Author Topic: Recommended procedure and user rights necessary for full system scan and clean?  (Read 2411 times)

0 Members and 1 Guest are viewing this topic.

Offline ZoAm

  • Newbie
  • *
  • Posts: 5
Is there some advantage in running full system scan and clean operation under Administrative user? Immediately after the infection warning, it may be less risky to check and clean the system under currently logged on, nonprivileged user (and possibly before reset and OS boot necessary for boot-time scan install some newly downloaded virus component which would not be recognized)? What is the recommended cleaning procedure? Immediate full scan under the current user, before he has logged off, whatever user rights he may have? Or scan immediately, but logged as administrator? Or reset and login as administrator, and then perform scan? Or login as administrator, schedule boot time scan, reset? Or possibly instant power switch off, and then boot from some bootable CD with Avast, if such CD is available? What is the procedure that you recommend to us, and under what user rights scan and clean should be done?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85628
  • No support PMs thanks
Not really as the avastSvc.exe is running at System level, just check Task Manager.

Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.

I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.

Since avast is a resident on-access scanner then most of its shields (web, network, mail, p2p and IM shields) are trying to prevent infection getting in. The file system shield is there to scan files before being allowed to be opened/modified/run/modified, etc. So you have protection in depth.

So the actual notification/alert isn't the end of the world and an indication of a wider infection. After an alert you could run a full scan or a boot-time scan, but that would be personal choice. Of course you can also seek help on the viruses and worms forum.

Another option would be to run another scan with something like an anti-malware scanner.

If you haven't already got this software (freeware), download, install, update and run it.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Not really as the avastSvc.exe is running at System level, just check Task Manager.

Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.

I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.

Since avast is a resident on-access scanner then most of its shields (web, network, mail, p2p and IM shields) are trying to prevent infection getting in. The file system shield is there to scan files before being allowed to be opened/modified/run/modified, etc. So you have protection in depth.

So the actual notification/alert isn't the end of the world and an indication of a wider infection. After an alert you could run a full scan or a boot-time scan, but that would be personal choice. Of course you can also seek help on the viruses and worms forum.

Another option would be to run another scan with something like an anti-malware scanner.

If you haven't already got this software (freeware), download, install, update and run it.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Tracking cookies can be have been used by governments as spy cookies.  They are used by governments to track visitors to government websites and build a profile of visitors.  This is especially true if a user logs into a government website.  Once the government has your login id they can track you across the web if you use that same login for other websites and set about compiling a dossier of you to be used by the government as they see fit.   
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Tracking cookies are placed on your computer and unless removed can be used by the any government agency to incriminate you if they confiscate your computer with the tracking cookie and tracking cookie log still on your computer.

Since websites do not ask you before placing tracking cookies on your computer they are total invasion of your privacy.  As such they can be a major security risk.
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline ZoAm

  • Newbie
  • *
  • Posts: 5
Not really as the avastSvc.exe is running at System level, just check Task Manager.

Should avast encounter a problem that it can't resolve in normal mode, then it may recommend or you can schedule a boot-time scan.

I don't believe there is a recommended cleaning procedure as that would entirely depend on the nature of the virus/malware.

I was aware that real time shields must use Avast service module that run under Local System account. But I was not sure if scans originated from GUI, which run under user account, are doing the same. Thanks.

As for the second matter, I was referring to the situation when the virus is detected after the infection, or possibly when only some later manifestation of the virus was detected (or just one of several newly downloaded is recognized). Recommended procedure would be something that people who know a lot about usual virus operation think is least risky procedure. For example, if keyboard activity is monitored, logging on as domain administrator reveals domain admin password. Than all computers in the network can be infected, even if we clean original computer during the next 10 minutes, it may be to late for the rest of the network. Or, some files can be changed and infected only during OS boot procedure because they are usually locked. So, reset and OS boot can corrupt some system files that cannot be changed during the runtime even if the virus is active. If the cleanup procedure is done without reset, it may be easier to detect all instances and eliminate some virus. On the other hand, after the reset, virus may not be in the memory any more, if the system and another user is not compromised. I was referring to the considerations like that. However, as you said, it is obvious that all of that depend on the virus. Problem is that we may not know what it does, or do not have time to study it's behavior, so we must adopt some default recommendations about best procedures to deal with unknown new infection.