29 replies to this topic

[QuizMaster]

What are the differences between a Quick Scan and a Full Scan besides speed? Should I use a Full Scan to make sure that everything's clean?

[exile360]

The quick scan will find any malware that's active on the system that MBAM is capable of detecting. The only real usefulness of the full scan is detecting the occasional trace that get's missed by the quick scan, and even that's pretty rare. According to one of the developers the quick scan catches 99.9% of the malware that MBAM will detect.

[QuizMaster]

So what extra stuff does the Full Scan do?

[exile360]

All it does is scan more locations on the hard drive(s), thus allowing it to pick up traces it might have otherwise missed, but again, even that's rare because the quick scan is designed to look in all the places malware likes to hide.

[QuizMaster]

Thanks. I'll be using Quick Scan instead for my weekly malware scan.

[exile360]

That's what I do. I think I've only used the full scan once, and it didn't find a thing.

[kimsland]

Sorry to wake up an old thread

But I need some more clarification here

Are you saying that a scan lasting sometimes around 30seconds to a minute or two, will detect all active Malwares (99.9%) on a user's computer?? Running a quick scan?

Incredible, I will need someone's further clarification on this, as I just can't believe it

waiting and hoping for a response...

[AdvancedSetup]

Yes it's true.

[nosirrah]

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

I have never needed the full scan to remove the malware I am researching and have not even run one on any of my research machines this year .

[kimsland]

AdvancedSetup, on Oct 12 2009, 04:45 AM, said:

Yes it's true.

So as an example

If I my machine had 5000 active Malwares in my personal folder C:\kimsland
And all those Malwares were zipped up (or not in the common exe; com; msi dll, type format)
And I had no other active Malwares installed anywhere else (ie Windows was clean)
Would malwarebytes remove all found Malwares on my drive?


Or maybe a better question
Where does Quick Scan actually look? (in its 3 mins of scan)
What further areas does a Full scan look at? (in its hour long scan)

Please note: These questions are of utmost importance to me as I help support on tech forums

[AdvancedSetup]

No they would not be found probably even with a Full Scan. That is more the realm of Anti-Virus.
As for what it does please see above as that was already answered.

[kimsland]

exile360, on Jan 27 2009, 02:17 AM, said:

All it does is scan more locations on the hard drive(s), thus allowing it to pick up traces it might have otherwise missed, but again, even that's rare because the quick scan is designed to look in all the places malware likes to hide.

I see so where malware does not normally reside a "Quick Scan" will not pick up

nosirrah, on Oct 12 2009, 04:46 AM, said:

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

So a "Full Scan" seems to do all other locations ie even a User's personal folder that he uses to store downloaded programs


From what I am reading through this thread, if a member wanted to confirm that Malwarebytes has fully confirmed that no other Malwares exist on a user's computer, then that member should run a "full scan"
Otherwise they are only doing: memory , load points , all heuristic scans, and common Malware residing locations

But when looking at User's computers I notice numerous folder locations (ie not just My Documents or User folders)
Many User's tend to have gigs and gigs of data and programs residing almost anywhere
Actually many Users are also updating to Terabyte Drives because of the mass amount of data and other programs that could be installed just about anywhere.

Even many programs such as Camera software data locations; P2P software; even Games, and really much much more, all can reside in non-common locations. Even my "Games" folder is on its own

In this case should Users be told to run Full Scans ? Or should the whole world be informed to run "Quick scans" as this thread has stated and that has been used for linking reference from Malware removal members

I just want to be exactly clear on this
Should I ever run a Full scan?

[AdvancedSetup]

Every known location where Malware can run and continue to infect you is scanned in a Quick Scan. Having non active Malware in a folder or zip file is of no threat unless you launch it and it's an actual installer for the Malware. Even being Malware but not an installer would still probably be of minimal risk in most cases.

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do. They locate orphaned or non active Malware and remove them as part of their system scans.

[kimsland]

AdvancedSetup, on Oct 12 2009, 05:41 AM, said:

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do.

Well just leaving the Antivirus out of the equation for the moment
And dealing with only Malwarebytes detectable active Malwares

If Quick Scan scans "Every known location" and a full scan is just for "an added feeling"
What is Full scan actually for? And what is the .01 % area exactly
And why is "Full Scan" even listed as an option, if it does... well nothing that you guys have informed me of yet?
Actually, if it does nothing then it should be removed, otherwise User's like me may accidentally run it

[exile360]

There's nothing wrong with running the Full Scan as it does no harm, it just takes longer. I do recall this being addressed once by one of MBAM's developers where they said something to the effect that the Full Scan is there because some users would demand it, based on the idea that MBAM is like every other file scanner out there, which clearly it is not.

In my opinion, the Full Scan option should be removed. If you notice post #9 is from Bruce Harrison, one of MBAM's primary malware researchers and one of the creators of Malwarebytes' detection database. The .01% would be dormant traces, such as those that might be contained within a System Restore point, which should not be disinfected by any scanner as it would likely render the restore point useless. A better method for that type of cleanup would be to disable System Restore, reboot, turn System Restore back on then create a clean restore point. But again, anything in SR would be dormant, not active.

[kimsland]

Thanks for everyone's replies

Next time I have a fully Malwared infected computer, I will run a few "Quick Scans" to eventually confirm no other Malware exists (confirming all removed)
Then after Restart (and remaining offline to the Internet/network) I will run a "full" scan just to see what happens
Note: I am not concerned of System Restore or any other Windows (or Internet browser) "temp" files

If anyone else wants to try this out too, on a machine that is known to be badly infected it would be nice to hear the outcome
As generally Malwares are known to be residing in standard locations on a drive, many tests may need to be run

If the "malware researcher" has also concluded that there is no need for "full" scanning, then I will need to update a few Guides online, as I have always quoted "full scan" not a few minutes (sometimes seconds) Quick Scan

Basically I am still concerned about the exact validity of this, even though MBAM researches have said no need to do it

[yardbird]

Ample explanation has been given regarding the recommendation of the Quick Scan over the Full Scan. The Full Scan is never necessary, paid or free version. That's because the Quick Scan is designed to check all active locations of malware that Malwarebytes' is capable of detecting. This has been stated by many several times, including the developers themselves. MBAM is not a typical file scanner like an AV, it doesn't detect a file based simply on a normal hash check. It uses heuristics for the bulk of its detections, looking for infection patterns that help it to accurately identify active infections.


quoted from 1 of mbam's experts

[Firefox]

Good info there guys....

Now if they ever did away with the full scan, they would have to give us another way of scanning other drives.

[exile360]

Quote

Now if they ever did away with the full scan, they would have to give us another way of scanning other drives.

Unfortunately, because of the way MBAM's heuristics work it's likely not to detect malware on other drives. There's two sides of that sword. It may or may not hit on an infection on a secondary drive, depending on the type of malware and the type of detection MBAM uses on it. That's also the reason MBAM often misses most threats if stored dormant in an innocuous folder, it's designed to find it where it would be if the infection were active on the current system.

[exile360]

@srtools: Not all members have access to that area .