Virus Scans taking forever

[Rt169Radio]

Hi, I just started having this issue where my anti-virus programs are taking forever to scan. I use Comodo Internet Security Premium and Microsoft Security Essentials. I reinstalled both programs thinking that might fix the problem-but nope. It can take up to 12 hours to complete a full scan and it never used to do that, at the most it would take a hour and so many minutes.

Now I keep my computer clean, organized and tweaked for the best performance (meaning I don't have frivolous programs or options installed or on) So what do you think this problem is? And my level of computer knowledge is immediate but I can't seem to figure this out. I am running Windows 7 64 bit Home Premium.

 

[VE7WV]

While a scan is running, right click on the task bar and pull up Task Manager. Check which processes are running - sort by CPU in descending order to see the CPU hogs - perhaps you'll discover something else at work there.

I just run MSIE on my Windows machines; my mail server (external, Unix) scans all mail before it even hits the premises. No problems here.

 

[AB4BF]

It has been my experience that Comodo doesn't like to work with MS Security Essentials. You are probably gonna have to turn one of them off.

I turn the MS stuff off. It still takes Comodo 3-1/2 hours to complete. But, (knock on wood), I haven't had a virus, malware, trojan, sneeze or anything that would harm my computer in over 7 years since Norton. And, Comodo is still free.

 

[VE7WV]

I turn the MS stuff off. It still takes Comodo 3-1/2 hours to complete. But, (knock on wood), I haven't had a virus, malware, trojan, sneeze or anything that would harm my computer in over 7 years since Norton. And, Comodo is still free.

I went the other way and use MSIE on our Windows machines. It's still free too. Will it catch everything? Nope, but neither will any other product.

Case in point, I've got a real time example to share thanks to some security and regular anti-spam tuning work I'm doing on my Unix based mail servers this morning.

An odd log entry prompted me to dig deeper into a message received quite coincidentally just as I read this thread. On further investigation I found a malware spiked email (link, not a file) and downloaded the file safely locally to both a FreeBSD box and a Windows test client; MSIE did not pick up the .scr malware within the zip file. Neither did ClamAV nor Comodo (which reports Threat(s) Found: 0 on a file scan).

None identified the .scr file as malware or even warned of the possibility it could be malware. SCR files are one of the oldest tricks in the book for shipping around double-click friendly malware installers, so all of these apps should at least warn the user before they launch such an executable file.

There are no 100% fool proof catch-everything virus detection products. I don't assume any product will catch everything nor even catch common stuff - this email originated from a server in Europe that had not shown up on the real time blackhole list system(s) as compromised. Reported.

Next. Sadly.

Mike

 

[Astrak]

You shouldn't run two anti virus programs at the same time. Use which ever one you like better and uninstall or turn the other one off. Why You Should Consider Using More Than One Antivirus App

 

[K5MPH]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

You shouldn't run 2 antivirus programs at the same time, try avg out I have been using it for years and it's always worked great for me......

 

[CapStar362]

Bit Defender is far better than AVG now that ive had AVG Fail on me.......... and most definitively!!! DO NOT RUN 2 A/V's!! you will be sorry in the long run

 

[poltergeisty]

Never run two anti-virus programs as already mentioned. Just out of curiosity run HD Tune and see if the drive is bad. HD Tune website

OH! Do not use MSE! Microsoft Security Essentials Loses AV Certification - Security -

Anything else like Avast, Bitdefender, NOD32 or Comodo are way better! I read the comparatives all the time. To be extra cautious run Firefox with NoScript. That right there will stop most viruses.

 

[VE7WV]

Regarding browsers, Google Chrome seems to do a decent job at protecting users from visiting malicious sites or opening/saving malware links. I do most of my browsing using a Unix or Linux box or virtual machine, especially when venturing into the nether regions of the internet.

With respect to anti-virus software the only firm opinion is that I hate Norton/Symantec with a passion.

The independent test site commonly referenced shows products like AVG getting a very good review, so I downloaded and installed AV and guess what, it did not pick up the .SCR malware that was sent to me earlier today. Assuming that miss is an anomaly, I'd still have a hard time recommending AVG because:

a) it's installation and user interface continually flog all sorts of other software downloads, "driver updates", etc. It's a bloody gaudy mess of confusing choices, and who knows where all those choices lead to.

b) The download link page from the company takes you to Downloads.com, and on that very page are two different green Download buttons. One takes you to the legitimate product, the other takes you to... drum roll... a malware site.

UGH.

I used to like FProt / FSecure and Kaspersky. Maybe they'll pick up on this malware file but I'm done looking. Sometimes the devil you know, and some common sense, is better than all the virus detection software in the world.

 

[VE7WV]

UPDATE...

As of the latest MSE update package I just pulled down, MSE does in fact detect the infected ZIP file; better yet it prevents/works with Google Chrome to prevent the file from being downloaded or opened.

All the other packages I tried failed, including AVG which updated and checked immediately before this test.

Suddenly MSE is looking a little better! ;-)

 

[poltergeisty]

What "packages" did you try? I'd like to check that zip file out.

 

[VE7WV]

By package I was referring to the latest MSE virus definition update. I'd first tried MSE against its then-latest definition file as of when I posted up thread, and at that point, despite the trojan being around awhile, MSE did not detect it.

But neither did the latest from AVG or Comodo. I followed the same procedure with both: installed their latest version; brought each up to date with the latest virus definitions; then checked the zip file and then the contents of the zip file. Neither AVG, Comodo, or MSE detected the file or file within the zip file, and none worked with my browser to block download/save.

After checking out the latest from both Comodo and AVG, I decided to update again MSE's virus definition files (if any updates had yet been published). Then and only then did MSE detect the virus and at that point it detected it even as it was trying to be saved as a download from Chrome.

Chrome itself believed the link was suspect all along and cautioned against download, but it did not know it to be virus laden.

The particular virus is: Win32/Zbot, a password grabber / key logger. It's not a new trojan but must have a slightly different signature this time around.

PWS:Win32/Zbot

Incidentally the virus link was part of a fairly convincing email purporting to be from a service called eFax. It was well done, without the usual grammar and spelling errors that often come along with spam and some trojan-laden emails. It had links to a legitimate service, as well as a link which looked to be to the service but of course was not. The .SCR file would look convincing to someone not experienced - it presented a PDF icon within Windows Explorer.

As of this writing the virus file link is still up there on the internet but I'm hesitant to link to it here for safety's sake. It's hosted on a server in Argentina on a network operated by one of that country's cable TV operators. The email itself originated from servers in France. I report these things to the network supplier of the originating email and of the destination target via my account at Spamcop; at the time of the email dispatch it wasn't listed in the real time blackhole DNS lists that my mail servers use as part of a weighted algorithm to reject mail before it enters our systems. By now the IP's involved will have been flagged but the people behind these schemes can always find another open mail relay or infected client computer to send their crap through.

 

[Rt169Radio]

Hi guys, thanks for replying. Now I have never had a problem running Comodo and MSE together while they protect my computer in real time, and I have never had a problem running manual full scans with both of them until recently. So how come all of sudden I have a problem with manual scans?

 

[VE7WV]

I'm surprised that you didn't have performance problems all along.

Why now? Hard to say for sure, but perhaps an update in the software for one or the other product is behind the apparent change in behaviour. If both have always been set to work in real time, and nothing else has changed, that's the most logical explanation however unsatisfying it might be. You might check to be sure your machine is otherwise fully up to date with Windows Update just in case there are other, not directly related, issues behind all this.

 

[Rt169Radio]

I'm surprised that you didn't have performance problems all along.

Why now? Hard to say for sure, but perhaps an update in the software for one or the other product is behind the apparent change in behaviour. If both have always been set to work in real time, and nothing else has changed, that's the most logical explanation however unsatisfying it might be. You might check to be sure your machine is otherwise fully up to date with Windows Update just in case there are other, not directly related, issues behind all this.

Yup, I always make sure every needed program installed is up to date and Windows is up to date.

 

[poltergeisty]

By package I was referring to the latest MSE virus definition update. I'd first tried MSE against its then-latest definition file as of when I posted up thread, and at that point, despite the trojan being around awhile, MSE did not detect it.

But neither did the latest from AVG or Comodo. I followed the same procedure with both: installed their latest version; brought each up to date with the latest virus definitions; then checked the zip file and then the contents of the zip file. Neither AVG, Comodo, or MSE detected the file or file within the zip file, and none worked with my browser to block download/save.

After checking out the latest from both Comodo and AVG, I decided to update again MSE's virus definition files (if any updates had yet been published). Then and only then did MSE detect the virus and at that point it detected it even as it was trying to be saved as a download from Chrome.

Chrome itself believed the link was suspect all along and cautioned against download, but it did not know it to be virus laden.

The particular virus is: Win32/Zbot, a password grabber / key logger. It's not a new trojan but must have a slightly different signature this time around.

PWS:Win32/Zbot

Incidentally the virus link was part of a fairly convincing email purporting to be from a service called eFax. It was well done, without the usual grammar and spelling errors that often come along with spam and some trojan-laden emails. It had links to a legitimate service, as well as a link which looked to be to the service but of course was not. The .SCR file would look convincing to someone not experienced - it presented a PDF icon within Windows Explorer.

As of this writing the virus file link is still up there on the internet but I'm hesitant to link to it here for safety's sake. It's hosted on a server in Argentina on a network operated by one of that country's cable TV operators. The email itself originated from servers in France. I report these things to the network supplier of the originating email and of the destination target via my account at Spamcop; at the time of the email dispatch it wasn't listed in the real time blackhole DNS lists that my mail servers use as part of a weighted algorithm to reject mail before it enters our systems. By now the IP's involved will have been flagged but the people behind these schemes can always find another open mail relay or infected client computer to send their crap through.

Try that virus with Avast or Bitdefender. I really would like the sample. I looked for samples on the net but the website is a cluster F and you have to sign up.

 

[gewecke]

UPDATE...

As of the latest MSE update package I just pulled down, MSE does in fact detect the infected ZIP file; better yet it prevents/works with Google Chrome to prevent the file from being downloaded or opened.

All the other packages I tried failed, including AVG which updated and checked immediately before this test.

Suddenly MSE is looking a little better! ;-)

Exactly! MSE does an excellent job, especially when used with CC Cleaner and Auslogics.

 

[VE7WV]

PM sent to you ghosty. Do let us know if any virus checking software you run picks it up. I was a bit surprised to see three strikes in a row from three different packages before success.

 

[k3cfc]

I use this. VIPRE Antivirus Official Support Center | Vipre Antivirus

It has never failed me. i have had this for many years. after all what is your data worth?

 

[poltergeisty]

PM sent to you ghosty. Do let us know if any virus checking software you run picks it up. I was a bit surprised to see three strikes in a row from three different packages before success.

I'm using Bitdefender free edition and this is what I got clicking the link.