Author Topic: virus found sometimes in memory  (Read 6376 times)

0 Members and 1 Guest are viewing this topic.

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #15 on: January 29, 2011, 12:05:35 PM »
@Tech

Here is the link to virustotal.  I just noticed the comments in virustotal from 5 days ago:
"Added to %user% startup when machine infeceted wiht Bredolab bot virus." and someone else also mentions avast catches it in memory scan.

http://www.virustotal.com/file-scan/report.html?id=5fb24fc7916a6e6b3be7d84cb1684215b266cd1495575c2e5672b8447932e5b1-1296298358

@Davidr

ctfmon.exe is a file in windows/system32, so I'm not sure what you mean by "it's not a physical file"?

I guess what you're saying is all 3 scans mentioned check memory in different ways?  If that's true, and the user's comment is correct, then it seems it might be good to run all 3 scans, since only the custom scan caught it?

Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: virus found sometimes in memory
« Reply #16 on: January 29, 2011, 01:18:49 PM »
Does the detection continue to happen?
Seems a false positive...
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84792
  • No support PMs thanks
Re: virus found sometimes in memory
« Reply #17 on: January 29, 2011, 03:44:25 PM »
<snip>
@Davidr

ctfmon.exe is a file in windows/system32, so I'm not sure what you mean by "it's not a physical file"?

I guess what you're saying is all 3 scans mentioned check memory in different ways?  If that's true, and the user's comment is correct, then it seems it might be good to run all 3 scans, since only the custom scan caught it?

Thanks.

It isn't alerting on ctfmon.exe, which would be why a) avast didn't alert on the file in its original windows/system32 location and b) why VT scan should come up clean, for some reason the VT link you gave doesn't work.

This detection is on a memory block that the ctfmon.exe process loaded into memory, that is a memory block and isn't a physical file.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #18 on: February 01, 2011, 02:38:18 AM »
@Tech
As I mentioned in my post, it happens every time.  Do you have any comment about the virustotal user comments?  You did ask for a link to VT.

@DavidR
Perhaps you could try the link again?  It works for me.  You responded to my first question, perhaps you missed the second:

"I guess what you're saying is all 3 scans mentioned check memory in different ways?  If that's true, and the user's comment is correct, then it seems it might be good to run all 3 scans, since only the custom scan caught it?"

Thanks.

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #19 on: February 04, 2011, 03:09:22 AM »
Anyone in this forum able to respond and answer the question?

Seems Tech and/or DavidR either lost interest or are unable to continue.

Is tehre any creedence to the user comment on Virustotal that it might be a virus, and also why the 3 scans that Avast does seem to have different behaviours as far as catching the virus.

Thanks.

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #20 on: February 08, 2011, 02:51:04 AM »
Nobody can answer a simple question about the different avast scan types?  Good grief.  Very strange behaviour... start to answer and then leave the user hanging.

I'll try again... why one type of memory scan seems to catch a virus but the other types do not, yet the recommendation is that they're not really needed?

Thanks.

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #21 on: February 12, 2011, 04:07:56 AM »
Ok trying again...

Is there any reason why the different Avast scans report different results?

Should I be reporting this somewhere as a false positive? (if it is false, that is)

How to stop this from happening?

Thanks.


Offline CraigB

  • Avast √úberevangelist
  • Serious Graphoman
  • *****
  • Posts: 11086
  • No support PM's thanks
Re: virus found sometimes in memory
« Reply #22 on: February 12, 2011, 06:04:32 AM »
The custom scan run's deeper than the others so that is why DavidR previously advised you to turn off the memory scanning part of custom scan or you can stick to running the normal full scan which is sufficient.

Offline frankey999

  • Jr. Member
  • **
  • Posts: 39
Re: virus found sometimes in memory
« Reply #23 on: February 17, 2011, 02:56:51 AM »
Ok thanks.

I guess the concensus is then that it's a bug in Avast and the custom scan is finding a false positive, so I should just stop that part of the scan.

But what about the other user's comment on Virustotal, that "Added to %user% startup when machine infeceted wiht Bredolab bot virus."  Is that just nonsense?  How would I check that?

Thanks.