Which drives and partitions to scan? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Which drives and partitions to scan?



Hey we completely agree! I like the shotgun analogy ;-) I guess I need to
explain
myself better. Sorry.

Quoted text here. Click to load it

Re: Which drives and partitions to scan?



Having a good recent image to load makes the 'flatten and rebuild'
scenario the 'easy way' as well as the 'best way'. Many places will just
remove the affected harddrive and replace it with a harddrive loaded
with a new image - saving the old drive (and any remote logs) for any
forensic investigation.

Quoted text here. Click to load it



Re: Which drives and partitions to scan?



Ray K wrote:
Quoted text here. Click to load it

A virus can launch if the file in which it resides is accessed by a
program or the system. So the answer to your last question is, "yes,
depending."

IMO, system partition should be scanned daily, as should any partitions
that programs (or you) access frequently (eg for writing new data).
Backup partitions can be left alone _if_ you backup only after a scan
and any necessary cleaning.

And a healthy dose of paranoia won't hurt you. ;-)

wolf k.

Re: Which drives and partitions to scan?




| My computer consists of two physical drives. The master is partitioned
| as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
| all the partitions, rather than just C? In other words, even if there
| are viruses etc. in one of the non-C partitions, can they launch and
| cause problems?

The MOST important areas to be scanned...

OS (ie;  c:\winnt and c:\windows)
Program installations (C:\Program files\.*)
User Profiles (c:\users\* and c:\documents and settings\*)
TEMP locations
Root of all drives (not CD or DVDs)
Cache locations

The important factor is the areas can be variable.

NOTE:  The OS can be on a drive other than "C:" and TEMP and CACHE locations can
be placed
on other drives as well for speed optimization.  Also wne can redirect their "My
Documents" folder to an alternate locatation as well.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Which drives and partitions to scan?



wrote:

Quoted text here. Click to load it

Of course. If mal ware on partition Z (as an example) is launched and is
coded to direct it's payload to C: then you're affected.

Why leave -any- portion of your system un scanned? What is the benefit
to less scanning? IMHO no part of one's C: (or assigned system drive)
should have limited scanning or any exclusions at all.

System-wide scans can be scheduled while you sleep or are away from the
PC. All it will take is one successful infection while you employ
'limited scanning' to change your security tactics and regimen forever.

I used to do as you have asked about and then many years ago I got hit
with the Spanska4250 virus. After a few heart-pounding hours I cleared
it but -now- no partition or folder goes un scanned and no file type
goes un scanned either. As I asked earlier - what is there to GAIN by
short-cutting security measures? Nada!!!

Re: Which drives and partitions to scan?



On Sun, 21 Feb 2010 11:46:52 -0600, Bad Boy Charlie

Quoted text here. Click to load it

I don't disagree, but to me the amazing part is that you remember the
exact name of the virus this many years later.


Re: Which drives and partitions to scan?




| On Sun, 21 Feb 2010 11:46:52 -0600, Bad Boy Charlie

Quoted text here. Click to load it

| I don't disagree, but to me the amazing part is that you remember the
| exact name of the virus this many years later.


Shit, I still remember the Jerusalem.B virus that I had to remove on a Novell
Netware
v2.11 network ~20 years ago.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Which drives and partitions to scan?



On Sun, 21 Feb 2010 13:46:12 -0500, "David H. Lipman"

Quoted text here. Click to load it

You must have been traumatized. :-)
They say bad memories stick around longer and in more detail than good
ones.


Re: Which drives and partitions to scan?




| On Sun, 21 Feb 2010 13:46:12 -0500, "David H. Lipman"


Quoted text here. Click to load it





| You must have been traumatized. :-)
| They say bad memories stick around longer and in more detail than good
| ones.


Well I was upgrading the "client's" LAN to Netware and selling them AST Bravo
computers.
The Jerusalem.B was a PITA and it got me started in studying malware.

BTW:  I used McAfee to erradicate the Jerusalem.B from the LAN.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Which drives and partitions to scan?




Quoted text here. Click to load it

If the virus did it's job (which is to leave an impression) then I see no
reason why someone would forget the name of the one that got him or her.



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Which drives and partitions to scan?



Quoted text here. Click to load it

Yes.


Viruses can hide in "programs" and be executed when the host "program"
executes. If those partitions have "programs" then they should be
subject to scanning for viruses.

As for the etcetera, viruses and other types of malware can have
components hiding in data, but something has to be executing in order to
make use of that data (they can't launch themselves and cause problems,
but can be accessed by vulnerable or malicious software and cause
problems).



Re: Which drives and partitions to scan?



Quoted text here. Click to load it

Of course! You need to scan all partitions.


Re: Which drives and partitions to scan?



$607ed4bc@cv.net:

Quoted text here. Click to load it

If your not running a resident AV monitor, then scanning all drives on a
weekly basis isn't a bad idea. Time consuming, yes, but not a bad idea. In
other words, just because something nasty isn't stored on drive C: doesn't
mean it won't wind up there if it's accidently executed on the other drive.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Site Timeline