In general, for hard to remove viruses, scan in safe mode/first boot
I've seen only one AV that was intelligent enough to say "hey boss, I cant remove this virus, do you want to reboot and scan in first boot mode?"
IMHO this should be standard for all antivirus programs, even antispyware programs
I'm not sure if "first boot" is the correct term. It means the AV loads and runs its virus scanner to scan the entire drive as the first program that runs after the OS core loads, before any virus has a chance to load, even before the desktop loads. Anyway, AFAIK its very hard to go to first boot manually so safe mode is used.
If you boot in safe mode, only the OS core, desktop and little else is loaded. There is little chance of the virus loading when you boot in safe mode unless you manually run it.
In first boot mode and in safe mode, the virus is not in ram, only on disk. It is then vulnerable. If it was in ram, it could easily save another copy after the AV deletes the copy on disk.
No comments:
Post a Comment