Did you know this forum is infected - with spiders from Google ! ! !
I searched for
mebroot “virus sality”
and jay2007techr’s answer was top of the list, and this topic was timed at 1 hour ago.
I was very amused by the first result I visited :-
most of the screen gave removal instructions,
but top of the right hand advertisement column was the name we all cringe at - Norton ! ! !
Watasha - I am not worried for myself, but for others who do not know the risks.
jay2007tech - Thank you for that info - but I would like a little more.
What I would like is specific information upon a hazard I vaguely remember,
that a specific virus was able to co-opt as a distributor a (possibly specific) A.V.,
AND whatever the A.V. then scanned would also become infected
I would like specific name(s) for the virus, and also for any specially targeted A.V.
MY CONCERNS :-
I believe that copies of infected files can be preserved by System Restore,
and that if a vulnerable A.V. scans such a virus it will be infected regardless of what folder it was in.
If it is possible for the simple reading/scanning of a virus (either existing or future) to transfer infection elsewhere,
then perhapst a defragger or disc imager etc could also become a carrier of infection.
Typically the purveyors of defraggers etc are proud to announce that the data is shifted safely because they use the official M.$ API’s,
But I am concerned that M.$. *.DOC files spread infection with 100% M.$ code (no one else to blame)
and EVERY ADOBE and NON-ADOBE reader of *.PDF files has needed patching because they use M.$. API’s or whatever that, like all of Windows, was originally cobbled together with no regard for security against malware,
Therefore I assume that when a defragger etc. accesses data via an official M.$. API,
the result can be just as disastrous (or far more so) as when any Reader accesses a “infected” *.PDF.
I have encountered some-one who seems to hold the opinion that malware in the System Restore is totally harmless unless you tell System Restore to put the system back to the time when that malware was running free - before it was zapped and transferred to System Restore.
I disagree with him.
I accept that whilst the virus is in the R.P. it is unlikely to be active,
and only people with “dangerous” permissions access can actually see the virus in Windows Explorer,
but fear that when A.V. or defragger or whatever does access files within the R.P.
There is potential for the opening of “Pandora’s Box”
I do not wish to counter his opinion with mine - I want hard solid facts.
I enjoy extreme paranoia - especially when I was right and successfully anticipated and averted disaster.
Often the fear does not materialise - yet, but I can live with that.