Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ZoAm on May 03, 2011, 02:42:31 AM
-
Is there some advantage in running full system scan and clean operation under Administrative user? Immediately after the infection warning, it may be less risky to check and clean the system under currently logged on, nonprivileged user (and possibly before reset and OS boot necessary for boot-time scan install some newly downloaded virus component which would not be recognized)? What is the recommended cleaning procedure? Immediate full scan under the current user, before he has logged off, whatever user rights he may have? Or scan immediately, but logged as administrator? Or reset and login as administrator, and then perform scan? Or login as administrator, schedule boot time scan, reset? Or possibly instant power switch off, and then boot from some bootable CD with Avast, if such CD is available? What is the procedure that you recommend to us, and under what user rights scan and clean should be done?
-
Not really as the avastSvc.exe is running at System level, just check Task Manager.
Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.
I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.
Since avast is a resident on-access scanner then most of its shields (web, network, mail, p2p and IM shields) are trying to prevent infection getting in. The file system shield is there to scan files before being allowed to be opened/modified/run/modified, etc. So you have protection in depth.
So the actual notification/alert isn't the end of the world and an indication of a wider infection. After an alert you could run a full scan or a boot-time scan, but that would be personal choice. Of course you can also seek help on the viruses and worms forum.
Another option would be to run another scan with something like an anti-malware scanner.
If you haven't already got this software (freeware), download, install, update and run it.
- 1. MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
- 2. SUPERantispyware (http://www.superantispyware.com) (SAS). On-Demand only in free version.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie (http://en.wikipedia.org/wiki/HTTP_cookie).
-
Not really as the avastSvc.exe is running at System level, just check Task Manager.
Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.
I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.
Since avast is a resident on-access scanner then most of its shields (web, network, mail, p2p and IM shields) are trying to prevent infection getting in. The file system shield is there to scan files before being allowed to be opened/modified/run/modified, etc. So you have protection in depth.
So the actual notification/alert isn't the end of the world and an indication of a wider infection. After an alert you could run a full scan or a boot-time scan, but that would be personal choice. Of course you can also seek help on the viruses and worms forum.
Another option would be to run another scan with something like an anti-malware scanner.
If you haven't already got this software (freeware), download, install, update and run it.
- 1. MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
- 2. SUPERantispyware (http://www.superantispyware.com) (SAS). On-Demand only in free version.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie (http://en.wikipedia.org/wiki/HTTP_cookie).
Tracking cookies can be have been used by governments as spy cookies. They are used by governments to track visitors to government websites and build a profile of visitors. This is especially true if a user logs into a government website. Once the government has your login id they can track you across the web if you use that same login for other websites and set about compiling a dossier of you to be used by the government as they see fit.
-
Tracking cookies are placed on your computer and unless removed can be used by the any government agency to incriminate you if they confiscate your computer with the tracking cookie and tracking cookie log still on your computer.
Since websites do not ask you before placing tracking cookies on your computer they are total invasion of your privacy. As such they can be a major security risk.
-
Not really as the avastSvc.exe is running at System level, just check Task Manager.
Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.
I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.
I was aware that real time shields must use Avast service module that run under Local System account. But I was not sure if scans originated from GUI, which run under user account, are doing the same. Thanks.
As for the second matter, I was referring to the situation when the virus is detected after the infection, or possibly when only some later manifestation of the virus was detected (or just one of several newly downloaded is recognized). Recommended procedure would be something that people who know a lot about usual virus operation think is least risky procedure. For example, if keyboard activity is monitored, logging on as domain administrator reveals domain admin password. Than all computers in the network can be infected, even if we clean original computer during the next 10 minutes, it may be to late for the rest of the network. Or, some files can be changed and infected only during OS boot procedure because they are usually locked. So, reset and OS boot can corrupt some system files that cannot be changed during the runtime even if the virus is active. If the cleanup procedure is done without reset, it may be easier to detect all instances and eliminate some virus. On the other hand, after the reset, virus may not be in the memory any more, if the system and another user is not compromised. I was referring to the considerations like that. However, as you said, it is obvious that all of that depend on the virus. Problem is that we may not know what it does, or do not have time to study it's behavior, so we must adopt some default recommendations about best procedures to deal with unknown new infection.