Hello everybody, I have recently become an External Specialist in the hope of learning as much as possible about this excellent tool. If this is better suited to the External Specialist forum then feel free to move it there
I have a few questions and I don't want to be constantly bugging ScratchyClaws for help(I have read all the help file). Also maybe the answers will help other non-russian speaking members.
1) Is using BC_DeleteFile less safe than the other ways? Should I only use that for really tough malware, like we do for The Avenger? I know they are both similar.
2) How successful are the quarantine and deletion file ways for removing malware? Will they have trouble against infections(any in specific)? Do the staff here start off with quarantine/deletion for files, then try use BC_DeleteFile if it comes back?
3) Can I add in any other files myself from other scans that need to be deleted into the AVZ fix, that don't show up in the HTML file.
For example, DSS/ComboFix often report files that HJT/AVZ won't show, so could I just add in files with this when I know they are there.
and repeat that for others? Will AVZ delete them even if it doesn't detect them in the first place?
4) I assume Registry cleanup after deleting files should be used at the end always? It just deletes the left over registry keys from the files we deleted right?
5) I am currently working on a log that has the Wareout infection, the sign being from a HJT log
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 126.96.36.199 188.8.131.52
I assume I will be able to fix this with AVZ, however how successful will AVZ be? Would there be a good chance that the users internet connection may be damaged?
6) Would the developer(s) or main admins consider becoming a Visiting Consultant at some of the English Speaking Anti-Malware sites and keeping us updated about the tool and future updates?
Anyway, it would be greatly appreciated if any of my questions are answered. I am trying to understand this tool so I can become as good as you all are at it