Hi

I have had viruses problems (W32.Parite.B). The malware modified a good deal of files, mostly executable files. I executed one of these files (thunderbird instaler) and after that the computer stoped working properly. I had installed the virus.

I used the windows tool to recover the sistem the the point it was two days before. It seemed to work.

The point are:
A) is there any way of having the a file checked by clamwin whenever its opened or executed? (im not sure how to say that in english, but i think its "on the fly")

B) is there any way of removing just the piece of malicious code of a file instead of deleting or moving the whole file to quarentine?

TIA

Marcelo

ClamWin is not a realtime/resident scanner that works "on the fly." It is an on-demand scanner only. You can configure it to automatically scan according to a schedule(s) or right click on a file and select a Clamwin Scan. Realtime/resident development is underway. They have developed an early alpha version, but there are only two/unpaid developers, and it will take some time before it will be ready in version 1.0..

It's hard to completely remove a lot of the malware from a computer today because it can change so many things. Look at the McAfee's or Symantec's descriptions of what is done by some spyware/trojans! Some of the larger antivirus companies (like Mc/Sym) claim to do a good job at removal, but I've seen a lot of dissatisfied customers.

If you have identified a single file as containing malware, it's best to just delete the file and restore it from backup. Then, if you know the name of the malware, look at its description (maybe at McAfee or Symantec's Web sites) to see if it leaves anything in the registry, etc. After that, do scans with your regular antivirus scanner and at least one more--perhaps online with Prevx, Trend Micro or NOD32, and watch your PC for any strange behavior for a day or so.


Regards,