On Sun, 2010-07-04 at 09:22 -0700, JD wrote:
> So far, clamav has not found anything in the mounted windows partition.
> That could be good news or bad news
Systems running windows from an infected disk are often unable to find
the infection, as the infection often installs a root kit that hides the
infection from the virus scanner.
When you boot linux and scan the disk using clamav you have a good
chance of finding infections that even expensive anti virus apps running
on the infected windows system couldn't find.
I have several times found infections on running windows systems by
remotely mounting their C: drive (the C$ share) on my linux box and
running clamav on them. That way I can check them without downtime.
How does the infection get past the windows anti-virus? It could either
be something new that wasn't detected yet when you got infected. Or (as
in my case) systems that need to have anti-virus disabled for certain
data directories and applications because of performance problems.
Combine that with a need to allow connections to that same app from the
internet... Recipe for infections.
I usually find 3 different 'hits' on infected systems, and when looking
up the signatures on the web I usually find that one is the component
that initially infected the system. That one then downloads and installs
a root kit to hide itself, and then a backdoor to offer services.
users mailing list
To unsubscribe or change subscription options: