Why would it be a good idea to run a tool to remove a virus? You know that your system was compromised, but you don't know whether the antivirus tool will work.
Asked
Active
Viewed 147 times
0
-
1"Is crossing tracks ahead of an incoming train a risk compared to using a flyover? Why it would be a good idea to cross?" I wonder what do you feel when you phrase such a question and what do you want others to feel... – techraf Jun 15 '16 at 02:40
1 Answers
6
Right, when you're dealing with devious malware, it's very hard to determine whether you've completely removed it.
Rootkits are pieces of malware that change core OS components (either on disk or in memory) to make normal OS functions return false data to hide the malware and/or its effects. Malware can conceivably modify the boot process to essentially put the entire normal OS in a virtual machine, where it can't see or remove the virus. One example of such a trick is the Blue Pill proof-of-concept.
Modern operating systems are so complex that there are huge amounts of places for bad things to hide. (Look at all the different tabs of the Autoruns utility, and I can think of one or two other ways to launch unwanted programs along with normal things, e.g. COM registrations.)
Basically, if it's at all important that the machine is clean, you should completely reinstall the OS to blow away anywhere the malware can hide. And even then, there are other ingenious persistence methods!
Ben N
- 2,491
- 1
- 12
- 22