How Anti-Virus Programs Scan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

electrodug

Thread Starter
Joined
Oct 27, 2007
Messages
9
I have Norton anti-virus 2003 installed on my computer. I read somewhere that a virus scan will not look at files that are being used by the computer at that time. Is this true and if it is true how can you be sure your computer is virus free if the results of the scan say no problems detected?
I have a friend who is running Windows XP and she has the NNCORE.DLL Trogan Virus. I looked at the list of known viruses on my Norton (it is up to date) and this virus is not even listed. How can a uitility be effective if a known virus is not in its data base.
Thanks
 
Joined
Apr 2, 2002
Messages
5,945
I don't know the answers to your questions, but do have the following 'observations';

1. NAV 2003 may still get definitions updates but its scanning 'engine' must now be well out of date.

2. All the AV companies have their own names for each piece of malware, so the fact that you couldn't find the one you mention in NAV's definitions doesn't necessarily mean it couldn't protect against it.

3. However, referring back to 1, the recent developments in malware that can reinvent itself at frequent intervals means that signature based programs are less effective, and things like 'heuristics' (recognising and blocking dangerous looking processes), are more important.

4. My antivirus, NOD32, can't scan within files locked by Windows but, I don't see that as a great risk to me.
 
Joined
Aug 26, 2007
Messages
694
TOGG

I am considering changing from Norton 360 to NOD32, so I was interested in your reply to
Electrodug. Could you please explain what you meant by:

"My antivirus, NOD32, can't scan within files locked by Windows but, I don't see that as a great risk to me. "

What do you mean by locked, and why is this not a risk for you?

Thanks in advance...
 
Joined
Apr 2, 2002
Messages
5,945
When I run scans I see a list of files it was not possible for NOD to access. Some are Windows files, presumably in use, and some are password protected files.

In my case the protected files seem to be security related, such as backups or quarantine files made by AdAware, which I don't even use any more but whose backups obviously survived the uninstall.

I assume that security software should try and protect itself from 'unauthorised' attempts to open files, so I don't worry about it. Maybe I should but, as far as I can tell, I am clean, which may have more to do wth the fact that I don't use IE or do file sharing or visit the 'social' sites, You Tube, MySpace, Facebook etc..

In addition to NOD, I use the Comodo firewall and run Comodo Anti Malware (formerly BO Clean). I also have Sandboxie which I can use if I think anything I am going to look into could be 'risky' but I don't use it much because I usually don't remember to!
 

rka0

Banned
Joined
Oct 12, 2007
Messages
1,281
Hi electrodug. I think the best thing you can do now is post a hjt log NNCORE.DLL seems to be one of those nasties.
 
Joined
Apr 2, 2002
Messages
5,945
No, it's the same thing, it's just that, when Comodo bought BO Clean, they appeared to place more emphasis on the 'Anti Malware' part of the title. They still use BO Clean in the product name, so I suppose I should have as well.

I imagine the Comodo people wanted to shift the emphasis away from the Back Orifice Trojan/downloader that BOC was named after, so as to emphasise that it is more than a simple anti trojan (assuming that all their claims can be justified).
 
Joined
Jul 29, 1999
Messages
1,150
Thanks for the response - I should have figured that out myself, I guess. Anyway I appreciate the explanation.
 

electrodug

Thread Starter
Joined
Oct 27, 2007
Messages
9
I don't have this virus, a good friend however does. I am using Windows 2000 Professional SP4. My friend is using Windows XP. It looks to me as if this virus attacks the NNCORE.DLL in Windows XP. I came to this conclusion by running a search on my system and there is no NNCORE.DLL file on my computer. This virus keeps my friend from getting online, so she cannot send a log from her computer. My son did a live update of her Norton Anti-Virus and ran a scan, but Norton did not find this virus (makes me question the value of anti-virus software). We have not tried the procedure outlined by Tech Support Guy.(y)
 

WhitPhil

Gone but never forgotten
Trusted Advisor
Joined
Oct 4, 2000
Messages
8,684
That DLL is part of the piece of Malware call NewDotNet.

Have your friend create an account here, download and run HijackThis and post the log in the Malware forum for assistance.
 

electrodug

Thread Starter
Joined
Oct 27, 2007
Messages
9
Thanks....Will I be able to put her log on a floppy and send it from my computer? I am not sure she has a CD burner, if this log will be larger than 1.44MB!
(y)
 

WhitPhil

Gone but never forgotten
Trusted Advisor
Joined
Oct 4, 2000
Messages
8,684
HJT logs are tiny. You can attach and email it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top