Avast WEBforum
Other => General Topics => Topic started by: naive melody on March 08, 2006, 06:58:02 AM
-
I have a simple question: Avast-Boot Scan- what does it really do? Big question-What are it's advantages and disadvantages in terms of dealing with all sorts of malware??Avast seems to be one of the very anti-virus software proclaiming this feature, why doesn't other anti-virus software groups use it,especially McAfee or Norton ?I have heard of some malware that can survive a antivirus-boot scan.
-
Hello native melody :)
Avast-Boot Scan- what does it really do?
Well, the boot-time scan is very useful feature - it scans the PC before Windows load, thus preventing the virus to start and load in the PC operating memory. For example if a virus has infected your PC and this virus is loaded in the operating memory, Windows will not allow you to delete this file because it is in use, the boot-time scan will scan the PC before the virus is loaded and will remove the virus ;)
-
Boot-time scan is the great & unique feature of avast! antivirus. I think avast! is the only one antivirus who has this feature, does anyone confirm this?
-
Boot-time scan is the great & unique feature of avast! antivirus. I think avast! is the only one antivirus who has this feature, does anyone confirm this?
Some others has floppy (or better CD) recovery possibilities: Symantec and AVG have this feature.
avast has Bart CD but, unfortunatelly it's not for home users (price troubles...).
I haven't found other antivirus with boot time scanning like avast!
-
There are occasions when windows actually protects viruses (when they are in system folders, when they are in use, etc.) and the AV can't move or delete them because of this protection. When this happens you usually get a windows pop-up stating that you can't do that. So a boot-time scan prior to windows loading is able to get around that problem.
Perhaps you could mention the malware that evades avast's boot-time scan ?
If avast doesn't detect it during a normal scan then it won't detect it during a boot-time scan, so if avast can detect it normally it shouldn't evade a boot-time scan.
-
Malware that seems to be able to evade avast!'s boot time scan includes pseudo rootkits (The type that employ a driver which is not itself hidden) and process injecting Trojans which inject dll's into Windows processes at startup. Both of these types of malware are detected by avast! in memory, but even a boot time scan won't remove them.
I've seen many examples of both on the forum.
There are more sophisticated malware removal tools available than a boot time scan: Ewido can detect and remove process injecting Trojans from memory- which is why it proves so effective against some stubborn infections on the forum- and Sysclean from Trend Micro will remove the registry entries that start up rootkit drivers and allow the malware to be removed, or at least it claims to be effective against the FU type rootkit infection. Certainly there are scripts available to defeat this type of rootkit by disabling the driver and removing registry entries- for example there is a script posted on the forum which will remove the rdriv.sys rootkit, something that a boot time scan certainly can't do.
Sadly, boot time scanning is no longer the last word in malware removal...