scan additional drives?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Am I right to infer from other postings here that the default full scan will
scan all drives on the computer, not just the C drive? What about the quick
scan? Does it scan all drives? Thanks.
 
From the help:

A quick scan checks the places on your computer's hard disk that spyware is
most likely to infect. A full scan will check all files on your hard disk
and all currently running programs, but it might cause your computer to run
slowly until the scan is complete. We recommend that you schedule a daily
quick scan. At any time, if you suspect that spyware has infected your
computer, run a full scan.

---

As I understand it, the quick scan starts with the content of memory, and
the startup vectors, and works back--so if something is starting from a
drive other than the boot drive, I thiink that stuff "near" that might get
scanned, but not the whole drive.

I generally stick with the recommendation of doing quickscans only. In my
experience, full scans mainly turn up stuff either dead in temporary
internet files, or email attachments sitting in deleted messages or the
like--nothing active. So--I only do full scans when I am feeling paranoid ,
or are doing some other maintenance operation and have time on my hands.

I do full scans slightly more often on servers--to see what the users are
putting in their space.
 
So, can I scan that slave drive (either quick or full)?

I have a 60Gb slave drive installed that we use primarily for additional
file storage. It had about 2.5 Gb of data on it when my husband accidentally
reformatted it (or something to that effect). We took it to a computer repair
place to get the 2.5 Gb recovered, but instead, the guy recovered over 50 Gb
of deleted data that we didn't want (the drive had been an OS drive in
another life).

I'm trying to find out if there's some kind of spyware on that drive that's
causing our IP address (The one apparently assigned to the cable modem,
because all 3 networked computers show up with the same IP?) to be
blacklisted, resulting in some servers rejecting our email. The other two
computers seem to be clean and we were not listed while the affected computer
was offline for about a week. As soon as we reconnected it (after
reformatting the c drive and reinstalling the slave) it was listed again.


I'm possibly off-topic now, but can you point me in the right direction?
 
I would do a full scan. A Quickscan has no options--it scans what it scans,
and you can't point it at a particular drive.

I would also do a full scan with an antivirus application, and run a rootkit
detection scan as well. My favorite has been F-secure's blacklight, but
they seem to have ended the perpetual beta for that

The blacklist thing is interesting--there should not have been anything bad
on that machin after reformatting--but if it didn't get fully patched,
something could have gotten in. Is there a router involved? Do you run the
Windows firewall on all the machines?

--
 
Thanks for your interest.

I will run a full WD scan and also Norton Antivirus. Not sure what a rootkit
detection scan is.

I'm pretty sure we downloaded all the Windows Updates after reinstalling XP;
We use a D-link router to network two desktops (hardwired) and one laptop
(wireless). We use Norton Firewall on all 3 machines, instead of Windows
Firewall. In addition, the router uses a WEP key for security.

I've read some info at the block list websites (cbl.abuseat.org;
spamhaus.org) but don't fully understand how to get delisted.
 
Update:
I ran a full scan on both drives with Windows Defender; nothing was
reported. Norton Antivirus also reported nothing. I looked into rootkit
detection and downloaded RootkitRevealer v 1.71. I ran it, but am way out of
my league as to what to do with the results. . .
 
Bill is correct about blacklight not being available for "perpetual" Beta
test anymore, as it's incorporated into F-Secure's security suite, however
you can run their online on-demand scan from here and that does support
rootkit detection as a selection item:

http://support.f-secure.com/enu/home/ols.shtml

Scanning engines:
a.. F-Secure Libra: 2.4.2, 2007-10-17
b.. F-Secure AVP: 7.0.171, 2007-10-17
c.. F-Secure Orion: 1.2.37, 2007-10-17
d.. F-Secure Blacklight: 1.0.64
e.. F-Secure Draco: 1.0.35, 2007-09-17
f.. F-Secure Pegasus: 1.19.0, 2007-09-10
 
RootkitRevealer is an excellent product, but the results definitely take
interpretation.

If you want to cut and paste them here, or email them to bill_sanderson @
msn.com (remove the spaces) - I'd be glad to look at them--but can't claim
great experience at doing so.

More than how to get delisted--I'd like to see what the blacklists say about
why you were listed--if you can extract that information and post it without
the IP.

Do you know how often your IP changes? Even cable modems may have dynamic
IP, I believe--and one possible explanation is your inheriting an IP which
had been used by an infected or malicious system previously.
 
Thanks - I need something like this only on occasion, and it needs to be
used on many different machines, not installed or licensed for just one--so
this looks well worth trying. Main trouble is I don't meet these critters
very often--I've seen a total of two so far--so it would take me awhile to
know if it isn't doing the job. I think I've heard good things about this
one, though.
 
UPDATE: Thanks to all for your input on this issue. I spent some time in an
online chat with tech support from my ISP, who had me correct some security
issues (among other things, to only allow specific MAC addresses to connect)
 
Back
Top