Author Topic: Avast! Memory scan finds viruses?  (Read 2893 times)

Offline Jokersvirus

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Avast! Memory scan finds viruses?
« on: December 22, 2011, 11:19:43 PM »
I did a custom scan where I included memory to be scanned and it keeps telling me all 13 of the Svchost.exe are viruses. I scanned the folder where that exe is located and there is no sign of a virus. So does anyone have any idea?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21658
  • Gender: Male
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #1 on: December 22, 2011, 11:21:54 PM »
DO NOT use the "scan memory" setting as this will give some strange scan results..
dont change the scan settings if you do not know the result...use default settings

and since you are not the first on to do this you will find lots of cases if you search the forum....
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline avast@ advantage77.com

  • J.R. Guthrie - avast! Rising Star 2010
  • avast! reseller
  • Advanced Poster
  • *
  • Posts: 719
  • Gender: Male
  • avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #2 on: December 22, 2011, 11:36:59 PM »
I am just thinking out load here.  Is it possible that we are detecting malware definitions in RAM?  I have seen this occur when checking the pagefile.  This was due to Windows Defender definitions paged from RAM to the hard disk.
Advantage Micro Corporation
http://www.advantage77.com
520-290-0595

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21658
  • Gender: Male
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #3 on: December 22, 2011, 11:53:15 PM »
Quote
Is it possible that we are detecting malware definitions in RAM?
That is usually what`s detected if you have other security programs installed and use the "scan memory" setting

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #4 on: December 23, 2011, 02:50:25 AM »
well yes i dont know why people use memory scan as today malware doesnt hide in memory such as rootkits so that scan is useless. :-\

Offline Keith2

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #5 on: December 24, 2011, 03:18:27 AM »
Sorry, disregard the first two replies, operator error, lol, I'm just learning what to do, so if I understand this correctly it is better not to use the "memory" in a custom scan? I am only using the free version which I keep up to date. I also received a warning that I have seven viruses pertaining to "Process 3064[mbamservice.exe]memory block 0x000000000129,block size 2097152 - Severity is High - Status is Threat Win32:Crypt-GCA [trj]", the others are all in the memory block also. I do have Malwarebytes' Pro, so are not really viruses but virus definitions?
« Last Edit: December 24, 2011, 03:48:48 AM by Keith2 »

Offline Gargamel360

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2357
  • Gender: Male
  • Memento Mori
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #6 on: December 24, 2011, 03:53:38 AM »
Sorry, disregard the first two replies, operator error, lol, I'm just learning what to do, so if I understand this correctly it is better not to use the "memory" in a custom scan? I am only using the free version which I keep up to date. I also received a warning that I have seven viruses pertaining to "Process 3064[mbamservice.exe]memory block 0x000000000129,block size 2097152 - Severity is High - Status is Threat Win32:Crypt-GCA [trj]", the others are all in the memory block also. I do have Malwarebytes' Pro, so are not really viruses but virus definitions?
Yes.  Anything tied to MBAM itself (mbamservice) when you scan memory can be ignored.  Same for any other security related things you might have, like Windows Defender.

edit: And just to 3rd the motion, scanning memory is more or less useless.

Moreover, scanning itself with your running AV is highly overrated and overused, jmo, but scanning more than once a week with your resident AV is more than enough, as its scanning all the time anyway, I keep it to once a month.
« Last Edit: December 24, 2011, 03:57:01 AM by Gargamel360 »
Signature?  But I gots no pen....

Offline Keith2

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #7 on: December 24, 2011, 03:59:17 AM »
Thanks for answering. Now I'll finish reading how to properly post and reply to a post, lol. Happy Holidays!!!

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2676
    • Personal Message (Offline)
Re: Avast! Memory scan finds viruses?
« Reply #8 on: December 24, 2011, 04:01:22 AM »
Yes.  Anything tied to MBAM itself (mbamservice) when you scan memory can be ignored.  Same for any other security related things you might have, like Windows Defender.

edit: And just to 3rd the motion, scanning memory is more or less useless.

Moreover, scanning itself with your running AV is highly overrated and overused, jmo, but scanning more than once a week with your resident AV is more than enough, as its scanning all the time anyway, I keep it to once a month.

I would say anything could be a potential malware, but the real point is not exactly to disregard things found in specific locations, but instead DO NOT USE MEMORY SCAN, except when specifically instructed to. And if you do scan memory and you find something, then reboot and use the same scan again but without the memory included in the scan.
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now