Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: EmeraldPat on January 10, 2007, 03:35:34 PM

Title: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: EmeraldPat on January 10, 2007, 03:35:34 PM
Hi,

Please help.

A recent scan has discovered Win32:Agent-SG [trj] in C:\windows\memory.dmp. 

When I try to send to the chest I’m told ‘Not enough disc space’ even though I have 44.8 GB available.  The file size is 786,000KB.

I’ve deleted the whole file (outside of Avast) then restored a previous back up but it’s still there.

When I check with other AV companies - they don’t recognise the virus.

Tech support sugest (i) boot scan (ii) scan in Safe Mode.  Neither worked.

Window Defender can't find it
 
What should I do next?

Eddie
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: DavidR on January 10, 2007, 04:09:19 PM
1) you can increase the sizes of the chest, Program Settings, Chest.
2) I would personally just delete it as the memory.dmp is of little use to you as it is just an image of your memory after a crash, possibly caused by vitus infection and this is retained in the image.
3) You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html)
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

However as I said the memory.dmp file is a redundant file unless you are using it with a debug program.
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: Vlk on January 10, 2007, 05:53:04 PM
This is most likely a false positive. You can safely delete the file if you want (it contains auxiliary data about your last "blue screen").

Thanks
Vlk
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: DavidR on January 10, 2007, 06:13:54 PM
Thanks Vlk.

@ EmeraldPat
I just thought about my item 3), you can't upload this to either virustotal or jotti as it exceeds the maximum file size, I must have been sleeping as I suggested that ;D
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: EmeraldPat on January 10, 2007, 09:49:33 PM
1) you can increase the sizes of the chest, Program Settings, Chest.
2) I would personally just delete it as the memory.dmp is of little use to you as it is just an image of your memory after a crash, possibly caused by vitus infection and this is retained in the image.
3) You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html)
Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

However as I said the memory.dmp file is a redundant file unless you are using it with a debug program.

DavidR & Vik.

Thanks for the response (DavidR you were right about size)

Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'

Thanks
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: Lisandro on January 10, 2007, 10:12:57 PM
Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'
Can you rephrase? Are you referring to Windows XP System Restore feature?
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: DavidR on January 10, 2007, 10:16:50 PM
The memory.dmp has nothing to do with regeneration, it is just used by techs to try and find why a system crashed, it is a redundant file. It isn't like system restore which can step to a restore point or a last known good setup, etc. memory is cleared on boot anyway and you can't reload this file back into memory.

This is a dead parrot, deceased, shuffled of its mortal coil, gone to meet his maker, this file is no more, useless, without worth, you can safely delete it.
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: EmeraldPat on January 11, 2007, 12:15:50 AM
Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'
Can you rephrase? Are you referring to Windows XP System Restore feature?
Tech,

In my simple jargon, what I meant is 'If needed will XP create.'

However,  reading on & the good support I've had from David & Vik I'm going to delete & sleep easy.

Many thanks to all who have contributed.
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: EmeraldPat on January 11, 2007, 12:16:57 AM
The memory.dmp has nothing to do with regeneration, it is just used by techs to try and find why a system crashed, it is a redundant file. It isn't like system restore which can step to a restore point or a last known good setup, etc. memory is cleared on boot anyway and you can't reload this file back into memory.

This is a dead parrot, deceased, shuffled of its mortal coil, gone to meet his maker, this file is no more, useless, without worth, you can safely delete it.

Thanks again.
Title: Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
Post by: DavidR on January 11, 2007, 01:09:18 AM
No problem, welcome to the forums.

If you have a blue screen the file will be created again, if the file existed at the time of the BSOD it would be replaced.