Hi malware fighters,
Testing it,
Sometimes threats may potentially slip under the radar of conventional malware scanners by engaging in stealth techniques to hide their presence on a PC. Often, in such a scenario, the original threat file is encrypted with polymorphic encryptors which rely on anti-debugging and anti-emulation techniques, presenting a challenging task for malware scanners attempting to detect it. Such techniques are used by threat families including Citwail/Pandex/DieHard, Storm, Mailbot/Rustock and some others.
However, when such a threat is loaded in memory, it needs to decrypt its own malicious code, completely or partially, or it is unable to run. This is where TEMS comes in; by using advanced techniques it is able to detect traces of these threats in memory and alert you of their existence.
ThreatExpert Memory Scanner provides detection of threats that are already active on a client’s computer system. It does NOT provide you with any ongoing protection and does it replace conventional anti-virus or anti-spyware products. It is an additional tool, and can be run in case one suspects malcode to have landed on the computer...
Get it here:
http://www.threatexpert.com/memoryscanner.aspxReports look like this:Scan details:
Scan started: Sunday, October 18, 2009 23:12:31
Scan time: 04 minutes, 44 seconds
Number of memory objects scanned: 7478
processes: 52
modules: 2449
heap pages: 4977
Number of suspicious memory objects detected: 0
Number of malicious memory objects detected: 0
Overall Risk Level: Safe
Summary of the detected threat characteristics:
No suspicious characteristics detected.
Summary of the detected memory objects:
No suspicious memory objects detected.
polonus
