F Best free antivirus software and antivirus software reviews

Best free antivirus software and antivirus software reviews

Best free antivirus software - what's it, where to find it and how to download or buy it. I'll try to find for you a lot of different antispyware and antivirus software products


Open VPN

Wednesday, September 10, 2008

Disabling System Restore to remove viruses.

Windows ME and Windows XP both come with a feature known as System Restore that enables users to revert to specific restore points without impacting data files. When new drivers or software are installed, the operating system automatically creates a restore point. If the installation causes problems, the system restore point can be used to rollback the changes. If no driver or software installations occur, System Restore will automatically create a restore point daily.
Unfortunately, System Restore backs up the bad with the good, thus a problem occurs when malware is present on the system and gets included in this restore point. When users later scan their system with antivirus software, they may receive a message that a virus was found in either the _RESTORE (Windows ME) folder or the System Volume Information folder (Windows XP) but the antivirus software is unable to remove it.
Removing malware from System Restore points To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.
Default Start Menu If using the default Start Menu, click Start Control Panel Performance and Maintenance System. Select the System Restore tab and check "Turn off System Restore".
Classic Start Menu If using the Classic Start Menu, click Start Settings Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".
After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".
Microsoft provides more information on System Restore in their System Restore FAQs

Is it a virus?

We've all been there - you get an alert from your virus scanner warning that a particular file is infected. Sometimes the alert reappears even after you've told the antivirus scanner to remove the infection. Or maybe you just have reason to believe the virus alert may be a false positive. Here are six things you'll want to consider to determine how to handle a suspicious or questionable virus alert.
1. Location, Location, Location.
As with real estate, the location of what's being detected can have critical bearing. If you're getting repeated alerts of the same infection, it may be due to non-active malware that's trapped in the system restore folders or a remanant in some other location that is triggering the alert.
How to Remove Viruses from System Restore
Delete Temporary Internet Files and Cookies
Clear the Internet History Folder
2. Origination: From Whence it Comes.
Just as with location, the origin of the file can mean everything. High risk origins include: attachments in email, files downloaded from BitTorrent or other filesharing network, and unexpected downloads resulting from a link in email or instant messaging. Exceptions would be files that pass the Purpose test described below.
3. Purpose: Did you Want It, Need It, Expect It?
The Purpose test boils down to a matter of intent. Is this a file you expected and need? Any file that is downloaded unexpectedly should be considered high risk and likely malicious. If it wasn't downloaded unexpectedly, but you don't need the file, you can mitigate your risk by simply deleting it. Being selective about what you allow to run on your system is an easy way to cut your risk of virus infection (and avoid bogging down system performance with unnecessary apps). However, if the file was deliberately downloaded and you do need it yet it's still being flagged by your antivirus, then it's passed the Purpose test and it's time for a second opinion.
4. SOS: Second Opinion Scan.
If the file passes the Location, Origination and Purpose steps but the antivirus scanner still says it is infected, its time to upload it to an online scanner for a second opinion. You can submit the file to Virustotal to have it scanned by over 30 different malware scanners. If the report indicates that several of these scanners think the file is infected, take their word for it. If only one or very few of the scanners report an infection in the file, then two things are possible: it really is a false positive or it is malware that is so new it's not yet being picked up by the majority of antivirus scanners.
5. Searching by MD5.
A file can be named anything, but an MD5 checksum seldom lies. An MD5 is an algorithm that generates a presumably unique cryptographic hash for files. If you used Virustotal for your second opinion scan, at the bottom of that report you'll see a section titled "Additional Information". Just beneath that is the MD5 for the file that was submitted. You can also obtain the MD5 for any file by using a utility such as the free Chaos MD5 from Elgorithms. Whatever means by which you choose to obtain the MD5, copy and paste the MD5 for the file into your favorite search engine and see what results appear.
6. Get Expert Analysis.If you've followed all the steps above and still don't have sufficient information to help you determine whether the virus alert is genuine or a false positive, you can submit the file (depending on file size) to an online.