Published on Security In A Box (https://security.ngoinabox.

org)
Home > How to Scan for and Deal with Viruses Using avast!

How to Scan for and Deal with Viruses Using avast!

List of sections on this page: 4.0 Before You Begin 4.1 A Short Guide to Dealing with Virus Outbreaks 4.2 An Overview of the avast! Main User Interface 4.3 How to Scan for Malware and Viruses 4.4 How to Perform a Full System scan 4.5 How to Perform a Folder Scan 4.6 How to Perform a Boot-time Scan 4.7 How to Deal with Viruses 4.8 How to Use the Virus Chest 4.9 Advanced Virus Removal Methods

4.0 Before You Begin

There are two basic parts to dealing with malware and other assorted viruses when using avast!. The first is scanning your computer to identify such threats. The second involves either deleting or moving such threats to the avast! Virus Chest. Deleting and/or moving malware and viruses to the Virus Chest effectively prevents them from interacting with different computer systems, for instance, the file system or email programs. It may seem unusual to store such malware or viruses. However, if they have attached themselves to important or sensitive information, you may want to recover or save that infected document, file or program as far as possible. In rare instances, avast! may misidentify legitimate code or programs as being malware or a virus. Generally referred to as 'false positives', that code or those programs might be important to your system, and you may want to recover them. The avast! Virus Chest is an electronic 'dead zone' or 'quarantine', where you can examine the virus and determine its potential threat by either researching it on the Internet, or submitting it to a virus laboratory - an option available in avast! when you rightclick a virus listed in the Virus Chest. Double clicking a virus in the Virus Chest will not activate or run the malware or virus because the Virus Chest keeps it isolated from the rest of your system. Tip: Alternatively, you can transfer important or sensitive information to the avast! Virus Chest to keep it safe during a virus attack. In this section, you will: Be introduced to the best practices for protecting your network and/or personal computer system; Be introduced to the main user interface, emphasizing the SCAN COMPUTER and MAINTENANCE tabs; Learn how to perform different scans; and Learn how to use the avast! Virus Chest.

4.1 A Short Guide to Dealing with Virus Outbreaks

There are a number of precautions you can take to limit hostile or malicious threats to your computer system; for instance, avoiding dubious or problematic web sites, or regularly using anti-virus or anti-spyware programs like avast! or Spybot. However, we also sometimes find ourselves having to share a local-area network (LAN) and/or Internet connection. The following points are offered for consideration when dealing with a virus attack in a community setting or while at work: Disconnect your computer from the Internet or the local network - physically. If you have a wireless connection, disconnect your computer from the wireless network itself. If possible, switch off and/or remove your wireless card. If your computer is on a network, you should immediately disconnect all computers on that network from the Internet, and then disconnect them from the local network. Every user should stop using the network and begin running avast! or similar trusted anti-virus software to detect and delete the virus. This may seem like an exhausting process, but it is imperative in maintaining individual system and network integrity. Schedule a boot-time scan for all computers on the network. Write down the names of any viruses that you find, so that you can research them - and then delete them, or move them to the avast! Virus Chest. To learn how to perform a boottime scan, please refer to section 4.6 How to Perform a Boot-time Scan. Even if a virus has been either deleted or repaired, repeat the previous step, and run boot-time scans on all computers, until avast! no longer displays any warning messages. Depending on the severity of the malware or virus attack, you may not have to perform a boot-time scan more than once. For more information about dealing with malware or virus outbreaks, please refer to section 4.9 Advanced Virus Removal
1

Methods.

4.2 An Overview of the avast! Main User Interface

The avast! main user interface is comprised of four tabs located on the left side of the window: SUMMARY, SCAN COMPUTER, REAL-TIME SHIELDS and MAINTENANCE. Each tab is divided into sub-tabs which activate a corresponding pane. Step 1. Click to activate the following screen:

Figure 1: The SUMMARY tab displaying the Current Status SECURED pane The following list briefly describes the functions of the four tabs as follows: SUMMARY: This tab features the Current Status and Statistics sub-tabs. The Current Status sub-tab displays the working status of key avast! components used to defend your computer from malware and virus attacks. The STATISTICS pane displays the operational behaviour of each avast! component over the period of a week, a month or a year. SCAN COMPUTER: This tab features the Scan Now, Boot-time Scan and Scan Logs sub-tabs. The SCAN NOW pane lists different options for performing manual scans. The BOOT-TIME SCAN pane lets you perform a boot-time scan the next time your computer starts up, and the SCAN LOGS display a record of the different manual scans performed in table format. REAL-TIME SHIELDS: This tab features all the monitors or 'shields' protecting different aspects of computer functions, beginning with the FILE SYSTEM SHIELD. It provides access to the real-time shield settings, including stopping and starting them. MAINTENANCE: This tab features the Update, Registration, Virus Chest and About avast! sub-tabs. The UPDATE pane lets you manually update the program and virus definitions and the REGISTRATION pane lets you register your copy of avast!. The VIRUS CHEST lets you view the different malware or viruses that avast! detected during a scan, and lets you deal with them in different ways, including deleting them, scanning them further or submitting them to a virus laboratory. The ABOUT AVAST! pane displays information about the latest version of avast! on your computer. Note: The SCAN COMPUTER and MAINTENANCE panes are particularly useful when dealing with malware and viruses.

4.3 How to Scan for Malware and Viruses

In this section, you will learn about the available scan options, and how to use them. You will also learn how to perform a full system scan and a folder scan, as well as a boot-time scan. The SCAN COMPUTER > SCAN NOW pane displays the four scan options available in avast!; to view them, perform this step:
2

Step 1. Click

to activate the following screen:

Figure 2: The SCAN COMPUTER tab displaying the SCAN NOW pane The following brief descriptions will help you to choose the appropriate scan option: Quick scan: This option is recommended for users with a limited amount of time in which to scan for a potential or suspected threat. Full system scan: This option is recommended when users have sufficient time to schedule a thorough scan of your system. It is also recommended if this is the first time you are using an anti-virus software on your computer. The duration of this scan depends on the number of documents, files, folders and hard drives on your computer, and the computer speed. Please refer to section 4.4 How to Perform a Full system scan. Removable media scan: This option is recommended for scanning external hard drives, USB flash drives, and other media, particularly those which are not your own. It will scan any removable device for malicious programs that automatically run whenever the device is connected. Select folder to scan: This option is recommended for scanning either a specific folder or multiple folders, especially if you know or suspect, that a particular file or folder might be infected. Please refer to section 4.5 How to Perform a Folder scan. Tip: Each scan option lets you see the details of your scan, for instance, the areas being scanned. Click them. If you are knowledgeable or possess advanced or expert level computer skills, click scan parameters for each scan option. to review to refine your virus

4.4 How to Perform a Full System scan

To perform a full system scan, follow these steps: Step 1. Click on the Full system scan option to activate the following screen:

Figure 3: The SCAN NOW pane displaying Full system scan/scan running...
3

After the full system scan has been completed, and if a threat to your computer has been found, the Full system scan pane may resemble the following screen:

Figure 4: The Scan complete item displaying the THREAT DETECTED! warning The full system scan has revealed a couple of threats; to learn what to do with them, please refer to section 4.7 How to Deal with Viruses [1 ] . The avast! Virus Chest is simply a folder established during the avast! installation process, an electronic 'dead zone' or 'quarantine' where malware or viruses are prevented from interacting with or running on any of your computer processes.

4.5 How to Perform a Folder Scan

To scan your folders, perform the following steps: Step 1. Click in the Select folder to scan option to activate the following screen:

Figure 5: The Select the areas dialog box The Select the areas dialog box lets you specify the folder you would like to scan. You can select more than one folder for scanning purposes. As you check the boxes besides each folder, the folder path is displayed in the Selected paths: text field. Step 2. Click to begin scanning your folders, and activate the following screen:

Figure 6: The Folder scan in progress. Tip: avast! lets you scan individual folders though a standard Windows pop-up menu that appears whenever you right click on a folder. Simply Select which appears next to the name of the folder you would like to begin scanning for viruses.

4.6 How to Perform a Boot-time Scan

The avast! boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows Operating System starts running. At the moment the boot-time scan is performed, the majority of malware programs and viruses are still dormant, that is, they have not had the opportunity to activate themselves, or interact with other system processes yet. As such, they are usually quite easily exposed and removed. The boot-time scan also directly accesses the disk, and bypasses the drivers for the Windows file system, a favourite target of most computer threats. This will display even the most persistent 'rootkits' - the name for a particularly malignant form of malware. It is strongly recommended that you run a boot-time scan even if there is only a remote suspicion that your computer system may be compromised or infected. The Boot-time Scan option is recommended for a complete and thorough scan of your computer system. It may require some time, depending on your computer speed and the amount of data and number of hard drives you may have. The Boot-time Scan is always scheduled for the next time you start your computer. To scan your system at boot time, perform the following steps: Step 1. Click Step 2. Click Step 3. Click to activate the BOOT-TIME SCAN pane. to schedule a boot-time scan the next time you start your computer. to start the boot-time scan immediately, if you prefer.

Note: A boot-time scan starts before the operating system and interface are loaded; as such, only a blue screen appears, displaying the progress of the scan as follows:

Figure 7: The avast! Boot-time scheduled scan avast! will prompt you for a response every time a virus is detected, and to Delete, Ignore, Move or Repair any or all identified viruses, but it is recommended that you do not ignore them under any circumstances. A list of these commands only appears if a virus is detected on your system.

4.7 How to Deal with Viruses

During the avast! installation process, the avast! Virus Chest was created on your hard drive. The Virus Chest is simply a folder isolated from the rest of your computer system, and used to store malware and viruses detected during the scan, as well as infected or threatened documents, files or folders. If you have already updated your program upgrade and virus definitions, you will be familiar with the MAINTENANCE tab - which is also how you access the avast! Virus Chest. To begin dealing with any malware or viruses detected during a scan, perform the following steps: Step 1. Click to activate the following screen:

Figure 8: The SCAN RESULTS window displaying THREAT DETECTED! warning Step 2. Click shown in Figure 8 above. to display the drop-down list of possible actions to be applied to the detected threats as

Note: In this exercise, we are concerned with moving infected files to the Virus Chest. However, the drop-down list displays three other options and they are described below: Repair: This action will attempt to repair the infected file. Delete: This action will delete - permanently - the infected file. Do nothing: This action means exactly what it says, and is definitely not recommended for treating potentially harmful malware or virus threats. Step 3. Select the Move to Chest item, and then click to activate the following screen:

Figure 9: The viruses have been moved to the Virus Chest successfully

4.8 How to Use the Virus Chest

You are now free to decide how to deal with the virus once it has been safely moved to the avast! Virus Chest.

Step 1. Click

and click

to activate the following screen:

Figure 10: The Virus Chest displaying two viruses Step 2: Right click either virus to display the menu of actions that can be applied to a selected virus as follows:

Figure 11: The pop-up menu of actions for viruses in the Virus Chest Note: Double clicking a virus in the Virus Chest will not activate or run it. It will only display the virus properties, or basically the same information you would obtain by selecting Properties from the pop-up menu. The following list describes the actions used to deal with viruses in the pop-up menu as follows: Delete: This item will delete the virus irreversibly. Restore: This item will restore the virus to its original location. Extract: This item will copy the file or virus to a folder you have specified. Scan: This item will resubmit the virus to another scan. Submit to virus lab...: This item will let you submit a virus for further analysis against a database of known viruses. Selecting this item will activate a virus submission form for you to fill out and submit. Properties: This item will reveal more details about the virus selected.
7

Add...: This item lets you browse your system for other files you would like to add to the Virus Chest. This is potentially very useful if you have files you would like to protect during a virus outbreak. Refresh all files: This item will update your files, so that you will be able to view the latest files.

4.9 Advanced Virus Removal Methods

Sometimes the protection offered by avast!, Comodo Firewall and Spybot is simply not sufficient; despite our best efforts, our personal and work systems do become infected by malware and other viruses. In section 4.1 A Short Guide to Dealing with Virus Outbreaks, a few methods were offered for dealing with persistent malware and viruses. However, there is more that can be done to eliminate such threats from your computer. Method A: Using Anti-malware Rescue CDs/DVDs Some anti-malware software companies also offer a free anti-virus 'rescue' CD/DVD. These can be downloaded in ISO image format (that is, a format that can be easily burned onto a CD or DVD). To begin using these anti-malware CDs/DVDs, perform the following tasks: 1. Download and burn the anti-malware program to a CD. You can use free program like ImgBurn [2] to burn the image to the disk. 2. Insert the disk to infected computers, CD/DVD player and then restart your computer from this CD/DVD. Often you can do this by pressing key F10 or F12 on your keyboard just after switching on the computer. Pay special attention to the instruction on the screen of your computer while it starts to learn how to do this on your computer. 3. Re-connect your system to the Internet so that the anti-malware program will automatically update its virus definitions if necessary, after which it will begin scanning your computer hard drives to remove any detected software threats. The following is a list of rescue CDs images: AVG Rescue CD [3] Kaspersky Rescue CD [4] F-Secure Rescue CD [5] BitDefender Rescue CD [6] You may also scan your computer using the following tools, which run when the Windows OS is started; however, these tools work only if the virus infecting your computer is not stopping them from operating: HijackThis [7] and other tools from free Clean-up Tools [8] from Trend Micro company. RootkitRevealer [9] from Sysinternals [1 0] from Microsoft. Note: You can use each tool listed above separately to maximise your ability to effectively clean your computer. Method B: Re Installing the Microsoft Windows Operating System Note: Before you begin, make sure you have all the appropriate license or serial numbers, and installation copies for the Windows OS and other programs you require. This procedure may be time consuming but worth the effort if you can't eliminate malware and virus threats the other way. In rare instances, a virus infection can be so destructive that the software tools recommended earlier may be rendered useless. In situations like this, we recommend that you perform the following tasks: 1. Create a backup or copy of all your personal files on the computer. 2. Reinstall the Microsoft Windows operating system formatting the entire disk. 3. Update the Microsoft Windows operating system after the installation has been completed. 4. Install avast! (or your preferred anti-virus program) and update it. 5. Install whatever programs you require and remember to download the latest versions and all the updates for each program. Note: Under no circumstances should you connect your backup disk to your computer before you have successfully performed these tasks. You might risk infecting your computer again. 6. Connect your backup disk to your computer and scan it thoroughly to detect and eliminate any existing problems. 7. After you have detected and deleted any problems, you may copy your files from the backup disk to the computer hard drive.
Source URL (retrieved on 06/11/2011 - 14:57): https://security.ngoinabox.org/en/dealingwithviruses Links:
8

[1] https://security.ngoinabox.org/en/node/1294 [2] http://www.imgburn.com/ [3] http://www.avg.com/us-en/avg-rescue-cd [4] http://support.kaspersky.com/viruses/rescuedisk/ [5] http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-release-3.00.zip [6] http://download.bitdefender.com/rescue_cd/ [7] http://free.antivirus.com/hijackthis/ [8] http://free.antivirus.com/clean-up-tools/ [9] http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx [10] http://technet.microsoft.com/en-us/sysinternals