when do you feel your system is 100% clean??

this is a question and for sure not a versus thing here.. this started when nis2009 flagged a file as a trojan. me being paranoid.. want to make sure my system is 100% clean...

i mean just now i scanned with nis2009, dr web cure it, eset online, panda online, fsescure online. dr web found a file "not a virus" but no one else did. eset found a file (forget the name of what it called it) but no one else did, nis2009 didnt report anything nor did panda or fsecure. i also ran a safe mode scan with nis2009 eset and dr web...

if all of the above said your system was clean would you trust that or would you be the type to restore a image back to before the file(s) got flagged etc..

how far do you go to make sure your system is clean? just being curious here...and what steps do you take to the point where you feel comfortable witht he results... again just curious

 

ummm......
(a) multiple scans like you did which deem system clean
(b) check running processes with say process explorer nothing fishy there also indicates a reasonable level of clean system
well...that's what i can think of maybe someone else can shed some more light

 

1. Run another scan with your AV after it states it has cleaned up the offender.

2. Run an online virus scan if you're worried.

3. Run an antispyware scan such as MalwareBytes.

If after those steps the scans say you're clean, stop screwing with it, you're clean. There is no sense in wasting your time doing scan after scan. Don't be paranoid, there's no need for 3rd and 4th opinions, a second opinion will do just fine in 99.9% of all cases.

 

If I was truly worried and/or unsure, I'd reformat or restore an image. Simple as that.

 

I would have submitted that suspicious file to Norton for detailed verifications

 

I've completely recovered the computer to the state it was when I bought it.

 

I do a manual check, then multiple scans using different AVs/ASs to be on the safe side.

Format/restore is a safer option, but I simply do not have the time for this.


Absence of evidence is not evidence of absence

 

Just upload the flagged files to virustotal.com.

 

Check your system also with some rootkit detectors: GMER, RootRepeal..

 

file was submitted..

nice to see im not the only paranoid one here lol... interesting to see how many people would either format or restore.....

even uploading the file to virustotal.. what do you then do if only 50% say its infected??

i just thought it a good question, thanks for all the answers so far

 

What is that file, a hack tool, a keygen, a crack?

 

Attention: This is not a versus reply in any way and if anyone takes it that way then they are missing the intent of my reply.

Scanned a system that was running NIS 2009 but acting like it was infected with something. Strange behavior on the web browser and unexpected shutdowns. However NIS found nothing in the scans. I removed NIS completely and installed Vipre again and it found a dnschangertrojan on the machine. Funny thing was Superantispyware was also running on that machine and it found nothing either. It was obvious from the way the machine was running that it had something in it. So really I think it doesn't matter which product your running, one will always find something that another misses. I guess it reinforces the multi layer strategy.

When I originally read your post I thought hmmm... the only time I feel my machine is 100% clean is when I slide in a brand new hard drive without any OS loaded yet lol!

 

You're quite correct about paranoia,even if I have the merest hint of doubt I restore to a pre-incident image,even if it's unnecessary to do so.

 

I understand the paranoia part as I'm the same way. I keep thinking to myself "What if there's still something there" Of course now what I do is I scan with my AV again (rebranded Bitdefender 2009) and then if the AV allows it I reboot in safe mode and scan again. Then I usually run Dr. Web CureIt, Superantispyware Pro and believe it or not Clamwin. I know Clamwin doesn't have a huge database but a couple of times it's caught newer stuff that a lof of AVs missed. Sometimes I do online scans too and a couple of antirootkit scans.

 

I am of the opinion that a fresh install is clean. A clean baseline image is then made, free of any 'issues'. I personally test things I want to put into my clean image before putting it there. This way, I know my image, as it is re-made with new changes, has only clean, well-behaved applications. I have at times gone so far as to disable my nic in the image, so that when I restore it to make some planned updates or changes, there is no fear of anything 'somehow' compromising my otherwise clean image.

Everyone has differing views on it, but for me, doing it this way, it leaves no doubts whatsoever that my image is in a pristine state, and providing I have the proper methods in place, should stay that way until I really start messing with things.

Sul.

 

A manual check using different scanners will take anything between 1-2 hours. A clean reinstall will be definitely time consuming 3 hours- 3 days (depends how long you can dedicate to your computer daily). A restore from a backup image I think is the best way to go, 7-10 minutes. Once restoring is a fine tuned process it can be used for many purposes, including testing different configurations and operating systems.

 

a lenovo tool to open insyde bios'. not really any of the above as its a legit file but i guess it could be shown as a "hack tool" by some av's. nis2009 saw it as a trojan.

 

After I wipe the Free Space on all the Hard Drives with CyberScrub.
CyberScrub will clean out the Master File Table (MFT).
1KB links to deleted files and uninstalled programs still reside in the Master File Table.
There is an 1KB link for every file on the hard drive stored in the Master File Table, deleting files and uninstalling programs does not remove this 1KB link.
Wiping the hard drives free space with conventional tools does not remove the 1KB link from the Master File Table.
CyberScrub exists the ability to allocate the orphaned 1KB links in the Master File Table and scramble the data.

The Master File Table will expand as needed to contain its data of the 1KB links, but the Master File Table will never contract its self.
Over time, this can cause severe fragmentation and noticeable slowdown of the System as these are System Files and can not be Defragmented with conventional defragmenting tools.
This is one of the contributing factors to Windows slowing down over time.
System Files can be defragmented with special tools during Boot Time, this is called Boot Time Defragmentation. Tools like Diskeeper and Perfect Disk exist this feature.
Tools like Diskeeper and Perfect Disk also exist the ability to expand the Master File Table according to Microsoft Standards. The expansion of the Master File Table is calculated
in relation to the space consumed by data on the hard drive. Expanding the Master File Table to allow more Free Space within the Master File Table will help alleviate fragmentation.

So.....by running CyberScrub first, then running an Boot Time Defragmentation.....that data is gone baby!


HKEY1952

 

I run multiple scans but like ESET, or Avast & than Superantispyware & Malwarebytes, if I come up clean on the 3 scans I'm satisfied...

 

hmm, very informative, good info

 

So the only reason you think you may be infected is because an AV program said so? Ouch... here's something people should know: AVs have false positives. And the more security-minded you are, the higher the chance is that you will only ever run into false positives instead of real infections. If some AV alerts you on a file that you have good reason to think is legit (came from a good source), then check things further before assuming you're infected. What do other AVs say (those multiscanner services like VirusTotal, Jotti and so on)? What do automated analysis services like ThreatExpert say? Send the file off to your AV vendor for analysis, and tell them it may be a false positive. If your AV vendor replies back and says "Sorry, it's fixed now" then you have no worries about the file. If they reply back "No, this is actually malware", then you have reason for the worries. Maybe.

AV software can't tell you whether you're clean. All they can tell you at best is that they found some file that happens to be in their signature list or raises red flags with their heuristic detections.

 

Is Malwarebytes as good as Malwarebytes thinks it is?
Does the paid version do anything that I can't get for free?
Will the paid version justify the cost?

 

"when do you feel your system is 100% clean?? "

NOW I FEEL

 

When I know I'm just the only one who use that PC

 

Yeah I know what you mean. It's difficult to educate my wife not clicking on everything.