Avast WEBforum

Other => Viruses and worms => Topic started by: Lisandro on December 11, 2011, 05:28:41 PM

Title: Google Desktop memory block false positive (?)
Post by: Lisandro on December 11, 2011, 05:28:41 PM

Can you check the Win32:Ransom [Trj] signature that is being flagged for days in the memory blocks of Google Desktop.
Can I discover with "indexed file" (maybe) is the culprit?

Title: Re: Google Desktop memory block false positive (?)
Post by: spg SCOTT on December 11, 2011, 05:33:42 PM

Memory Scan? :P

So, it looks like Desktop has indexed a file that avast doesn't like?

How does it store the indexed content?

Title: Re: Google Desktop memory block false positive (?)
Post by: Lisandro on December 11, 2011, 05:45:53 PM

Quote from: spg SCOTT on December 11, 2011, 05:33:42 PM

How does it store the indexed content?

Extensionless archives into C:\Users\<user>\AppData\Local\Google\Google Desktop

Title: Re: Google Desktop memory block false positive (?)
Post by: spg SCOTT on December 11, 2011, 05:57:17 PM

Hmm...I don't think you could generate an alert via those...since they probably contain the paths to files (or whatever format it uses)

Does it not show up in a scan of the machine? (the actual indexed file).


OR

It could be an alert on the actual desktop process...some detection there, not really sure with memory scans.

Title: Re: Google Desktop memory block false positive (?)
Post by: Asyn on December 11, 2011, 06:05:45 PM

I suggest to just ignore the memory scan detections..! ;)

Title: Re: Google Desktop memory block false positive (?)
Post by: Lisandro on December 11, 2011, 06:08:20 PM

Quote from: spg SCOTT on December 11, 2011, 05:57:17 PM

Does it not show up in a scan of the machine? (the actual indexed file).

No, nothing is shown, just the memory block alert since 30 days ago... It was not corrected as I've thought, so I've posted.