsoft Windows NT (similar to a .bat file for DOS), OS/2.
    dpl - compressed Borland Delphi library
    dll - dynamic loading library
    scr - Microsoft Windows splash screen
    cpl - Microsoft Windows control panel module
    ocx - Microsoft OLE (Object Linking and Embedding) object
    tsp - program that runs in split-time mode
    drv - device driver
    vxd - Microsoft Windows virtual device driver
    pif - program information file
    lnk - Microsoft Windows link file
    reg - Microsoft Windows system register key file
    ini - initialization file
    cla - Java class
    vbs - Visual Basic script
    vbe - BIOS video extension
    js, jse - JavaScript source text
    htm - hypertext document
    htt - Microsoft Windows hypertext header
    hta - hypertext program for Microsoft Internet Explorer
    asp - Active Server Pages script
    chm - compiled HTML file
    pht - HTML with built-in PHP scripts
    php - script built into HTML files
    wsh - Microsoft Windows Script Host file
    wsf - Microsoft Windows script
    the - Microsoft Windows 95 desktop wallpaper
    hlp - Win Help file
    eml - Microsoft Outlook Express e-mail file
    nws - Microsoft Outlook Express new e-mail file
    msg - Microsoft Mail e-mail file
    plg - e-mail
    mbx - extension for saved Microsoft Office Outlook e-mails
    doc - Microsoft Office Word document
    dot - Microsoft Office Word document template
    fpm - database program, start file for Microsoft Visual FoxPro
    rtf - Rich Text Format document
    shs - Shell Scrap Object Handler fragment
    dwg - AutoCAD blueprint database
    msi - Microsoft Windows Installer packet
    otm - VBA project for Microsoft Office Outlook
    pdf - Adobe Acrobat document
    swf - Shockwave Flash file
    jpg, jpeg - compressed image graphics format
    emf - Enhanced Metafile format Next generation of Microsoft Windows OS metafiles. EMF files are not supported by 16-bit Microsoft Windows.
    ico - icon file
    ov? - MS DOC executable files
    xl* - Microsoft Office Excel documents and files, such as: xla - Microsoft Office Excel extension, xlc - diagram, xlt - document templates, etc.
    pp* - Microsoft Office PowerPoint documents and files, such as: pps - Microsoft Office PowerPoint slide, ppt - presentation, etc.

    md* - Microsoft Office Access documents and files, such as: mda - Microsoft Office Access work group, mdb - database, etc.


    Remember that the actual format of a file may not correspond with the format indicated in the file extension.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    Malware does not actively infect existing user files. A clean .doc is not somehow subverted. But you can downloaded a .doc with scripts and secondary payload and whatnot that could be infected.

    System files can be changed/replaced, kernel patched etc... to allow extended and continuous functionally for the downloaded content, so it could survive reboot or cleaning.

    Mrk
     
  10. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    How likely is it that a virus, malware or rootkit will settle into an "existing" .doc, .jpg, .xls...?

    Fair enough, now we're getting somewhere.

    Pete, KAV's list looks as though that are the files that the AV scans. What I'm searching for is the most "vulnerable / likely" files to get infected.

    ...screamer
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    I wrote can downloaded - I must be getting old...
    Most likely files? Exe...
    Mrk
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Screamer

    KAV has several options. One is to scan all files. Another(where I got the list) is to scan certain files by extension. So I have to assume that the list is those extensions they consider most vulnerable.

    Pete
     
Loading...
Thread Status:
Not open for further replies.