How effective is putting a virus in a folder named 'quarantine' at stopping it from doing its evil deeds?

Quarantining a virus is effective as long as you don't double-click on the file or otherwise run it from quarantine. Some antivirus programs will disable quarantined files as a precaution. I like quarantine because you can upload the file there to VIRUSTOTAL for a free scanning by multiple antivirus programs. If more than one scanner finds a virus in it, you can be pretty sure it's not a false positive. If it is a false positive, you can restore the quarantined file to where it was on your computer. You can just delete the file from quarantine if you are sure it contains a virus.

"Cleaning" a file takes lots of horsepower on a computer, and after many viruses have already done their dirty work, it's very difficult to clean up after them. If you can identify a virus, do a Google search on it, and some of the information you find will tell you how to clean it up. Much of the malware around now comes with multiple payloads, however, so the cleanup instructions may/may not be complete.

Regards,

Ehhh, cleanup is actually less strenuous than detecting them in the first place. You don't have to decrypt, emulate, etc, to remove the virus.

Normally, one just has to strip the malicious bytes from the file and put the original entrypoints that the virus latched onto back into place. This is usually as easy as replacing the malware code with no-operations until you've hit the clean code again.

A vast majority of things detected today aren't file infecting viruses, they're just trojans of some sort. This means the entire file is malicious, not just a portion of it. Quarantining those is relatively fool proof in terms of the malicious code executing again, it simply can't. Computer viruses are really just regular old computer programs, there isn't anything that magical about them. If you rename excel.exe to spreadsheet.exe, excel is not going to work anymore. Same concept really.

Most quarantines will encrypt, or at least obfuscate the things in the quarantine to prevent them from being redetected, or detected by others.

What if you've got malware that has become active and now has several payloads that are located in multiple places on the infected computer? You're going to have to get all of them to clean up--including System Restore sometimes.

Regards,

bOne:

You've got to have the capability to identify specific malware, track its actions, and insert the code to clean it in your antivirus software. This means people, equipment, procedures, and the management to put it all together if you want to perform virus cleaning on a continuous basis. If you look at the amount of malware around now, that's beyond the capability of many organizations. Some of the smaller AV companies are getting together to pool efforts/resources and maintain a 24 X 7 capability. That's the real overhead.

Regards,

Right... when you get a copy of the virus, you run it to see what the payloads are, analyze them, determine how and if a cleanup routine can be created. When these signatures are in the AV engine, and it detects a file with one of the payloads, it issues the cleanup routine on that file. For the most part, it doesn't matter where the file is on the system, or how many infected files there are provided you have detection+cleanup routines for them.

Please. What do I need to do to get things running smoothly? Thank you, thank you.

I see that the memory scan is completed, but there are a lot of warnings after that. Clamscan, clam tray, freshclam, and virus scanner are all exceptions in my firewall.


My information:

*** Scanning Programs in Computer Memory ***


*** Scanned 42 processes - 397 modules ***
*** Computer Memory Scan Completed ***

C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar-1.gz.000.000.000.000.000.000: ClamAV-Test-File FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar-1.gz.000.000.000.000.000.000: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar-1.gz.000.000.000.000.000.000.000'
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar.gz.000.000.000.000.000.000: ClamAV-Test-File FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar.gz.000.000.000.000.000.000: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.clamav-0.90.tar.gz.000.000.000.000.000.000.000'
WARNING: Can't open file \\?\C:\Documents and Settings\my name\Application Data\Microsoft\Office\Recent\RelativeResourceManager;JSESSIONID=Gw0Cf1PT2FjgLXLhQ3sSx9Ln5T61qJntTnWLXyLwn8V1Jbk8WnpL!610746534!nlna3.sysapps.unlv.edu!8080!-1!692271625!nlna2.sysapps.unlv.edu!8080!-1!115.u15.u\
??—<??—X>@
WARNING: Can't open file \\?\C:\Documents and Settings\my name\Temporary Internet Files\Content.IE5\0P23GHIJ\.com%2Fbrowse%2Falpaca&kw_type=broad&kw=alpaca&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=772&u_aw=1280&u_cd=32&u_tz=-300&u_his=4&u_java=tra=tr´
??—â€? ??—X>@
WARNING: Can't open file \\?\C:\Documents and Settings\my name\Temporary Internet Files\Content.IE5\GTUVKXMN\.com%2Fbrowse%2Fcereal&kw_type=broad&kw=cereal&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=772&u_aw=1280&u_cd=32&u_tz=-
300&u_his=5&u_java=tra=tr´
??—â€? ??—X>@
WARNING: Can't open file \\?\C:\hiberfil.sys
WARNING: Can't open file \\?\C:\pagefile.sys

I get a balloon that says: running scheduled task local disk. It is scheduled to scan at 1:30 am.. No matter what time of day I go to work on my computer, I get the same message.