【重新总结版】围巾(viking)前各大杀软的表现，亲测！

piratk

原帖由 154161 于 2007-4-26 21:39 发表
我的红伞可以

你这图没有说明问题啊！！

还有啊……

到底norton能不能清除啊？

很想知道……

飞天法宝

这个其实我感觉即使删除也误所谓了，只要能发现并处理掉就好，我们找没染毒的再下

buycard

在论坛混了不少日子，90%的人不知道什么“杀毒”，以为删了就好了

The EQs

You'll keep your promise do you?  

If you detect something in the first instance you don't have to clean it since your realtime monitor wouldn't allow to start it. I assume you understand that.

The problem is if you install a AV on an already infected system - there you have to clean of course. Or - and this is most likely the major case - if the AV updated virus signatures and detects *now* malware what it didn't before.

There are several different types of "cleaning". The most difficult is parasitic virus cleaning (depending on the virus type) and removing code-injecting trojans (for example code injection into winlogon.exe)

Normal "stupid" malware you can just terminate and delete. There's no "cleaning" needed except maybe a registry key.

Next problem is that some viruses (parasitic viruses, that means they attach their code to other existing "innocent" executables) corrupt files. Such files you cannot clean once they are corrupted. Most of the Vendors adding a ".DAM" (for damaged) for such virus samples. You can only delete such samples.

Next problem is spyware. Usually they add hell a lot of registry keys or change them. Most of the AV programs only restoring the settings when infected by widely known spyware. You can maybe use some generic registry fixer.

Another problem are heuristic detections. If you detect something via heuristic you might not know which registry key it creates. A simple trick helps there: Remember the executable name (for example WIN32X.EXE) and search the registry for autostarts with this name. If it exists then you can delete it. HOWEVER... Some Malware creates names similar to real applications. For instance the Quicktime Updater is a known victim of this. So you cannot just browse for registry keys in autostart. ( Example: Application X.EXE has a registry autostart and is NOT DETECTED. However, X.EXE loads QTUpdater.Exe and that is the malware file AND detected via Heuristic. If you delete now QTUpdater.EXE from the autostart you just deleted the REAL (non-malicious!) Updater for Quicktime. )

jpzy

原帖由 154161 于 2007-4-26 21:39 发表
我的红伞可以

，报出来的病毒名就不是Viking，下面似乎也没有清除病毒的项目！

piratk

原帖由 飞天法宝 于 2007-4-26 22:33 发表
这个其实我感觉即使删除也误所谓了，只要能发现并处理掉就好，我们找没染毒的再下

错错错……

有的文件再也无法下载怎么办？

感染了就删除？大错特错……

jushua

norton NIS 2007可以修复，很自动化，有些用户可能不会留意。修复后文件减少了几十k. 不想提供截图，浪费时间。
不要那么没信任感。

xiaop000

不能修复是很郁闷的，一旦中毒跟没杀软差不多，文件都给删了，一样都得重装

windlau78

原帖由 154161 于 2007-4-26 21:39 发表
我的红伞可以

红伞基本上不具备修复功能，一般都是删掉。

smty

NOD32可以清除“部分”变种的维金和熊猫感染的文件，过去曾经给别人清除过，当时的维金变种好像是.ch，.j看来还是不能清除。
感觉卡巴斯基的清除能力比较强，红伞能够清除病毒的情况，目前还没遇到过。