Mud-club

Chat & Social => The Bar - General Chat => Topic started by: Edge on June 25, 2006, 10:01:59

Title: FAO. computer genius'
Post by: Edge on June 25, 2006, 10:01:59

Why does my virus/malware scanner miss/skip files :?:

These are what it misses:-

Cannot open file C:\hiberfil.sys
Cannot open file C:\pagefile.sys
Cannot open file C:\WINDOWS\system32\config\default
Cannot open file C:\WINDOWS\SoftwareDistribution\EventCache\{21C43F47-E5C3-4E3D-80DC-D3B8A4D85744}.bin
Cannot open file C:\Documents and Settings\d90\Application Data\ispnews\ispn.ini

What if anything can i do about it :?:

Title: Re: FAO. computer genius'
Post by: andycwb on June 25, 2006, 10:15:35

Quote from: "TRUG"

Why does my virus/malware scanner miss/skip files :?:

These are what it misses:-

Cannot open file C:\hiberfil.sys
Cannot open file C:\pagefile.sys
Cannot open file C:\WINDOWS\system32\config\default
Cannot open file C:\WINDOWS\SoftwareDistribution\EventCache\{21C43F47-E5C3-4E3D-80DC-D3B8A4D85744}.bin
Cannot open file C:\Documents and Settings\d90\Application Data\ispnews\ispn.ini

What if anything can i do about it :?:

hiberfil.sys and pagefile.sys are copies of in memory data.  Both of these files are effectively scanned by the "in memory" virus detection.  They are also large files (hiberfil.sys will be the same size as the physical memory in the machine, and pagefile.sys is typically 1.5 to 4 times bigger).

The others are non-executable files that will be used to store data that is very unlikely to contain a virus, so the scanner won't check them.    It takes time to check every single file, and it's not worth checking the very low risk ones.  Even if one of theses files does get infected with a virus, it will be detected and shut down once it becomes active - before it can do any damage.  

As long as your AV software is kept up to date, I wouldn't worry.

Andy

P.S. Computer Security is my day job.

Title: FAO. computer genius'
Post by: Edge on June 25, 2006, 12:40:48

Thanks Andy :D .

Dont suppose you can recommend a security programme for us who are PC dumb :?:

At the moment i'm testing "F-Secure2006".

Title: FAO. computer genius'
Post by: andycwb on June 25, 2006, 12:58:39

To be honest, if you're not a PC guru, they're pretty much all the same.  Norton, Symantec, F-secure, McAfee are all as good as each other.  I've run into some problems with Panda's firewall product, but their anti-virus side is great.

For an extra level of security on a Windows PC, go to Control Panel, Administrative Tools, Services, and disable each of the following services - you don't need them unless you're running a Windows network, and they are a common attack route.  

To disable the service, right click each one, go to Properties, and then select Startup Type: Disabled, and hit OK.

The services to disable are Server, Workstation, Messenger and Computer Browser.   Despite their important sounding names, you only need them if you want to copy files from one computer to another.

Title: FAO. computer genius'
Post by: Edge on June 25, 2006, 14:03:42

Your a star Andy :D
If you have any other snippets of advice, chuck them my way :D .

Bet there will be a few others watching this who'll be grateful too :D

Title: FAO. computer genius'
Post by: discograham on June 25, 2006, 15:28:04

Quote from: "TRUG"

Your a star Andy :D
If you have any other snippets of advice, chuck them my way :D .

Bet there will be a few others watching this who'll be grateful too :D

 :lol: YEP...