Should I be checking the files skipped during a virus scan?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
'The process cannot access the file because it is being used by
another process' is what the avast! anti-virus program says for
various files.

A list of files is given.

Should I be checking to see whether these same files are not being
scanned or accessed the next time I scan?  Or is that being too
paranoid? I bet it might well be the same files every time (for
example SQL server files that get loaded on boot, and I bet SQL Server
will not like other programs messing with it while it is running).

Since all these AV programs do not have a 100% detection rate, perhaps
we should not bother with such trifles (I was surprised in a recent
graph of various AV programs to find the otherwise fine Kaspersky AV
program, which has detected malware where others have failed, did not
have a 100% success rate detecting rootkits, though it scored in the
top 10% overall for AV programs)

RL

Re: Should I be checking the files skipped during a virus scan?

RayLopez99 wrote:
Quoted text here. Click to load it

A "boot time scan" option may be available.

http://forum.avast.com/index.php?topic=38158.0

    Paul

Re: Should I be checking the files skipped during a virus scan?


Quoted text here. Click to load it

Yes but unless you want to scan the entire C drive on boot (which
apparently can take hours though mine takes about 30 minutes), and
during such time you will not be able to log onto your PC, that's not
an option except on occasion--and now that you mention it, I might do
it at least once on a weekend night.

Thanks for that.  In the meantime I'll just monitor which files are
being not accessed so I can see if it's the same ones.

RL

Re: Should I be checking the files skipped during a virus scan?

RayLopez99 wrote:
Quoted text here. Click to load it
It depends on the files in question.

Hibernation file, swap file, and some others probably don't need to be
scanned anyway.

Re: Should I be checking the files skipped during a virus scan?


Quoted text here. Click to load it

If a given file's File Handle is held open by the OS then they can't be opened
for a scan
or for any other type of examination.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Should I be checking the files skipped during a virus scan?

David H. Lipman wrote:
Quoted text here. Click to load it
If he boots from a Live CD, no file's on the suspect drive should have
handles to be "held open". I don't think that they need to be scanned,
although I suppose the hiberfil.sys file *could* be used to re-establish
a tainted environment.

The SQL files he has guessed at would be another story, but the
alternative boot would leave them unhandled as well.

Re: Should I be checking the files skipped during a virus scan?


Quoted text here. Click to load it

Yes.  Booting outside the affected OS or scanning using a surrugate PC negates
the problem
of open File Handles.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Should I be checking the files skipped during a virus scan?

Quoted text here. Click to load it

This is not a Live CD boot, which I agree solves the problem of open
files.

RL

Re: Should I be checking the files skipped during a virus scan?

RayLopez99 wrote:
Quoted text here. Click to load it

I understood that. Maybe you could prune your autostarts to free up
those SQL files too. I still think pagefile.sys and hiberfil.sys are two
other files not being scanned and that's okay. There are other files,
locations, and types of files that don't need to be scanned so if these
are an issue (in use by another program) they can also be ignored.

It depends on the files in question.

Re: Should I be checking the files skipped during a virus scan?


Quoted text here. Click to load it

OK thanks.  I decided to buy a paid for AV program, as they have
slightly better protection and more features than the free versions.
Plus the price is right: for three machines about $20-$60 a year,
that's no sweat.  My philosophy is that if a minor malware gets
detected and deleted, I will not do a ghost restore, but if a major
one does, I might do a ghost restore of the entire HD (since I ghost
HD images once a week, and data every day)

If you have any AV favorites please let me know. I'm just researching
the issue and will probably pick one of the top five (the same names
keep coming up, Norton usually being at the top).  Here is one such
site: http://anti-virus-software-review.toptenreviews.com/index.html
(appears to be a paid-for ad site by the #1 program listed there,
which is BitDefender AV, which PC Mag disagrees with, but it's useful
to show the features paid-for AV programs have), and here is another
independent site: http://www.av-comparatives.org

RL

Re: Should I be checking the files skipped during a virus scan?

RayLopez99 wrote:
Quoted text here. Click to load it

That sounds like a good plan to me. Basically a "recovery" scheme to
remove a malware infestation, and a restore scheme to roll back to a
previously uninfested state (which also works for hardware failure). The
key being to keep the rollback points as current as possible so that you
don't have to reinstall patches and recently installed programs or data
files.

The "recovery" scheme also usually has the added feature of "prevention"
which used to be the main idea behind scanners in general and "real
time" scanning in particular. An advantage to paid for AV is that you
can get support from them, IMO that is the real value for the money.

Quoted text here. Click to load it

I think I mentioned that one elsewhere. It's hard to find a completely
unbiased testing facility these days. These guys used to be good, but I
don't know if they even do this anymore.

old link:

http://agn-www.informatik.uni-hamburg.de/vtc/ART2000B/art2000b.htm

If I needed paid for protection at this time, I would probably get the
full Avira program



Site Timeline