I would like to know if Avast uses registery keys to detect viruses ?
And also if it can delete them.
As a suggestion I think it would be an excelent idea if Avast deleted keys known to be created by virus\trojan\malware. For example :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows System
This would disable the viruses from stating in the first place.(Would be great in the 5.0). And since thats how most virus get launch once the computer restarts it would be a great counter messure.
Please contact me if you are interested because I already have a database of entries .
For the most part I would say yes when it knows about them (applicable to some malware), otherwise when a file was deleted that had an associated registry runservices or run entry then you would get a windows error about a missing file.
Personally, I don’t like the idea of detecting/deleting fixed entries according to their name - many malware use random entry names, or even names mimicking legal entries.
I’d find a registry monitor better… hopefully in avast! 5.0.
yes I do know that some malware use the same names as legal program thats why they are not included in my program. If Alwil doesn’t want a module that would delete known malware keys constantly how about a orogram that deletes them when you start your computer and when you shut it down ??
Plus the whole thing doesn’t take resources.
As Far as a new module goes, my major concern is Alwil spreading itself too thin an not focusing on the Core element, virus detection. People are already screaming about virus sample submission and inclusion, so all these proposed new modules, etc. need the resources not to slow the development of the Core program. This is especially true when there are other programs that do this and some of them free.
How about taking precautions to prevent malware being able to put files in system folders and create registry entries by denying them the rights to do so by restricting their rights. As in the DropMyRights in my signature or using an account without administrator rights.