Should we trust a file that has been cleaned of a virus ??

Discussion in 'other anti-virus software' started by bollity, Jun 20, 2009.

Thread Status:
Not open for further replies.
  1. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    Most antivirus softwares give an option to clean an infected file.Sometimes it says "successfully cleaned" and sometimes it says "can't be cleaned".
    Should we trust files after being cleaned?
     
  2. benton4

    benton4 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    158
    Location:
    Oregon
    That depends on if you trust the antivirus software you are using. I trust what I use, so I would use said file after a cleaning.
     
  3. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    as benton4 mentions, that depends. however in my view it depends on whether you can verify that the cleaned state of the file exactly matches the pre-infected state of the file (usually with some sort of hash or checksum).

    if it doesn't match then the disinfection process was imperfect (which can often be the case). that's not to say the file will activate a malicious payload that the av missed, but rather that it neutered the bad code but couldn't perfectly restore the file. sometimes this is good enough and the file will work, sometimes it isn't good enough and the file won't work.

    disinfection by general purpose av isn't something to be relied upon - it's more of a last resort, you're better off restoring files identified as infected from known clean backups (and if you don't have those yet then you ought to start making some).
     
  4. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    sometimes yes sometimes no
    first of all if the file is from the system you can not do much about it but to trust and hope it was really cleaned. if the file is not important you better delete it. It is better to not get infected at all :D :D :D
     
  5. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    if after "cleaning" with a highly rated product and then rescanned with a couple of the highly regarded web based scanners as well you can probably trucst it to be free of infection:-whether or not the file will run as it should is a different matter
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I wouldn't. Can usually get another virgin copy of the file...why waste time worrying about it, replace it with an authentic one.

    There are a lot of zeros and ones that make up a file. Bound to be slightly corrupt after a cleaning, what kind of stability problems will it cause down the road?
     
  7. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    yes but some times you can be infected with a worm that infect all exe files on your harddisk , imagine that you loose all setup files of the programs you collected for months.we can make backup of these files but most people don't do that
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    then you've got problems!why worry about a "worse case scenario":-you're not the type to lie awake at night wondering if tomorrow will be the day the next asteroid hits earth are you?
    In that case(not the asteroid!) just clean the PC and see how it runs:-you can't really do anything else!
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The fact that you're concerned about it happening before the event puts you in a favourable position to many.You can create a back up image of your drive and worry no more about such matters.;)

    And for those that don't show such foresight? Alas like with those people that don't bother to take out home insurance until it's too late,they have to live with the consequences,there is no 100% guaranteed effective cleanup of all infected files.
     
    Last edited: Jun 20, 2009
  10. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Eversince I started learning how to secure a computer, my computer particularly, I know there are two situations:1) my system is clean, my AV detects/deletes the threat (happened many times) 2) My system is infected, whether is one file or many, I'd restore the whole Drive (never happened so far).

    It is obviously a different situation if you have to help somebody with their infected machine: A reinstall is time consuming, the OS CD might have been lost, the only alternative is cleaning up the computer with many applications.
    Some infections are beyond any possible cleaning, according to some horror stories.
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    That depends on the AV software, the infection, and if you want to take the risk it has not been cleaned properly.

    It's all about how much risk you're willing to tolerate, and if you have a proper image to restore. Or if you want to do a full reinstall of the OS plus the rest, which is a pain. It's a matter of choice. I'm paranoid enough to restore an image if I even suspect I may have been infected. Btw, infections, even if cleaned 'properly', can cause corruption of the OS, in which case imaging software is very convenient.
     
Loading...
Thread Status:
Not open for further replies.