Should I be checking the files skipped during a virus scan?

  • Thread starter Thread starter RayLopez99
  • Start date Start date
R

RayLopez99

'The process cannot access the file because it is being used by
another process' is what the avast! anti-virus program says for
various files.

A list of files is given.

Should I be checking to see whether these same files are not being
scanned or accessed the next time I scan? Or is that being too
paranoid? I bet it might well be the same files every time (for
example SQL server files that get loaded on boot, and I bet SQL Server
will not like other programs messing with it while it is running).

Since all these AV programs do not have a 100% detection rate, perhaps
we should not bother with such trifles (I was surprised in a recent
graph of various AV programs to find the otherwise fine Kaspersky AV
program, which has detected malware where others have failed, did not
have a 100% success rate detecting rootkits, though it scored in the
top 10% overall for AV programs)

RL
 
RayLopez99 said:
'The process cannot access the file because it is being used by
another process' is what the avast! anti-virus program says for
various files.

A list of files is given.

Should I be checking to see whether these same files are not being
scanned or accessed the next time I scan? Or is that being too
paranoid? I bet it might well be the same files every time (for
example SQL server files that get loaded on boot, and I bet SQL Server
will not like other programs messing with it while it is running).

Since all these AV programs do not have a 100% detection rate, perhaps
we should not bother with such trifles (I was surprised in a recent
graph of various AV programs to find the otherwise fine Kaspersky AV
program, which has detected malware where others have failed, did not
have a 100% success rate detecting rootkits, though it scored in the
top 10% overall for AV programs)

RL
Click to expand...

A "boot time scan" option may be available.

http://forum.avast.com/index.php?topic=38158.0

Paul
 
A "boot time scan" option may be available.

http://forum.avast.com/index.php?topic=38158.0

    Paul
Click to expand...

Yes but unless you want to scan the entire C drive on boot (which
apparently can take hours though mine takes about 30 minutes), and
during such time you will not be able to log onto your PC, that's not
an option except on occasion--and now that you mention it, I might do
it at least once on a weekend night.

Thanks for that. In the meantime I'll just monitor which files are
being not accessed so I can see if it's the same ones.

RL
 
RayLopez99 said:
'The process cannot access the file because it is being used by
another process' is what the avast! anti-virus program says for
various files.

A list of files is given.

Should I be checking to see whether these same files are not being
scanned or accessed the next time I scan? Or is that being too
paranoid? I bet it might well be the same files every time (for
example SQL server files that get loaded on boot, and I bet SQL Server
will not like other programs messing with it while it is running).

Since all these AV programs do not have a 100% detection rate, perhaps
we should not bother with such trifles (I was surprised in a recent
graph of various AV programs to find the otherwise fine Kaspersky AV
program, which has detected malware where others have failed, did not
have a 100% success rate detecting rootkits, though it scored in the
top 10% overall for AV programs)

RL
Click to expand...
It depends on the files in question.

Hibernation file, swap file, and some others probably don't need to be
scanned anyway.
 
From: "FromTheRafters said:
It depends on the files in question.

Hibernation file, swap file, and some others probably don't need to be scanned anyway.
Click to expand...

If a given file's File Handle is held open by the OS then they can't be opened for a scan
or for any other type of examination.
 
David said:
If a given file's File Handle is held open by the OS then they can't be opened for a scan
or for any other type of examination.
Click to expand...
If he boots from a Live CD, no file's on the suspect drive should have
handles to be "held open". I don't think that they need to be scanned,
although I suppose the hiberfil.sys file *could* be used to re-establish
a tainted environment.

The SQL files he has guessed at would be another story, but the
alternative boot would leave them unhandled as well.
 
From: "FromTheRafters said:
If he boots from a Live CD, no file's on the suspect drive should have handles to be
"held open". I don't think that they need to be scanned, although I suppose the
hiberfil.sys file *could* be used to re-establish a tainted environment.

The SQL files he has guessed at would be another story, but the alternative boot would
leave them unhandled as well.
Click to expand...

Yes. Booting outside the affected OS or scanning using a surrugate PC negates the problem
of open File Handles.
 
If he boots from a Live CD, no file's on the suspect drive should have
handles to be "held open". I don't think that they need to be scanned,
although I suppose the hiberfil.sys file *could* be used to re-establish
a tainted environment.

The SQL files he has guessed at would be another story, but the
alternative boot would leave them unhandled as well.
Click to expand...

This is not a Live CD boot, which I agree solves the problem of open
files.

RL
 
RayLopez99 said:
This is not a Live CD boot, which I agree solves the problem of open
files.
Click to expand...

I understood that. Maybe you could prune your autostarts to free up
those SQL files too. I still think pagefile.sys and hiberfil.sys are two
other files not being scanned and that's okay. There are other files,
locations, and types of files that don't need to be scanned so if these
are an issue (in use by another program) they can also be ignored.

It depends on the files in question.
 
I understood that. Maybe you could prune your autostarts to free up
those SQL files too. I still think pagefile.sys and hiberfil.sys are two
other files not being scanned and that's okay. There are other files,
locations, and types of files that don't need to be scanned so if these
are an issue (in use by another program) they can also be ignored.

It depends on the files in question.
Click to expand...

OK thanks. I decided to buy a paid for AV program, as they have
slightly better protection and more features than the free versions.
Plus the price is right: for three machines about $20-$60 a year,
that's no sweat. My philosophy is that if a minor malware gets
detected and deleted, I will not do a ghost restore, but if a major
one does, I might do a ghost restore of the entire HD (since I ghost
HD images once a week, and data every day)

If you have any AV favorites please let me know. I'm just researching
the issue and will probably pick one of the top five (the same names
keep coming up, Norton usually being at the top). Here is one such
site: http://anti-virus-software-review.toptenreviews.com/index.html
(appears to be a paid-for ad site by the #1 program listed there,
which is BitDefender AV, which PC Mag disagrees with, but it's useful
to show the features paid-for AV programs have), and here is another
independent site: http://www.av-comparatives.org

RL
 
RayLopez99 said:
OK thanks. I decided to buy a paid for AV program, as they have
slightly better protection and more features than the free versions.
Plus the price is right: for three machines about $20-$60 a year,
that's no sweat. My philosophy is that if a minor malware gets
detected and deleted, I will not do a ghost restore, but if a major
one does, I might do a ghost restore of the entire HD (since I ghost
HD images once a week, and data every day)
Click to expand...

That sounds like a good plan to me. Basically a "recovery" scheme to
remove a malware infestation, and a restore scheme to roll back to a
previously uninfested state (which also works for hardware failure). The
key being to keep the rollback points as current as possible so that you
don't have to reinstall patches and recently installed programs or data
files.

The "recovery" scheme also usually has the added feature of "prevention"
which used to be the main idea behind scanners in general and "real
time" scanning in particular. An advantage to paid for AV is that you
can get support from them, IMO that is the real value for the money.
If you have any AV favorites please let me know. I'm just researching
the issue and will probably pick one of the top five (the same names
keep coming up, Norton usually being at the top). Here is one such
site: http://anti-virus-software-review.toptenreviews.com/index.html
(appears to be a paid-for ad site by the #1 program listed there,
which is BitDefender AV, which PC Mag disagrees with, but it's useful
to show the features paid-for AV programs have), and here is another
independent site: http://www.av-comparatives.org
Click to expand...

I think I mentioned that one elsewhere. It's hard to find a completely
unbiased testing facility these days. These guys used to be good, but I
don't know if they even do this anymore.

old link:

http://agn-www.informatik.uni-hamburg.de/vtc/ART2000B/art2000b.htm

If I needed paid for protection at this time, I would probably get the
full Avira program
 
Back
Top