Manualshelf

User guide

ManualsBrandsWincomm ManualsComputer equipmentWEB-6681 Series
51525354555657585960
Quick Heal Total Security 2011
Quick Heal Menus
Quick Heal Technologies (P) Ltd.
56
User Guide
Overview of Alternate Data Streams - ADS
ADS, allows data to be stored in hidden files that are linked to a normal visible file. Streams are not limited in size and there can be
more than one stream linked to a normal file. The primary reason why ADS is a security risk is because streams are almost
completely hidden and represent possibly the closest thing to a perfect hiding spot on a file system - something trojans can and will
take advantage of. Streams can easily be created/written to/read from, allowing any trojan or virus author to take advantage of a
hidden file area.
Scanning Results and Cleaning Rootkits
Quick Heal Anti-Rootkit Scanning
1. Start Quick Heal Anti-Rootkit.
2. In the left side of the main window click on Start Scan.
3. Quick Heal Anti-Rootkit will start scanning your system for suspicious rootkit activity in running Processes, Windows
Registry and Files and Folders.
4. After completing the scan result is displayed in three different tabs that will display hidden items in running Processes,
Windows Registry and Files and Folders.
5. You can now select and take appropriate action against each displayed threat. Like you can terminate the rootkit Process
or rename the rootkit Registry entry or Files.
6. After taking the appropriate action you need to restart your system so that rootkit cleaning take place.
Action to be taken on Scan Results
Process
After scanning Quick Heal Anti-Rootkit will detect and display a list of
hidden Processes. You can select process or process for termination, but
make sure that list of Processes for termination doesn’t include any know
trusted process.
Quick Heal Anti-Rootkit also displays summary of process scanning as
total number of Processes scanned and number of hidden Processes
detected.
Terminating Hidden
Process
After selecting list of Processes for termination click on Terminate button.
If a process is successfully terminated then its PID (Process Identifier)
field will show n/a and process name will be appended by Terminated.
All terminated Processes will be renamed after a restart.
Registry
Similar to process scan Quick Heal Anti-Rootkit will display a list of hidden
Registry keys. You can select keys for renaming, but make sure that list of
keys for renaming doesn’t include any known trusted registry key.
Quick Heal Anti-Rootkit also displays summary of Registry scanning as
total number of items scanned and number of hidden items detected.
Renaming Hidden
Registry Key
After selecting list of keys for renaming click on Rename button.
Renaming operation requires reboot hence Key name will be prefixed by
Rename Queued.