Keith Milkove

Quick Scan versus Full Scan

Recommended Posts

I am a new user of Anti-Malware. My computer was infected by a virus and I am using Malwarebtyes to remove it. I found a site on the internet that recommended a detailed procedure for removing a virus that displays the specific symptoms I was observing on my computer. I was instructed to download Malwarebytes' Anti-Malware and run a "Quick Scan". I did so, and 5 infections were identified. I removed these infections and then decided to run a "Full Scan" just to see what would happen. Two additional infections were found. I am concerned that the quick scan failed to find infections that were caught by the full scan. I tried to locate an understandable description summarizing the difference between these two types of scans. A very brief description is offered on the Scan Screen of the Malwarebytes Anti-Malware user interface, but I didn't find ithe explanation adequate. I checked out the help files provided with the Anti-Malware, but no such detail was provided (or at least I couldn't find it...). I have also tried doing some searches in various Malwarebytes forums, but have also come up short. Could some one please provide me with an explanation or refer me to a posting that provides an explanation? I would sincerely appreciate it. Also, I would like to suggest that a brief explanation should be added to the help documentation in the Anti-Malware help documentation.

Thank you,

Keith

Share this post


Link to post
Share on other sites

Hello Keith, and welcome to the forums here at Malwarebytes.org :)

Basically, a quick scan searches in all areas that malware likes to hide. Also, if you run a full scan, some malware has a chance to change itself, so the longer the scan, the longer the malware (if you have this type of malware) has to change.

A full scan will scan everything, and the only thing that a full scan will find that a quick scan will not are already-dead traces of infections that are gone already and items in the system restore area. Items in the system restore area cannot harm your machine unless you use an infected restore point.

Here are some references I found on the forum by Nosirrah, who is the Malwarebytes VP of Research.

Hope this clears things up for you :)

http://forums.malwarebytes.org/index.php?s...ost&p=41633

http://forums.malwarebytes.org/index.php?s...st&p=141646

http://forums.malwarebytes.org/index.php?s...ost&p=83165

check out the 4th paragraph in this post: http://forums.malwarebytes.org/index.php?s...ost&p=45299

http://forums.malwarebytes.org/index.php?s...ost&p=43831

http://forums.malwarebytes.org/index.php?s...ost&p=40769

Any more questions, feel free to post!

As a side note, when replying, please use the "ADD REPLY" button located at the bottom of the page.

Thanks :)

Share this post


Link to post
Share on other sites
Hello Keith, and welcome to the forums here at Malwarebytes.org :)

Basically, a quick scan searches in all areas that malware likes to hide. Also, if you run a full scan, some malware has a chance to change itself, so the longer the scan, the longer the malware (if you have this type of malware) has to change.

A full scan will scan everything, and the only thing that a full scan will find that a quick scan will not are already-dead traces of infections that are gone already and items in the system restore area. Items in the system restore area cannot harm your machine unless you use an infected restore point.

Here are some references I found on the forum by Nosirrah, who is the Malwarebytes VP of Research.

Hope this clears things up for you :)

http://forums.malwarebytes.org/index.php?s...ost&p=41633

http://forums.malwarebytes.org/index.php?s...st&p=141646

http://forums.malwarebytes.org/index.php?s...ost&p=83165

check out the 4th paragraph in this post: http://forums.malwarebytes.org/index.php?s...ost&p=45299

http://forums.malwarebytes.org/index.php?s...ost&p=43831

http://forums.malwarebytes.org/index.php?s...ost&p=40769

Any more questions, feel free to post!

As a side note, when replying, please use the "ADD REPLY" button located at the bottom of the page.

Thanks :)

Share this post


Link to post
Share on other sites

Thank you for answering my question about rapid versus full scans. I reviewed all the links you recommended and they were quite helpful.

Regards,

Keith

Share this post


Link to post
Share on other sites

You are quite welcome Keith!

I'm glad that I was able to help clear things up for you :)

Share this post


Link to post
Share on other sites

Yeah, thanks from me too, MountainTree: I've wondered the same. I've seen it mentioned in this forum that a QuickScan is sufficient and that a FullScan is not recommended. But, for me, this has always begged the obvious questions: What then is a FullScan for and why would Malwarebytes.org include this functionality in their application? Your explanation has helped greatly to "burn off the fog." Thanks also for providing the references from "nosirrah." I see there has been some very spirited exchanges and discussions about QuickScan vs. FullScan. Enough said already. Asked and clearly answered. Thanks again and good day!

Share this post


Link to post
Share on other sites

You're welcome, FutonDog :)

I am not on staff or anything but I'll do my best to answer your question of why a full scan then based on what I have read from staff members on the forum here and my observations.

Basically I think it boils down to that users feel better with a full scan as an option in addition to the quick scan, because AV programs have always had one as well.

Malwarebytes is a very different type of program and does not scan or work the way many other security programs do. A full scan is basically never needed unless you want to remove-already dead traces of an infection or items in system restore, which can also be done by clearing the system restore (after ensuring that you are clean and have made a new, fresh restore point).

So basically a full scan is there for those who want it but it is basically unneeded. Before I came to this forum, I too thought that a full scan was the way to go. I thought to myself, what is a quick scan going to do? So I always used the full scan. But not anymore. I basically only use the full scan if I am beta testing Mbam and it is requested that a full scan be done as part of the testing process.

I hope that this clears things up for you :)

Feel free to correct me anyone if I have written something incorrect here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.