Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wvrick1958 on January 17, 2009, 05:31:07 PM

Title: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: wvrick1958 on January 17, 2009, 05:31:07 PM

I scanned last night and Avast found this:
Avast Search and got the following file as being infected.
C:\WINDOWS\MEMORY.DMP  - Win32.Small-XK [trj]
Avast recommended moving to chest, I tryed and it said file too large?  So I deleted the file. I was thinking this is a dump file and ok? I really just need confirmation?

Thanks

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: Eddy on January 17, 2009, 05:47:39 PM

If you have set Windows to do a complete memory dump, then yes it was a dump file.
More information about Windows dump files can be found HERE (http://support.microsoft.com/kb/315263)

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: Lisandro on January 17, 2009, 06:01:44 PM

Yes, it's a memory dump (crash).
It could be a false positive or the malware could have been active in the crash moment.
I suggest a full avast scanning, maybe at boot time.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: wvrick1958 on January 17, 2009, 06:05:23 PM

Thanks, I was worryed that a virus was displaying this message to make the user delete his/her own OS.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: DavidR on January 17, 2009, 06:07:03 PM

This file is created on a system crash, it will be quite large depending on your settings, possibly as large as your memory size. Depending on why the crash occurred it could be possible that a virus was in memory and not that is being detected.

This file is only of use to those with the tools and experience to analyse the memory.dmp file (to try to find the cause of the crash), so unless you have someone you know with the tools and experience then this file is worth very little. The older the file is again its worth is diminished further.

If that file existed when you had another system crash it would be overwritten, if it wasn't there a new one would be created, so it is a win, win situation, with no real downside having deleted it.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: wvrick1958 on January 17, 2009, 10:00:45 PM

Thanks, I was have lots of crashes/restarts last month but I've played around with different AV's and firewalls. I was running a older ver of ZA and after coming back to Avast and Sunbelt PFW thing are smooth again.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: igor on January 17, 2009, 10:04:31 PM

It's also possible that the crash occurred when another AV was running - and it's decrypted virus signatures got dumped from memory to disk.
In any case, it's safe to delete the file.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: DavidR on January 17, 2009, 10:12:12 PM

Quote from: wvrick1958 on January 17, 2009, 10:00:45 PM

Thanks, I was have lots of crashes/restarts last month but I've played around with different AV's and firewalls. I was running a older ver of ZA and after coming back to Avast and Sunbelt PFW thing are smooth again.

You're welcome.

Title: Re: 4.8 Home scan shows C:\WINDOWS\MEMORY.DMP - Win32.Small-XK [trj]
Post by: wvrick1958 on January 18, 2009, 12:40:12 AM

 :D

Thanks to everyone here for responding.
~R