quick scan/full scan

[twopointoh]

Now I know that a quick/threat scan is reccomended over a full/custom scan excepth when you initially install the program, but my question is this. If a quick scan is supposed to scan those areas most COMMONLY infected with malware, and not everything, and malware writers know that most people only run quick scans, what is stopping them from writing new malware to now infect the parts that only the full scans will scan for malware?

[pondus]

If they do it like some antivirus vendors do.... they can send out updates to the scan engine that covers new area

[shadowwar]

Mbam uses linking technology so its pretty tough for an active threat to escape it. For Example It looks for things in memory, then links from there to where it was run from on disk. It also looks at runspots in registry and links to disk and memory from there. ETC. The engine can be dynamic this way and its not just a total hard list of well known spots. Because its dynamic like this it adapts to each machine and threats automatically. This reason is why its best to run it in normal mode so threats may be possibly in memory and it can find them. This is also why a Quick scan will be enough 99% of the time.