Jump to content
Sign in to follow this  
merlino

Removal of viruses

Recommended Posts

Hi,

 

I have a question as to how KAV for Windows Workstations treats viruses.

When a virus is found, KAV normally recommends a DELETE action which is fine by me.

 

However my question is:

 

Does kaspersky also remove the registry entries created by and associated to that virus? Registry entries could be in HKEY..\RUN

 

In otherwords,given that the effects of the virus could be so varied, I am not sure if Kaspersky whilst deleting the offending virus also removes its stream of malicous registry entries.

 

So, provided that on next boot up i don't get any 'File not found' errors, the deletion of the virus is fine.

 

Have i missed anything??

 

Merlino

Share this post


Link to post

first we have to understand that there are different kind of objects that can be part of an malware. i will try to show you how complex it can be, so that you will understand why most av software does not remove this things.

 

1. as you said an malware can set an reg key/value in one or several locations in registry so that the malware runs on the system startup.

 

2. however an malware can also change some of the standard system or applications reg keys/values.

 

3. even more, it can create new reg keys/values to change the behavior of the system or applications.

 

4. but there is more, not just registry... malware can also change the system files (like the system.ini and others) or even use more or less complex techniquies to hide this changes (one of the verry simple but quite afective is to simple use random names). but there are not just changes to registry or system files, alot of malware also creates data files, temp files, backup files,...

 

so as you can see it can be verry complex to 100% remove an malware from the system and a detailed analize of the malware and advance malware signatures are needed to be able to do it. but most of the time removing just the exe file is enought to totaly disable the malware on the system.

 

and now to answer you question :)

 

kav version 5 in most cases removes just the main (exe) file of an malware and it is not able to do more advance clean up of the system (we can say that it is not able to remove the garbage from an malware).

 

kav and kis version 2006 have/will have much more advance technology to clean up also this kind of objects that are normaly left behind. however since this kind of objects can be sometimes very complex to remove it will maybe not be able to remove all of it all the time. (so we can say that kav 2006 will be able to remove most of the garbage from an malware).

 

we also have to say that this "garbage" is most of the time not dangerous (if it is dangerous then kav will try to remove it) and does not make no problems to normal system operations even if it is not removed from the system.

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.