Author Topic: avast 5 not scanning the registry, do you mind?  (Read 3656 times)

0 Members and 1 Guest are viewing this topic.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
avast 5 not scanning the registry, do you mind?
« on: March 14, 2010, 12:09:48 AM »
I know Avast (neither 4.8 nor 5) doesn't scan the registry. So what if following a spyware infection (seen that happen with "MSN+" a few years ago, was entirely my fault, I was warned, thought I could avoid the malware, I didn't). OK this said what if you're just protected with Avast, and your registry gets infected with tens of bad keys. I asked the question once a few months ago and Vlk told me that there was always a file behind a reg key. I couldn't agree more, but what if the file is gone (temp folder), or it's been removed successfully by Avast, leaving tens of registry entries behind. Obviously Avast isn't able to detect them, so it won't remove them. But, do we have to consider that once the corresponding files are gone, the registry keys don't matter anymore? I'm not sure about that at all, that's why I'm posting this thread. Intuitively I would say that bad reg keys can remain active, recreate files, and take control of the system. Also I've seen former MS antispy take care of the incident I mentioned at the beginning of this post by removing all files and registry keys resulting from the malware invasion; so to be honest, I'm not quite happy with the fact that Avast doesn't touch the registry...I know, I can use SAS or MBAM for that but I'd rather have a same product doing the cleaning, my main AV/antispy is Avast, so Avast should do it ;)
w7 - ais7

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: avast 5 not scanning the registry, do you mind?
« Reply #1 on: March 14, 2010, 12:13:41 AM »
Better having innocuous keys left behind than messing with the Registry...
avast is an antimalware. Registry cleaners aren't toys. And I think it's not the focus of avast.
Just my 0.02.

I would say that bad reg keys can remain active, recreate files, and take control of the system.
1. It's not truth.
2. Paranoia ;D
The best things in life are free.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: avast 5 not scanning the registry, do you mind?
« Reply #2 on: March 14, 2010, 12:33:25 AM »
paranoia hey ::) so you would say that start up reg keys can do nothing; and what if they maliciously run legit system processes, but just a bit differently, ie not exactly the way the system itself would have done it? Avast is the only AV/antispy (that I know of...) that doesn't scan the registry, even Windows Defender does  ;D
w7 - ais7

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: avast 5 not scanning the registry, do you mind?
« Reply #3 on: March 14, 2010, 01:26:10 AM »
Hi Logos,

Consider the answers given here: http://forum.avast.com/index.php?topic=39124.0
Upon finding malcode flagged I would always use additional non-resident scanning - Threat Expert Memory Scanner, a run of the latest scans with DrWebCureIt or stinger.exe etc. I even have ClamWin as non-resident regularly updated.
For more advanced users like you I would always analyze what was found and search for a manual removal routine (if the write-up can be found online) and check if everything that is given there to be cleansed IS actually cleansed (might be in safemode or with system restore disabled temporarily).
One solution should be the resident av solution, but that is not a panacea, we have to have additional protection and cleansing as well to close the vulnerability window as best as we can, while prevention is always the best policy to go,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83768
  • No support PMs thanks
Re: avast 5 not scanning the registry, do you mind?
« Reply #4 on: March 14, 2010, 01:40:57 AM »
Well registry keys on their own are inert, but with the supporting file in place, the malware would become active. However, whatever would replace the file (re-infect the system) would presumably have recreated the registry key, I don't think that it goes checking if the key exists. In many cases files are randomly named so a new creation wouldn't match the old registry key.

I believe that avast upon detection of malware subsequently checks for associated registry keys, though it doesn't specifically do a registry scan as part of the integrated anti-spyware scan. This is one reason why I have a dedicated anti-spyware which specifically checks the registry. Fortunately for me the only thing either SAS or MBAM have found on my registry have been FPs.

Not that I really expect them to find anything as my browsing habits are not what you would consider adventurous and I have a number of pro-active measures in my browser choice plus security based add-ons.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: avast 5 not scanning the registry, do you mind?
« Reply #5 on: March 14, 2010, 11:09:44 AM »
thanks for the feedback guys. My point here is obviously not to expect the AV to become a registry cleaner, but just that it'd be able to remove keys generated by malware. Ok, if you all say that the way Avast deals with it is safe enough (ie take care of just the files), I'm ready to take the risk  :) ... but I'll still run an SAS scan off and on, you know, just in case ;)

ps: yeah, that's interesting (thread pointed by Polonus), registry activity watched by Avast, as yes the registry itself is also data (files/hives)...
« Last Edit: March 14, 2010, 11:19:04 AM by Logos »
w7 - ais7

Offline joey3155

  • Jr. Member
  • **
  • Posts: 29
Re: avast 5 not scanning the registry, do you mind?
« Reply #6 on: March 14, 2010, 02:38:27 PM »
paranoia hey ::) so you would say that start up reg keys can do nothing; and what if they maliciously run legit system processes, but just a bit differently, ie not exactly the way the system itself would have done it? Avast is the only AV/antispy (that I know of...) that doesn't scan the registry, even Windows Defender does  ;D

Windows Defender also has the tremendous advantage of being developed by the idiots who made the Operating System in my case Crapsta I mean Vista, I am so sorry I keep making that mistake, so it's a little safer to let Windows Defender do it. But honestly I've done tests under controlled settings to the best of my meager resources and Windows Defender is truly blind justice. It discovers a infection or suspicious registry key more so from luck then skill. I was amazed at how much it missed. I use it as a Tier 4 Anti-Virus which is the worse in my personal rating system. Avast is tier 1 on my scale. The best you can acquire. Avast has saved me from more possible and later confirmed threats then I can count, God bless you Avast! You are a true soldier in this long war!

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: avast 5 not scanning the registry, do you mind?
« Reply #7 on: March 14, 2010, 03:12:09 PM »
Windows Defender also has the tremendous advantage of being developed by the idiots who made the Operating System in my case Crapsta I mean Vista, I am so sorry I keep making that mistake,

which most likely also explains the quality of your post here, you probably meant good but "crapsta" as you call it made it sound like...humm..."crapsta" ::)
w7 - ais7