"Dustin Cook" <> wrote in message news:
> "Russg" <> wrote in > news:>
> > I haven't dealt with a virus/trojan for a long time.
> > My question is general. BugHunter and other AV programs identify
> > malicious files, but don't get rid of them.
>
> BugHunter does, and I know others do as well. If they re-infect you,
> that's not BugHunter's fault.
> Please, Please read the documentation sir:
>
> http://bughunter.it-mate.co.uk/BUGHUNT.TXT
>
>
>
> > Question:
> > After BugHunter finds a malware, what does it do to keep it from
> > coming back, clear out the registry and startup stuff, un-read only,
> > system the file, prevent system restore from re-inserting it? Or is
> > it general procedure, once a malware is found, search for a specific
> > removal tool?
>
> Damn... I'm really surprised nobody reads doc files at all? anymore...
> Seriously... Okay then, To answer your question.
>

snip BugHunter documentation

>
> So how do I use it?
>
> BugHunter has a simple and straight forward menu system which normally
> requires only one keypress from you. The hot key is normally shown in
> brackets [] with a description to the right of the key.
>
> BugHunter supports 4 modes of operation. These are:
>
> [A] - Scan Only
> [B] - Scan and rename found files
> [C] - Scan and remove (delete) found files
> [D] - Scan and ask what to do with found files.
> [Q] - Quit the program
>
> Make your selection and BugHunter will display the directories that are
> configured for scanning. Press Y (or y) and BugHunter will do what you
> selected previously.
I admit not reading documentation, or even some of the posts here that
answer my question.
I have read that documentation before, and I can explain myself better.
Viruses/Trojans/malware are not just simple files that can be identified,
the permissions altered and deleted.
They are usually multiple files, in multiple directories, with entries into
the registry and system startup and sometimes
the Master Boot Record. I don't know exactly how they work, probably
varies, but I see the BugHunter documentation
mentioning removing found files, but not removing all the nefarious stuff
that viruses install that allows them to be
persistent and self replicating. I know only Klez from experience, I've
avoided porn sites, opening e-mail files,
not allowing html, I don't disable Java, but keep it up to date. But back
to Klez. It installed a program called
winkxx.exe. That program caught calling out by Zone Alarm. Simple removing
of winkxx didn't work. I had
to run a removal program, this was with a WinME machine, so I guess system
restore restored it.
There are complexities to files, such as many executable file extensions,
other than .com .exe .msi, etch.
that can be such that you don't see the extension with 'hidden' file
extensions.
What I'm getting at, is I don't understand what malware does, but am aware
it isn't just simple files that can
be identified and removed. Just like the extensive procedures that
add/remove in Windows goes thru to
remove a program. Or and un-install on a program. Or even Norton
Uninstall. to get rid of something
unwanted.
I understand a clean boot, even with a universal boot cd (BartPE will trash
a Win98/ME MBR in my experience)
I can boot to command prompt and use a DOS AV like f-prot or BugHunter to
identify offending programs,
but it isn't as simple as just removing a file/files.
I'm repeating myself.