Author Topic: Avast-Boot Scan;what does it do?  (Read 5437 times)

0 Members and 1 Guest are viewing this topic.

Offline naive melody

  • Newbie
  • *
  • Posts: 3
  • Freedom above all else
Avast-Boot Scan;what does it do?
« on: March 08, 2006, 06:58:02 AM »
I have a simple question: Avast-Boot Scan- what does it really do? Big question-What are it's advantages and disadvantages in terms of dealing with all sorts of malware??Avast seems to be one of the very anti-virus software proclaiming this feature, why doesn't other anti-virus software groups use it,especially McAfee or Norton ?I have heard of some malware that can survive a antivirus-boot scan.

Offline XMAS

  • Avast translator
  • Super Poster
  • ***
  • Posts: 1211
  • Santa is watching you ;)
    • avast! in Bulgarian
Re: Avast-Boot Scan;what does it do?
« Reply #1 on: March 08, 2006, 07:22:40 AM »
Hello native melody :)

Quote
Avast-Boot Scan- what does it really do?
Well, the boot-time scan is very useful feature - it scans the PC before Windows load, thus preventing the virus to start and load in the PC  operating memory. For example if a virus has infected your PC and this virus is loaded in the operating memory,  Windows will not allow you to delete this file because it is in use, the boot-time scan will scan the PC before the virus is loaded and will remove the virus ;)
You've Got To Get Close To The Flame To See What It's Made Of...

Offline TAP

  • Sr. Member
  • ****
  • Posts: 201
  • I'm a llama!
Re: Avast-Boot Scan;what does it do?
« Reply #2 on: March 08, 2006, 09:12:24 AM »
Boot-time scan is the great & unique feature of avast! antivirus. I think avast! is the only one antivirus who has this feature, does anyone confirm this?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65768
Re: Avast-Boot Scan;what does it do?
« Reply #3 on: March 08, 2006, 02:16:29 PM »
Boot-time scan is the great & unique feature of avast! antivirus. I think avast! is the only one antivirus who has this feature, does anyone confirm this?
Some others has floppy (or better CD) recovery possibilities: Symantec and AVG have this feature.
avast has Bart CD but, unfortunatelly it's not for home users (price troubles...).
I haven't found other antivirus with boot time scanning like avast!
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71444
  • No support PMs thanks
Re: Avast-Boot Scan;what does it do?
« Reply #4 on: March 08, 2006, 03:57:12 PM »
There are occasions when windows actually protects viruses (when they are in system folders, when they are in use, etc.) and the AV can't move or delete them because of this protection. When this happens you usually get a windows pop-up stating that you can't do that. So a boot-time scan prior to windows loading is able to get around that problem.

Perhaps you could mention the malware that evades avast's boot-time scan ?
If avast doesn't detect it during a normal scan then it won't detect it during a boot-time scan, so if avast can detect it normally it shouldn't evade a boot-time scan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4860
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Avast-Boot Scan;what does it do?
« Reply #5 on: March 08, 2006, 04:23:12 PM »
Malware that seems to be able to evade avast!'s boot time scan includes pseudo rootkits (The type that employ a driver which is not itself hidden) and process injecting Trojans which inject dll's into Windows processes at startup. Both of these types of malware are detected by avast! in memory, but even a boot time scan won't remove them.

I've seen many examples of both on the forum.

There are more sophisticated malware removal tools available than a boot time scan: Ewido can detect and remove process injecting Trojans from memory- which is why it proves so effective against some stubborn infections on the forum- and Sysclean from Trend Micro will remove the registry entries that start up rootkit drivers and allow the malware to be removed, or at least it claims to be effective against the FU type rootkit infection. Certainly there are scripts available to defeat this type of rootkit by disabling the driver and removing registry entries- for example there is a script posted on the forum which will remove the rdriv.sys rootkit, something that a boot time scan certainly can't do.

Sadly, boot time scanning is no longer the last word in malware removal...



     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog