malware cleansing

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Does anyone know if KAVDOSNT and/or Clamwin Portable clean malware or
just detect it?  What types of malware do they clean?

Re: malware cleansing

On 04 Jan 2007 17:04:13 GMT, "badgolferman"

Quoted text here. Click to load it

KAVDOSNT uses KAVDOS32, a "full blown" av product for DOS, or for the
command line of Windows. It's capable of cleaning/disinfecting all
kinds of malware.

Just say "no" to ClamWin :)

Art
http://home.epix.net/~artnpeg

Re: malware cleansing

wrote:

Quoted text here. Click to load it

The problem with KAVDOS32 is that when I choose the option to only scan
Winnt and Documents and Settings folders it only scans the c:\windows
and its subfolders.  I am concerned it really isn't scanning all it
promises to, even if I choose Entire Root drive.  Can you comment on
that?

Re: malware cleansing

On 04 Jan 2007 19:22:25 GMT, "badgolferman"

Quoted text here. Click to load it


I had looked into the ability of KAVDOS32 to scan all files on my Win
2K machines, and it did this ok. I just now checked on the particular
option of the KAVDOSNT.BAT program you mentioned, and it did
go ahead and scan the D & S folders after finishing with winnt. Are
you saying it stopped after doing winnt? Are you using Win XP?
If so, does Win XP have a D & S set of folders? I just assumed it
probably does.

I'm considering dropping my utils for KAVDOS32. For scanning
in Windows, it's much nicer to use AOL's AVS product with its
"scan critical areas" feature. Also, I've lost interest in "formal"
scanning in DOS or some other OS since I've never needed it.
It's so easy to simply Restore my OS from backup if I ever
need to.

Art
http://home.epix.net/~artnpeg

Re: malware cleansing

Art, 1/4/2007,4:18:24 PM, wrote:

Quoted text here. Click to load it

I am using WXP and it does have Documents and Settings.  The program
stopped after the C;\Windows folder.  I even looked at the log file to
make sure.

Quoted text here. Click to load it

I am using this utility as a portable AV checker for machines I
support.  That is why I asked about the cleaning capabilities.  I would
hope your program remains a viable option for me to keep on my flash
drive and use in emergencies.

Re: malware cleansing

badgolferman wrote:

Quoted text here. Click to load it

I keep several anti-virus/trojan/spyware programs on my USB drive along
with their updated sig files. Usually update the program/sig files once
a week.

max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u /
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.

Re: malware cleansing

Max Wachtel, 1/5/2007,9:17:48 PM, wrote:

Quoted text here. Click to load it

Which ones?

Re: malware cleansing



Quoted text here. Click to load it

Why do you discourage using ClamWin?



Re: malware cleansing


Quoted text here. Click to load it

Clamav was designed as a simple sig scanner for use on mail servers.
It lacks many of the capabilities expected in "real" av products such
as the detection of polymorphic viruses, macro viruses, heuristics,
erc. It was a mistake to port it to Windows. While the # of sigs are
now at about 86,000, "real" av products detect several times that #.

Art
http://home.epix.net/~artnpeg

Re: malware cleansing

wrote:

Quoted text here. Click to load it


Art, other than KAVDOSNT what do you recommend as an emergency AV
product to be used from a flash drive?

Re: malware cleansing

On 05 Jan 2007 13:31:50 GMT, "badgolferman"

Quoted text here. Click to load it

Dave Lipman's Mult-AV uses several different command line av products
(as well as KAVDOS32). They are all good products. He posts links to
it here frequently.

Microworld's MWAV product uses the Kaspersky scan engine, but it's
ridiculously expensive (close to $100 U.S. for a year).

That's all I can think of off hand that are both portable and have
disinfection/deletion capabilities. I think Bit Defender needs to be
installed, so that's out, I presume.

Art
http://home.epix.net/~artnpeg

Re: malware cleansing

On 05 Jan 2007 13:31:50 GMT, "badgolferman"

Quoted text here. Click to load it

I just took a look at DRWEB CUREIT:
http://download.drweb.com/drweb+cureit /

It's a nice, Windows GUI, relatively small, portable, on-demand
scanner (about 5.3 meg) which you can download daily to keep it
up to date. It automatically does a quick startup scan when
you start it. Otherwise, you have quite a full selection of scan
targets and settings.

It's confusing at first since it has a Update function which doesn't
seem to work. You can see that there is no download URL included,
and that a user name and password are required. My guess is that
registered DRWEB customers can probably enter the info and
update CUREIT with small incremental updates. Otherwise, it
appears that a Update function, of sorts, gets invoked after a
few days. But it's not a true update function ... it seems it
forces a download of new and updated copy of CUREIT.EXE.
At least that's the way it looks. I decompressed CUREIT.EXE
using Universal Archiver and examined the ini files, etc. Not
sure how that sort of a "update" would work though without
downloading the latest EXE to a different subdirectory.

One criticism is that there isn't a English Help available. But
the thing is so easy to use, I don't consider that to be a big deal.

It's not the "heavy hitter" in detection that KAV is, but it's
pretty good. I see no reason to not recommend it. It does
faily well with "fringe" malware such as dialers and adware,
and its on-demand capabilities with various compressed
archives and run time packers is decent enough.

Art
http://home.epix.net/~artnpeg

 

Re: malware cleansing


Quoted text here. Click to load it

Thanks for clarification, I'll be guided accordingly :)



Site Timeline