Registery Detection

Hello,

I would like to know if Avast uses registery keys to detect viruses ?
And also if it can delete them.

As a suggestion I think it would be an excelent idea if Avast deleted keys known to be created by virus\trojan\malware. For example :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows System

This would disable the viruses from stating in the first place.(Would be great in the 5.0). And since thats how most virus get launch once the computer restarts it would be a great counter messure. :wink:

Please contact me if you are interested because I already have a database of entries .

MounierNetwork

For the most part I would say yes when it knows about them (applicable to some malware), otherwise when a file was deleted that had an associated registry runservices or run entry then you would get a windows error about a missing file.

yes that is true :slight_smile:
But what do you think about the concept of having a module just for that ??

MounierNetwork

New Module?
Yeah… I like the idea… But I think they’re working in a standalone application for spywares…
But Alwil silence is huge… ;D

Personally, I don’t like the idea of detecting/deleting fixed entries according to their name - many malware use random entry names, or even names mimicking legal entries.

I’d find a registry monitor better… hopefully in avast! 5.0.

yes I do know that some malware use the same names as legal program thats why they are not included in my program. If Alwil doesn’t want a module that would delete known malware keys constantly how about a orogram that deletes them when you start your computer and when you shut it down ??
Plus the whole thing doesn’t take resources.

MounierNetwork

As Far as a new module goes, my major concern is Alwil spreading itself too thin an not focusing on the Core element, virus detection. People are already screaming about virus sample submission and inclusion, so all these proposed new modules, etc. need the resources not to slow the development of the Core program. This is especially true when there are other programs that do this and some of them free.

How about taking precautions to prevent malware being able to put files in system folders and create registry entries by denying them the rights to do so by restricting their rights. As in the DropMyRights in my signature or using an account without administrator rights.

Thanks Igor.

Sorry, David, I disagree in the Registry monitoring… It won’t make Alwil lose focus on security.

It’s another solution…

what would the registery monitor do ??
you do not seem interested in my sollution . Am I right or will you consider it ??

MounierNetwork