What will anti-virus removal utility does to repair infected files?

  • Thread starter Thread starter zheng
  • Start date Start date
Z

zheng

when an anti-virus engine detects file was infected by virus, what will
it does to repair the file?
Removal using anti-virus removal utility or following the manual
removal instructions, which one better?
 
zheng said:
when an anti-virus engine detects file was infected by virus, what will
it does to repair the file?
Click to expand...

Infected how? The disinfection process depends on the type of infection.
A virus might "infect" 'notepad.exe' by renaming and encrypting it and
placing a copy of itself as 'notepad.exe' with provision to decrypt and
execute the renamed file after the virus has executed itself. In a case
like this they could conceivably allow the virus to decrypt the renamed
file and recover it that way - but I don't know if they do this.
Removal using anti-virus removal utility or following the manual
removal instructions, which one better?
Click to expand...

For a really "infected" file many would suggest the best thing is to
replace it with an uninfected one from your known good backup. If you
are talking about files detected as part of a worm (not really an
"infected" file) usually it is best to delete them. Many of the manual
methods require the AV to detect for you the files you will need to
delete.

I'm all for the manual methods - and the harder to do the better. If it
gets too easy to recover from infection then people will not worry too
much about their (safe?) computing practices. If they have to clean up
their own mess, they may learn something in the process.
 
zheng said:
when an anti-virus engine detects file was infected by virus, what will
it does to repair the file?
Removal using anti-virus removal utility or following the manual
removal instructions, which one better?
Click to expand...

this is one of the areas where confusing malware types can be problematic...

if you're dealing with a worm or trojan then using a dedicated removal
tool is generally best, but manual removal instructions (assuming you've
correctly identified the malware in question) can also be very effective
(and it makes some people feel good about themselves to be able to do
that)...

if you're dealing with a file infected with a virus then the most
certain method of removal is to replace the affected objects with known
clean backups... often people don't have backups, also the shear number
of infected files might make this infeasible (it really depends on your
backups and how easy it is for you to replace things en masse... next
best is the dedicated removal tool - much more convenient, however not
all files are technically *cleanable* so backups are still something
you'll want to have around... after this is the general purpose
anti-virus product's own virus removal functionality (like the dedicated
removal tool but less has gone into making it perfect at removing the
particular virus in question)... manual removal (other than replacing
from backups) isn't really an option here unless you're a seasoned
anti-virus specialist...
 
Back
Top