when do you feel your system is 100% clean??

Discussion in 'other anti-virus software' started by zfactor, Jul 20, 2009.

Thread Status:
Not open for further replies.
  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    this is a question and for sure not a versus thing here.. this started when nis2009 flagged a file as a trojan. me being paranoid.. want to make sure my system is 100% clean...

    i mean just now i scanned with nis2009, dr web cure it, eset online, panda online, fsescure online. dr web found a file "not a virus" but no one else did. eset found a file (forget the name of what it called it) but no one else did, nis2009 didnt report anything nor did panda or fsecure. i also ran a safe mode scan with nis2009 eset and dr web...

    if all of the above said your system was clean would you trust that or would you be the type to restore a image back to before the file(s) got flagged etc..

    how far do you go to make sure your system is cleano_O? just being curious here...and what steps do you take to the point where you feel comfortable witht he results... again just curious
     
  2. thathagat

    thathagat Guest

    ummm......
    (a) multiple scans like you did which deem system clean
    (b) check running processes with say process explorer nothing fishy there also indicates a reasonable level of clean system
    well...that's what i can think of maybe someone else can shed some more light
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    1. Run another scan with your AV after it states it has cleaned up the offender.

    2. Run an online virus scan if you're worried.

    3. Run an antispyware scan such as MalwareBytes.

    If after those steps the scans say you're clean, stop screwing with it, you're clean. There is no sense in wasting your time doing scan after scan. Don't be paranoid, there's no need for 3rd and 4th opinions, a second opinion will do just fine in 99.9% of all cases.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    If I was truly worried and/or unsure, I'd reformat or restore an image. Simple as that.
     
  5. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    I would have submitted that suspicious file to Norton for detailed verifications
     
  6. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    I've completely recovered the computer to the state it was when I bought it.
     
  7. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I do a manual check, then multiple scans using different AVs/ASs to be on the safe side.

    Format/restore is a safer option, but I simply do not have the time for this.


    Absence of evidence is not evidence of absence ;)
     
  8. hamzah95

    hamzah95 Registered Member

    Joined:
    Jun 22, 2009
    Posts:
    108
    Just upload the flagged files to virustotal.com.:thumb:
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Check your system also with some rootkit detectors: GMER, RootRepeal..
     
  10. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    file was submitted..

    nice to see im not the only paranoid one here lol... interesting to see how many people would either format or restore.....

    even uploading the file to virustotal.. what do you then do if only 50% say its infected??

    i just thought it a good question, thanks for all the answers so far
     
  11. hamzah95

    hamzah95 Registered Member

    Joined:
    Jun 22, 2009
    Posts:
    108
    What is that file, a hack tool, a keygen, a crack?
     
  12. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    Attention: This is not a versus reply in any way and if anyone takes it that way then they are missing the intent of my reply.

    Scanned a system that was running NIS 2009 but acting like it was infected with something. Strange behavior on the web browser and unexpected shutdowns. However NIS found nothing in the scans. I removed NIS completely and installed Vipre again and it found a dnschangertrojan on the machine. Funny thing was Superantispyware was also running on that machine and it found nothing either. It was obvious from the way the machine was running that it had something in it. So really I think it doesn't matter which product your running, one will always find something that another misses. I guess it reinforces the multi layer strategy.

    When I originally read your post I thought hmmm... the only time I feel my machine is 100% clean is when I slide in a brand new hard drive without any OS loaded yet lol!
     
  13. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    You're quite correct about paranoia,even if I have the merest hint of doubt I restore to a pre-incident image,even if it's unnecessary to do so.o_O
     
  14. Kevin523

    Kevin523 Registered Member

    Joined:
    May 1, 2008
    Posts:
    72
    I understand the paranoia part as I'm the same way. I keep thinking to myself "What if there's still something thereo_O" Of course now what I do is I scan with my AV again (rebranded Bitdefender 2009) and then if the AV allows it I reboot in safe mode and scan again. Then I usually run Dr. Web CureIt, Superantispyware Pro and believe it or not Clamwin. I know Clamwin doesn't have a huge database but a couple of times it's caught newer stuff that a lof of AVs missed. Sometimes I do online scans too and a couple of antirootkit scans.
     
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I am of the opinion that a fresh install is clean. A clean baseline image is then made, free of any 'issues'. I personally test things I want to put into my clean image before putting it there. This way, I know my image, as it is re-made with new changes, has only clean, well-behaved applications. I have at times gone so far as to disable my nic in the image, so that when I restore it to make some planned updates or changes, there is no fear of anything 'somehow' compromising my otherwise clean image.

    Everyone has differing views on it, but for me, doing it this way, it leaves no doubts whatsoever that my image is in a pristine state, and providing I have the proper methods in place, should stay that way until I really start messing with things.

    Sul.
     
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    A manual check using different scanners will take anything between 1-2 hours. A clean reinstall will be definitely time consuming 3 hours- 3 days (depends how long you can dedicate to your computer daily). A restore from a backup image I think is the best way to go, 7-10 minutes. Once restoring is a fine tuned process it can be used for many purposes, including testing different configurations and operating systems.
     
  17. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    a lenovo tool to open insyde bios'. not really any of the above as its a legit file but i guess it could be shown as a "hack tool" by some av's. nis2009 saw it as a trojan.
     
  18. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    After I wipe the Free Space on all the Hard Drives with CyberScrub.
    CyberScrub will clean out the Master File Table (MFT).
    1KB links to deleted files and uninstalled programs still reside in the Master File Table.
    There is an 1KB link for every file on the hard drive stored in the Master File Table, deleting files and uninstalling programs does not remove this 1KB link.
    Wiping the hard drives free space with conventional tools does not remove the 1KB link from the Master File Table.
    CyberScrub exists the ability to allocate the orphaned 1KB links in the Master File Table and scramble the data.

    The Master File Table will expand as needed to contain its data of the 1KB links, but the Master File Table will never contract its self.
    Over time, this can cause severe fragmentation and noticeable slowdown of the System as these are System Files and can not be Defragmented with conventional defragmenting tools.
    This is one of the contributing factors to Windows slowing down over time.
    System Files can be defragmented with special tools during Boot Time, this is called Boot Time Defragmentation. Tools like Diskeeper and Perfect Disk exist this feature.
    Tools like Diskeeper and Perfect Disk also exist the ability to expand the Master File Table according to Microsoft Standards. The expansion of the Master File Table is calculated
    in relation to the space consumed by data on the hard drive. Expanding the Master File Table to allow more Free Space within the Master File Table will help alleviate fragmentation.

    So.....by running CyberScrub first, then running an Boot Time Defragmentation.....that data is gone baby!


    HKEY1952
     
  19. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I run multiple scans but like ESET, or Avast & than Superantispyware & Malwarebytes, if I come up clean on the 3 scans I'm satisfied...
     
  20. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hmm, very informative, good info
     
  21. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    So the only reason you think you may be infected is because an AV program said so? Ouch... here's something people should know: AVs have false positives. And the more security-minded you are, the higher the chance is that you will only ever run into false positives instead of real infections. If some AV alerts you on a file that you have good reason to think is legit (came from a good source), then check things further before assuming you're infected. What do other AVs say (those multiscanner services like VirusTotal, Jotti and so on)? What do automated analysis services like ThreatExpert say? Send the file off to your AV vendor for analysis, and tell them it may be a false positive. If your AV vendor replies back and says "Sorry, it's fixed now" then you have no worries about the file. If they reply back "No, this is actually malware", then you have reason for the worries. Maybe.

    AV software can't tell you whether you're clean. All they can tell you at best is that they found some file that happens to be in their signature list or raises red flags with their heuristic detections.
     
    Last edited: Jul 24, 2009
  22. philetus

    philetus Registered Member

    Joined:
    Jul 8, 2009
    Posts:
    12
    Location:
    California
    Is Malwarebytes as good as Malwarebytes thinks it is?
    Does the paid version do anything that I can't get for free?
    Will the paid version justify the cost?
     
  23. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    550
    Location:
    Moon
    "when do you feel your system is 100% clean?? "

    NOW I FEEL:eek:
     
  24. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    When I know I'm just the only one who use that PC :shifty: :D
     
  25. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Yeah I know what you mean. It's difficult to educate my wife not clicking on everything.o_O:p
     
Loading...
Thread Status:
Not open for further replies.