Which drives and partitions to scan?

[Ray K]

My computer consists of two physical drives. The master is partitioned
as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
all the partitions, rather than just C? In other words, even if there
are viruses etc. in one of the non-C partitions, can they launch and
cause problems?

 

[Smiles]

My computer consists of two physical drives. The master is partitioned
as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
all the partitions, rather than just C? In other words, even if there
are viruses etc. in one of the non-C partitions, can they launch and
cause problems?

I scan c daily and my files on g. The rest weekly exept my backups on i
which I do monthly

 

[David H. Lipman]

From: "Ray K" <[email protected]>

| My computer consists of two physical drives. The master is partitioned
| as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
| all the partitions, rather than just C? In other words, even if there
| are viruses etc. in one of the non-C partitions, can they launch and
| cause problems?

The MOST important areas to be scanned...

OS (ie; c:\winnt and c:\windows)
Program installations (C:\Program files\.*)
User Profiles (c:\users\* and c:\documents and settings\*)
TEMP locations
Root of all drives (not CD or DVDs)
Cache locations

The important factor is the areas can be variable.

NOTE: The OS can be on a drive other than "C:" and TEMP and CACHE locations can be placed
on other drives as well for speed optimization. Also wne can redirect their "My
Documents" folder to an alternate locatation as well.

 

[Char Jackson]

I used to do as you have asked about and then many years ago I got hit
with the Spanska4250 virus. After a few heart-pounding hours I cleared
it but -now- no partition or folder goes un scanned and no file type
goes un scanned either. As I asked earlier - what is there to GAIN by
short-cutting security measures? Nada!!!

I don't disagree, but to me the amazing part is that you remember the
exact name of the virus this many years later.

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>

| On Sun, 21 Feb 2010 11:46:52 -0600, Bad Boy Charlie

| I don't disagree, but to me the amazing part is that you remember the
| exact name of the virus this many years later.


Shit, I still remember the Jerusalem.B virus that I had to remove on a Novell Netware
v2.11 network ~20 years ago.

 

[Char Jackson]

From: "Char Jackson" <[email protected]>

| On Sun, 21 Feb 2010 11:46:52 -0600, Bad Boy Charlie


| I don't disagree, but to me the amazing part is that you remember the
| exact name of the virus this many years later.


Shit, I still remember the Jerusalem.B virus that I had to remove on a Novell Netware
v2.11 network ~20 years ago.

You must have been traumatized.
They say bad memories stick around longer and in more detail than good
ones.

 

[David H. Lipman]

From: "Char Jackson" <[email protected]>

| On Sun, 21 Feb 2010 13:46:12 -0500, "David H. Lipman"

| You must have been traumatized.
| They say bad memories stick around longer and in more detail than good
| ones.


Well I was upgrading the "client's" LAN to Netware and selling them AST Bravo computers.
The Jerusalem.B was a PITA and it got me started in studying malware.

BTW: I used McAfee to erradicate the Jerusalem.B from the LAN.

 

[Larry Sabo]

I scan c daily and my files on g. The rest weekly exept my backups on i
which I do monthly

I am of the opinion that scanning is a waste of time, other than to
reassure oneself that the system is clean, as far as the AV/AM program
knows at the moment. If malware is on the system but not running, it
does no harm. As soon as it runs or is accessed in any way, it will be
delt with the same as if it had been found during a scan. I'd be
interested to know if this logic is faulty or dangerous.

 

[FromTheRafters]

My computer consists of two physical drives. The master is partitioned
as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
all the partitions, rather than just C?
Yes.

In other words, even if there are viruses etc. in one
of the non-C partitions, can they launch and cause problems?

Viruses can hide in "programs" and be executed when the host "program"
executes. If those partitions have "programs" then they should be
subject to scanning for viruses.

As for the etcetera, viruses and other types of malware can have
components hiding in data, but something has to be executing in order to
make use of that data (they can't launch themselves and cause problems,
but can be accessed by vulnerable or malicious software and cause
problems).

 

[FromTheRafters]

I am of the opinion that scanning is a waste of time, other than to
reassure oneself that the system is clean, as far as the AV/AM program
knows at the moment. If malware is on the system but not running, it
does no harm. As soon as it runs or is accessed in any way, it will be
delt with the same as if it had been found during a scan. I'd be
interested to know if this logic is faulty or dangerous.

I felt the same way about scanning within archive files.

The problem there is that Java might be doing the "unzipping" in a VM
where the AV has no hooks.

Maybe something similar exists for your scheme? Malware detected in a
Java jar in a manual scan but not JIT <g> to save you in Java runtime.

 

[The Central Scrutinizer]

My computer consists of two physical drives. The master is partitioned as
C, E, F, H and I, and the slave as D and G. Is it necessary to scan all
the partitions, rather than just C? In other words, even if there are
viruses etc. in one of the non-C partitions, can they launch and cause
problems?

Of course! You need to scan all partitions.

 

[The Central Scrutinizer]

I am of the opinion that scanning is a waste of time, other than to
reassure oneself that the system is clean, as far as the AV/AM program
knows at the moment. If malware is on the system but not running, it
does no harm. As soon as it runs or is accessed in any way, it will be

Well true. But it is a time bomb. It is like a package of bad stuff on your
front porch. You do not want to leave it there indefinitely. You want to
put it in the garbage. Otherwise there is always the risk it will get in
your
house and open up. Then you are hosed.

delt with the same as if it had been found during a scan. I'd be
interested to know if this logic is faulty or dangerous.

If definitions exist to deal with the virus/malware you should be OK.

 

[Dustin Cook]

Well true. But it is a time bomb. It is like a package of bad stuff on
your front porch. You do not want to leave it there indefinitely. You
want to put it in the garbage. Otherwise there is always the risk it
will get in your
house and open up. Then you are hosed.


If definitions exist to deal with the virus/malware you should be OK.

Depends. The definitions may support the detection of the virus, but
offer no antidote. Most malware OTH are glorified trojans so deleting
them and reversing any unwanted changes they made in the registry will
usually remove them without unwanted sideffects. The same cannot be said
for an actual virus.

 

[Dustin Cook]

My computer consists of two physical drives. The master is partitioned
as C, E, F, H and I, and the slave as D and G. Is it necessary to scan
all the partitions, rather than just C? In other words, even if there
are viruses etc. in one of the non-C partitions, can they launch and
cause problems?

If your not running a resident AV monitor, then scanning all drives on a
weekly basis isn't a bad idea. Time consuming, yes, but not a bad idea. In
other words, just because something nasty isn't stored on drive C: doesn't
mean it won't wind up there if it's accidently executed on the other drive.

 

[Dustin Cook]

I don't disagree, but to me the amazing part is that you remember the
exact name of the virus this many years later.

If the virus did it's job (which is to leave an impression) then I see no
reason why someone would forget the name of the one that got him or her.

 

[The Central Scrutinizer]

In general, if the virus or malware compromises the system areas, it is a
wipe
and reinstall. I do not care what you experts say. You cannot be 100%
certain
you know everything the virus did via the compromise.

 

[FromTheRafters]

Some malware does known and reversible things, no need to wipe and
reinstall.

Other malware introduces unknowns, necessitating that drastic step.

 

[The Central Scrutinizer]

Would you happen to have a magic decoder ring that will tell us all
which one is which?

 

[FromTheRafters]

Yes!

Would you happen to have a magic decoder ring that will tell us all
which one is which?

 

[David H. Lipman]

From: "The Central Scrutinizer" <[email protected]>

| Would you happen to have a magic decoder ring that will tell us all
| which one is which?


Which of the 100's of thousands ?