Disinfecting a file is completely "safe" only if the disinfecting process restores the non-infected state of the object completely. That is, not only the virus must be removed from the file, but the original length of the file must be restored exactly, as well as its time and date of last modification, all fields in the header, etc. Sometimes it is necessary to be sure that the file is placed on the same clusters of the disk that it occupied prior to infection. If this is not done, then a program which uses some kind of self-checking or copy protection may stop functioning properly, if at all.



None of the currently available disinfecting programs do all this. For instance, because of the bugs that exist in many viruses, some of the information of the original file is destroyed and cannot be recovered. Other times, it is even impossible to detect that this information has been destroyed and to warn the user. Furthermore, some viruses corrupt information very slightly and in a random way (Nomenklatura, Phoenix), so that it is not even possible to tell which files have been corrupted.



Therefore, it is usually better to replace the infected objects with clean backups, provided you are certain that your backups are uninfected . Back-up systems:

1. If you've downloaded shareware, copy it (preferably as a ZIP or other original archive file) onto your backup medium and do not re-back it up later.

2. If you have purchased commercial software, it's best to create a ZIP (or other) archive from the original diskettes (assuming they're not copy protected) and transfer the archive onto that medium. Again, do not re-back up.

3. If you write your own programs, back up only the latest version of the *source* programs. Depend on recompilation to reproduce the executables.

4. If an executable has been replaced by a new version, then of course you will want to keep a backup of the new version. However, if it has been modified as a result of your having changed configuration information, it seems safer *not* to back up the modified file; you can always re-configure the backup copy later if you have to.

5. Theoretically, source programs could be infected, but until such a virus is discovered, it seems preferable to treat such files as non-executables and back them up whenever you modify them. The same advice is probably appropriate for batch files as well, despite the

fact that a few batch file infectors have been discovered.

Also, while disinfecting some system files, the system files may become inoperable, forcing you to reload your operating system. However, what will you do, live with a virus-infected machine?

well, some anti virus softwares just remove the viruses, and are destroying the CRC ... probably that is why some peolpe say that disinfection is a bad idea... this happened to me when i used norton antivirus (90% of infected files became useless - since that i haven't used nav, and i won't use it)

That is EXCATLY why I run NO anti virus program on my system. With a good firewall and all windows security updates there is NO excuse for getting a computer infected.