Re: Recommend a good free anti-virus utility

From: cquirke (MVP Windows shell/user) (cquirkenews_at_nospam.mvps.org)
Date: 05/28/05 

Date: Sat, 28 May 2005 19:09:25 +0200

On Fri, 27 May 2005 10:43:21 GMT, spam@spamcop.com (Bob) wrote:
>On Fri, 27 May 2005 09:18:35 +0200, "cquirke"

>>You need better tools than ChkDsk too, and you don't have them unless
>>you are prepared to chuck out NTFS. Else you have a problem - should
>>you backup before ChkDsk "fixes" detectable damaged files into
>>undetectable damaged files, or after, or both?

>I had a corrupt disk that would not make a hardware backup so I ran
>CHKDSK on it. It claimed to fix some things including bad clusters in
>the pagefile, etc. But it was still corrupt.

Well, there's a case in point. Bad clusters = Bad HD, unless they are
the result of imaging a bad HD to a good one in such a way that the
bad cluster markers are carried over verbatim.

>I preferred to use the system on the corrupt disk. I ended up making
>a clone disk with it using Acronis True Disk 8 - apparently the cloning
>process cleaned up the corruption because the clone worked fine.

Well, it's like throwing blood clots up the arterial tree. If they
wind up in the middle of the thigh muscles, you'd prolly not notice.
If they wind up under the finger nails, you might think "that's odd"
and a meatware tech might say "sheeiit you better get that checked
out!". If they wind up killing off the cubic centimeter of brain that
keeps you breathing, you'll stop breathing.

I've done the same thing for the same reasons and had the same
mileage, but I still advise cherry-picking data first...

http://cquirke.mvps.org/pccrisis.htm

...in case the HD dies during attempts to image it.

The gruesome bit is that ChkDsk will have already "fixed" file system
errors on that failing HD before finding the bad clusters, and without
prompting you for what to do first. That's why you need a better
tool; so you get asked first, and can say no.

>>Then you'd have to find something approaching a full-breadth av
>>scanner. You might pay hundereds of dollars for a year of Avast on
>>Bart, or you'd have to settle for weak-breadth scanners such as McAfee
>>Stinger, Trend SysClean and similar killers of subsets of available
>>malware from Avast, AVG etc. Of these, SysClean is the broadest, but
>>it is slow, doesn't show results as it goes, and reporting is hell.

>Since I subscribe to RoadRunner cable service, I am using Computer
>Associates eTrust AV. I have no way to know how effective it is other
>than believe the recommendations of others.

That's OK when it comes to stopping malware from going active. If
that fails and malware *is* active, then it's less dependable because
it can only run from within the infected OS. Like most Windows-based
av, it's a nice, friendly, strict doorman. But if the baddies get
inside, you need a SWAT team, not a nice, friendly doorman.

>>The main optimism is that tools running from within the infected
>>installation can taxi off the runway and get airborne while active
>>malware sits up there in the clouds and allows this to happen.

>Kerio monitors every application that attempts to set up a network
>socket. If I haven't pre-approved, Kerio fusses.

That's like watching for smoke as a screening method for water
pollution. Not all malware tries to call home, or send out material
in ways that a firewall can detect. Plus, an active malware can
clobber both av and firewall and leave stuffed effiges sitting up in
the UI, so that you may not notice the difference.

>>call in tech assistance when things go wrong.

>I AM the tech assistance.

Then you know whereof I speak :-)

>>XP is simply not built with data recovery of the regaining of
>>ownership from malware in mind - no-one has thought that far.

>I run Win2K.

That is equally afflicted.

>---------- ----- ---- --- -- - - - -
   Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

Relevant Pages

  • bad clusters != bad sectors? CHKDSK. How many is normal?
    ... and it often finds bad clusters and errors in the MFT. ... Interestingly, CHKDSK always reports zero bad sectors, which suggests ... The type of the file system is NTFS. ... A disk check has been scheduled. ...
    (microsoft.public.windowsxp.help_and_support)
  • bad clusters != bad sectors? CHKDSK. How many is normal?
    ... and it often finds bad clusters and errors in the MFT. ... Interestingly, CHKDSK always reports zero bad sectors, which suggests ... The type of the file system is NTFS. ... A disk check has been scheduled. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Bad Clusters
    ... >present on the disk after chkdsk finished. ... If bad clusters were found, ... Bad clusters contain physically bad sectors, ... BIOS can report S.M.A.R.T. ...
    (microsoft.public.windowsxp.general)
  • Re: Bad Clusters
    ... >>present on the disk after chkdsk finished. ... If bad clusters were found, ... > even though the summary says "OK", there have been x sectors that had ... So an elective test may report ...
    (microsoft.public.windowsxp.general)
  • Re: bad clusters != bad sectors? CHKDSK. How many is normal?
    ... I know nothing about bad sectors but I know how to search with google ... >>From the beginning, WinXP has always needed to do CHKDSK, every 2 weeks ... and it often finds bad clusters and errors in the MFT. ... >A disk check has been scheduled. ...
    (microsoft.public.windowsxp.help_and_support)