I used Norton Antivirus and it removes files and registry keys created by viruses, trojans, etc.
I know Avast 4 & 5 removes infected files but do they remove infected registry keys too? If they do, are they placed in the Virus Chest too?
I used Norton Antivirus and it removes files and registry keys created by viruses, trojans, etc.
I know Avast 4 & 5 removes infected files but do they remove infected registry keys too? If they do, are they placed in the Virus Chest too?
nope, Avast doesn’t do that, some here say it doesn’t matter :
lol, Then I guess that would be a good thing to add in a newer release. I was wondering the same thing. Truthfully, An anti-virus software is supposed to remove infected files, and should include it’s registry key(s).
Hi ccm58.
No, I think!.
But if you have experience with the registry is a great website that has a collection of all the registry keys of win xp so you can correct the problems caused by malware(etc.).
http://www.kellys-korner-xp.com/xp_tweaks.htm
Use with caution! If you are unsure do not use them!
Avast removes infected files together with the associated registry keys.
But there’s nothing like “infected registry keys”, just keys that may be pointing to (referencing) infected files…
… as well as keys changing the system behavior, they’re not more infected than others, it’s just that malware “slightly modified” them. You can remove whatever file you want after that, it’s a legit key with wrong values etc…happily crippling your system.
You can’t say that - because you don’t know what was the state before. The user (or system admin) may have disabled regedit, for example, to prevent users from playing with it.
You can't say that - because you don't know what was the state before
I can say that because I can see my system behave differently and I can use a software able to scan the registry (even Windows Defender can do that, MS antispy beta could too…) that will tell me what keys were responsible for the mess, what was changed that should never have been… (PCtools registry mechanic was a good tool too btw) etc… and even before that, I will be able to say that already, because the software will alert me that something is attempting to modify such or such key : …seen that with Defender.
I mean guys, most security solutions watch the registry in real time, and Avast doesn’t. And I do not think that all the others do that for the hype.
Don’t see what it’s got to do with this topic though…
Hm…there is quite a lot topic of that isn’t it?
oh you don’t ??? ;D
A² removes (old/left over) malware related keys in registry. They call it ‘Traces’.
Even if these traces can’t really do bad, they aren’t needed eighter. (Ccleaner does similar on other level)
Anyways any (good used) HIPS prevents inserting the keys to the registry at first.
asyn
you’re right about HIPs, but for some reason I can’t stand the one I was using anymore ;D …and I don’t think I’ll ever use one again. I find the concept a bit old and overkill…there must be other ways (behavior shields…when they work ). Some people here forget to mention that HIPs can be silent, they got several modes, but still, I think I won’t bother to use one again. They’re also progressively slowing down the system, and you realize that once you’ve removed the HIPS
It’s certainly up to the user, what he/she uses.
I’m satisfied with my configuration, as it doesn’t slow down my system at all.
And it is really silent at highest protection level, but it’s all about setup, I guess…
(You wouldn’t believe my current system load between 0% to 2%…!!!)
asyn
Hi VLK.
This is true. But, for example, I could see cases of viruses that disable the display of hidden files in Windows.
In these cases you must manually reset the relevant registry key.
Thanks everyone. Since the registry keys are not in the Avast Chest, it means that it cannot be restored. So I suppose we have to be careful when deleting any files as it may not be an infection.
Those changes aren’t directly related to a specific detection so avast wouldn’t delete (the last thing you would want) or change them back, as avast isn’t to know if these were user set or not. avast doesn’t directly scan the registry as part of its on-demand scan, it only enters the registry after making the detection on a file, then it is looking for directly associated registry entries, e.g. those that reference that file/s
If Avast knows from its virus definitions that, say, virus or trojan A would affect registry keys X, Y and Z, why doesn’t it use the definition to delete these keys or change them back?
Because registry key in isolation without the associated files are inert. As far as change them back goes, how is avast to know that these changes were user set, it doesn’t as it can’t determine intent.
Avast removes infected files together with the associated registry keys.
But there’s nothing like “infected registry keys”, just keys that may be pointing to (referencing) infected files…
So do I understand correctly that for example the keys which are in HKEY_LocaL Machine\Software\Microsoft\Windows\Currentversion\run are deleted which the malware file that created it ??
Thanks
Al968