Formal Virus Test
The basic concept behind formal virus checking is that no code is allowed to run from the hard drive during the process, as code viruses may take steps to avoid detection or re-infect the system if they can run first.
A formal virus scan/clean must be done from a
|Verified||Check that CMOS diskette type is set correctly, and that boot order is set to A: before C: - several viruses set A: to None so that they can boot off hard drive before faking a diskette boot|
|Clean||Boot and virus scanner diskettes must be formatted and prepared on a PC that is known to be clean|
|Protected||Write protect tabs on all diskettes must be open to prevent disk writes from tested systems that could infect the disks|
|Diskette||If system starts to boot off hard drive, will need to reset; the diskettes should not access any hard drive code, e.g. should avoid the temptation to load from there in the interests of speed|
|Boot||Code viruses can trap a soft reboot via Ctrl-Alt-Del, and write themselves back to the hard drive thereafter, so you must use reset button or power switch to reboot|
and must check
|All files, using||By default, most scanners will only check "program files", but any file can be a potential risk so all should be checked|
|Up-to-date||The scanner is only as good as its data files, which should be updated at least once a month|
signature data files.
Antivirus programs that can only run from Windows, or that do not offer data file updates, are irrelevant to this topic (i.e. useless in this context).
Here's the procedure:
On a network, you may need to be quite disruptive to assure an effective clean; perhaps best done after hours! Best-practice would be to do this as follows:
There are shortcuts and less invasive methods, but as recurrence becomes more likely, use your judgement there. For example, if you "know" the only threat is a Word macro virus that does not act as a "dropper" for code viruses, you don't have to do a formal clean; you can use the scanner from within Windows.
(C) Chris Quirke, all rights reserved
Back to index