Most common locations (folders) for malware files? (system32?)

Posted on 2006-03-29
Last Modified: 2008-03-10
So far, each time I've encountered a bad virus and made a note of where the files actually were, they were in the system32 folder (for XP).

This is important to me, becuase, believe it or not, I get relatively poor customers who simply cannot afford to  have me sit there for 40 minutes while their PC does an antivirus scan.  And on three occassions now, , I have gotten rid of the immediate (known) virus or spyware problems by doing a selective scan of the system32 folder.

I know it is BAD BUSINESS not to scan the entire HD, and I tell them this, and show them how to finish the procedure in safe mode.

But LET'S JUST PRETEND that you had 10 minutes to find a virus on a computer (WinXP or Win98), using an antivirus program... Okay?

IN THAT SCENARIO -- which folders would you select to scan?  (And if this question is killing you for being foolish -- let's just say it's a PRELIMINARY scan)

(finally - anyone know which folders spybot scans? It can't be doing a full HD scan, it's too fast.)
Question by:dgrrr
    LVL 18

    Expert Comment

    I haven't scanned a computer for viruses in ages, the realtime scanner checking files as accessed and written is they best way to stay virus free.
    LVL 9

    Accepted Solution


    If I had to quickly get rid of a virus I'd scan the WINDOWS folder.

    Most spyware/malware/adware scanners have quick scans which will scan the most common places for viruses to be.

    LVL 3

    Assisted Solution

    If I HAD to restrict it to just a single folder/subfolder I would do the entire windows folder (or winnt depending on OS version).   If your already doing System32 then adding the rest won't add that much but will catch a few more viruses.

    I don't know for sure on spybot, but as a guess I suspect it scans the specific install locations of the spyware/malware it is looking for.
    LVL 9

    Assisted Solution

    rchein >> I don't know for sure on spybot, but as a guess I suspect it scans the specific install locations of the spyware/malware it is looking for.

    Yeah, it's probably got the locations where the spyware/adware/malware installs intself and scans and removed if needed... that's why Spybot S&D is so fast.

    LVL 2

    Assisted Solution

    system32 is probably the root of all evil for viruses, but I have noticed quite a few spyware programs actually creating subfolders of the Program Files folder.  But if you are strictly concerned with viruses and not adware/spyware then I would suggest the entire windows/winnt folder.  
    LVL 1

    Assisted Solution

    C:\Program Files\Common Files is another good location

    Author Comment

    THanks you guys. Good to know that priority is
    No time:

    Some time:
    Windows & PRog files / common

    MOre time:
    the whole HD

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
    I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now