Lucijan Caric and Tomo Sombolac Qubis d.o.o.
Today, among the most prevalent viruses are those written to attack Windows 32-bit executables. Beside usual mass mailing of the infected code, these viruses may employ various techniques for mass infection of executables present on local and network drives, memory residence (via service or process) or stealth. Also, they are very difficult to be removed or disinfected. At the same time it is perceived that a number of present Windows operating systems are very hard to boot in such a way that a clean environment is established (clean boot). This is usually stated for Windows NT operating system, but Windows 2000 and new Windows XP are not excluded. All this is not making handling infections of the Windows 32 bit viruses easier.
Actually, the truth is that it is possible to clean boot all Windows operating systems, since relevant articles are present in Microsoft Knowledge Base. On the other hand many Web sites of the largest anti-virus companies do not show these facts, usually offering some workarounds instead. Now, it is possible to confirm this by searching sites of the top antivirus vendors for information about clean booting Windows operating systems and for information related to cleaning of the infections caused by some viruses in question like Flcss, Magistr or Nimda.
It is a bit worrying that the largest anti-virus companies do not present procedures shown in relevant Microsoft Knowledge Base articles on their Web sites. Also, it is obvious that presently recommended techniques relay more on tricks and workarounds than on lege artis procedures, and that they also induce a number of other problems such as risks of re-infection, possibility of viruses remaining active in memory or being virus specific i.e. limited to specific cases.
We have explored the recommended Microsoft Knowledge Base procedures, we use it in our everyday work and recommend them to our customers. At the Virus Bulletin Conference we would like to present some facts about these obviously known and very important procedures, which however seem to be widely overseen.
