Author Topic: Win32:Agent-SG [trj] in C:\windows\memory.dmp  (Read 4110 times)

0 Members and 1 Guest are viewing this topic.

EmeraldPat

  • Guest
Win32:Agent-SG [trj] in C:\windows\memory.dmp
« on: January 10, 2007, 03:35:34 PM »
Hi,

Please help.

A recent scan has discovered Win32:Agent-SG [trj] in C:\windows\memory.dmp. 

When I try to send to the chest I’m told ‘Not enough disc space’ even though I have 44.8 GB available.  The file size is 786,000KB.

I’ve deleted the whole file (outside of Avast) then restored a previous back up but it’s still there.

When I check with other AV companies - they don’t recognise the virus.

Tech support sugest (i) boot scan (ii) scan in Safe Mode.  Neither worked.

Window Defender can't find it
 
What should I do next?

Eddie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #1 on: January 10, 2007, 04:09:19 PM »
1) you can increase the sizes of the chest, Program Settings, Chest.
2) I would personally just delete it as the memory.dmp is of little use to you as it is just an image of your memory after a crash, possibly caused by vitus infection and this is retained in the image.
3) You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

However as I said the memory.dmp file is a redundant file unless you are using it with a debug program.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #2 on: January 10, 2007, 05:53:04 PM »
This is most likely a false positive. You can safely delete the file if you want (it contains auxiliary data about your last "blue screen").

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #3 on: January 10, 2007, 06:13:54 PM »
Thanks Vlk.

@ EmeraldPat
I just thought about my item 3), you can't upload this to either virustotal or jotti as it exceeds the maximum file size, I must have been sleeping as I suggested that ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

EmeraldPat

  • Guest
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #4 on: January 10, 2007, 09:49:33 PM »
1) you can increase the sizes of the chest, Program Settings, Chest.
2) I would personally just delete it as the memory.dmp is of little use to you as it is just an image of your memory after a crash, possibly caused by vitus infection and this is retained in the image.
3) You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

However as I said the memory.dmp file is a redundant file unless you are using it with a debug program.

DavidR & Vik.

Thanks for the response (DavidR you were right about size)

Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'

Thanks

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #5 on: January 10, 2007, 10:12:57 PM »
Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'
Can you rephrase? Are you referring to Windows XP System Restore feature?
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #6 on: January 10, 2007, 10:16:50 PM »
The memory.dmp has nothing to do with regeneration, it is just used by techs to try and find why a system crashed, it is a redundant file. It isn't like system restore which can step to a restore point or a last known good setup, etc. memory is cleared on boot anyway and you can't reload this file back into memory.

This is a dead parrot, deceased, shuffled of its mortal coil, gone to meet his maker, this file is no more, useless, without worth, you can safely delete it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

EmeraldPat

  • Guest
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #7 on: January 11, 2007, 12:15:50 AM »
Last question 'When I delete, will my XP Pro regenerate should it ever be needed?'
Can you rephrase? Are you referring to Windows XP System Restore feature?
Tech,

In my simple jargon, what I meant is 'If needed will XP create.'

However,  reading on & the good support I've had from David & Vik I'm going to delete & sleep easy.

Many thanks to all who have contributed.

EmeraldPat

  • Guest
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #8 on: January 11, 2007, 12:16:57 AM »
The memory.dmp has nothing to do with regeneration, it is just used by techs to try and find why a system crashed, it is a redundant file. It isn't like system restore which can step to a restore point or a last known good setup, etc. memory is cleared on boot anyway and you can't reload this file back into memory.

This is a dead parrot, deceased, shuffled of its mortal coil, gone to meet his maker, this file is no more, useless, without worth, you can safely delete it.

Thanks again.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: Win32:Agent-SG [trj] in C:\windows\memory.dmp
« Reply #9 on: January 11, 2007, 01:09:18 AM »
No problem, welcome to the forums.

If you have a blue screen the file will be created again, if the file existed at the time of the BSOD it would be replaced.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security