Jump to content
johncesta

Why aren't all viruses caught on first pass?

Recommended Posts

I have a question? Why aren't all the problems caught on the first scan? I have run and rerun SAS in safe mode etc and each time it finds more and more problems?

I have used this product successfully in the past and I think it's a great product.

Today I have a client that got the spy guard 2008 stuff and I've run and rerun various programs to remove it.

Thanks.

John

Share this post


Link to post
Share on other sites
I have a question? Why aren't all the problems caught on the first scan? I have run and rerun SAS in safe mode etc and each time it finds more and more problems?

I have used this product successfully in the past and I think it's a great product.

Today I have a client that got the spy guard 2008 stuff and I've run and rerun various programs to remove it.

Thanks.

John

Some items may be being installed with the scan is in process, and sometimes other times are written out when the system reboots - it's always wise to scan, reboot and re-scan to ensure the infection is removed.

Share this post


Link to post
Share on other sites

Some spyware actively hides other spyware from scanning programs. The intent is for the software to be hidden and then reinstalled when the scanner 'isn't looking.'

Rootkits are the worst example of this, but there are higher-level ways to hide things from the scanner as well, including active detection of the most popular scanning programs. The TDS rootkit, for example, uses a combination of the above.

There's also the rare possibility that you've encountered a new variant of a dropper/etc that isn't in the definitions (SOMEONE has to be first, after all). In that case, a scan may remove the 'older' spyware, but not see the dropper as it continues to obtain new spyware to install. Keep in mind that this is extremely rare, and should be the last thought in your mind.

With regard to Spy Guard/Winantivirus/etc, there are literally *hundreds* of variants of these applications. They're mostly harmless, just very annoying. SAS coupled with a good antivirus app will keep them from doing anything terribly malicious (AV heuristics will catch any keylogging, for example), so you may simply have to wait several days until new definitions are available to completely remove them.

I wouldn't trust my bank account to a machine with one of them 'installed,' but the goal of those 'businesses' isn't to steal information from you, rather to scare/con you into paying for the 'product.' That way, they can stay just in the narrowest grey area of the law.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×