Question About Virus Removal

Hello, i have just one quick question about virus removal, in BDIS v10 theres only options to disinfect, not to remove, does the disinfect option mean remove, or does it just disinfect the file. :wacko:

Comments

  • Hello QuizPC


    BitDefender will always try first to disinfect the file if that fails it will delete the infected files or move to quarantine. You can change what BitDefender must do with a infected file open BitDefender go to antivirus,custom level you can change the action under the section action to take when an infected file is found. You can set two options. Do not forget to confirm by pressing on ok.


    Regards


    Niels

  • Is there a way to make BDIS to just delete the file?

  • Hello


    Yes by changing the options that BitDefender must take on an infected or suspecious file. There you can choose for deleting the file. But I wouldn't recommend setting that as first option because if there is a false positiv you can't recover the file.


    Regards


    Niels

  • Okay, so I'm safest with disinfect then.


    Just one question, how can it edit a .exe or like .dll or something, i mean, how does this disinfect work, does it remove the code from the program or file?


    I just would like to know how it works before i put my PC in it's hands. <img class=" />

  • Hello QuizPC


    I recommend that you let option 1 set on disinfect.


    BitDefender tries to remove the malicious code. That could be the case when malware injected a windows file. After that BitDefender tries to rebuild the file.


    Regards


    Niels

  • AndreiASM
    edited August 2007
    Okay, so I'm safest with disinfect then.


    Just one question, how can it edit a .exe or like .dll or something, i mean, how does this disinfect work, does it remove the code from the program or file?


    I just would like to know how it works before i put my PC in it's hands. <img class=" />


    Hi there!


    Basically, when infecting a file, a virus has to do some modifications in specific areas of the file, to make both the viral code and the original host code work properly in the new environment. The Antivirus does exactly the opposite. It undo's the changes made by the virus in the applications header, and removes the virus code from the file. Depending on the type of the virus and the infection technique which the virus has, it may be imposibile for some files to be disinfected, since the virus can destroy or encrypt sepcific areas of the file, making the host file unusable after the disinfection process. Some viruses overwrite the code of the host, making the original file unusable anymore. Other viruses just make the basic modifications in the file, so that both the virus and host work. The majority of the file infectors can be disinfected, but take into consideration that there are viruses which can't be removed without destroying the host file.


    There are many many techniques of infecting files and there many more techniques which viruses use to hide themself inside the host code, like EPO (Entry Point Obstruction). Every application has an entry point, where the execution is first passed when executing the file. When a classic virus infects an exe, it will change the entry point, so that it shows to the first instruction of the virus. However, EPO viruses place instructions somewhere inside the host, and the control is passed to the virus during normal execution of the file, and not when first executing the file, this means that the virus doesn't have to be the first one to be executed. Some viruses place their code in data section or in empty stack spaces.


    Dll's are Dynamic Librarie Links. As the name says, they are big libraries of functions which other applications use. For an example, kernel32.dll which belongs to Windows OS, contains critical functions. Basically, the only major difference between a dll and an exe file is a bit in dll's header which is set, and which makes the file behave like a dll, rather then an exe. Both exe's and dll's contain a main function, which is pointed by the entry point, and both dll's and exe's can be infected in the same way by viruses, but, since dll's aren't executed by user, viruses don't use them to much as a target of infection.


    Andrei

  • Cool, thanks for the explanation, know i understand how this stuff works. <img class=" />

  • Well I only offered you an explanation. :) Basically, the AV dows the opposite of the virus. The virus adds code, the AV removes the added code, ie removes the virus. I only wanted to make it as clear as possible. ;)


    Andrei