cannot clear viruses

Hi. I am new to this, I hope I have posted in the right area.

I started sending spam emails unknown to everyone. I done a virus check and it detected quite a few things and I cleaned them up. However, each time I run it, I still get 53 infections listed below. Avast doesn’t let me do anything with them, clean, repair, delete, quarantine. These are in the memory. Virus contained in files and registry etc have been cleaned. I thought about doing a boot time scan but this doesn’t pick up the infections. I am guessing boot time scan doesn’t check memory. If it does, how, as I cannot see the option for this.

I have installed other antivirus, spyware, adware, malware packages and it is only avast detecting them. What can I do?

Thanks,

Darren.

  • avast! Scan Report
  • This file is generated automatically
  • Scan name: Unnamed scan
  • Started on: Tuesday, March 22, 2011 11:00:42 AM
  • VPS: 110322-0, 22/03/2011

Process 1184 [msmpeng.exe], memory block 0x00000000050D0000, block size 262144 [L] BV:FormatC-E [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005190000, block size 262144 [L] NSIS:Agent-Q [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005210000, block size 262144 [L] HTML:IFrame-AZ [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000052D0000, block size 262144 [L] Win32:Gremo (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005350000, block size 262144 [L] Win32:DCom-AA [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005390000, block size 262144 [L] Win32:PcClient-OD [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000053D0000, block size 262144 [L] HTML:CVE-2006-4868 [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005450000, block size 262144 [L] JS:Agent-BM [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005610000, block size 262144 [L] JS:Downloader-AT [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005650000, block size 262144 [L] JS:ShellCode-EG [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005710000, block size 262144 [L] HTML:Script-inf (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005820000, block size 262144 [L] JS:Agent-CA [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000058A0000, block size 262144 [L] JS:Linker-A [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005A60000, block size 262144 [L] JS:Downloader-AT [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005EA0000, block size 262144 [L] Win32:Delf-FIZ [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005F20000, block size 262144 [L] INF:AutoRun-AX [Wrm] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005FA0000, block size 262144 [L] HTML:IFrame-BZ [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000005FE0000, block size 262144 [L] Win32:Banload-DTH [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006020000, block size 262144 [L] JS:Agent-CB [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000060E0000, block size 262144 [L] JS:Agent-CA [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006160000, block size 262144 [L] Win32:Agent-SG [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006260000, block size 262144 [L] Win32:Agent-WOT [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000062A0000, block size 262144 [L] JS:Redirector-F [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006360000, block size 262144 [L] Win32:Frauder-BB [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006420000, block size 262144 [L] BV:AutoRun-E [Wrm] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006520000, block size 262144 [L] HTML:Fubalca-C [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000065A0000, block size 262144 [L] BV:AutoRun-H [Wrm] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000065E0000, block size 262144 [L] Win32:Banload-GGV [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000006620000, block size 262144 [L] JS:CVE-2009-0075-C [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000066B0000, block size 262144 [L] INF:AutoRun-AA [Wrm] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007030000, block size 262144 [L] HTML:Iframe-inf (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007630000, block size 262144 [L] PHP:C99Shell-G [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x00000000076B0000, block size 262144 [L] HTML:Script-inf (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007750000, block size 262144 [L] HTML:Iframe-inf (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007790000, block size 262144 [L] JS:Kroxxu-R [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007890000, block size 262144 [L] HTML:Iframe-inf (0)
Process 1184 [msmpeng.exe], memory block 0x00000000078D0000, block size 262144 [L] JS:Jaderun-A [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007950000, block size 262144 [L] JS:Pdfka-UE [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007A40000, block size 262144 [L] JS:Pdfka-AKD [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007CC0000, block size 262144 [L] JS:ADODB-CA [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007D40000, block size 262144 [L] SFX:QHost-A [Drp] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007DC0000, block size 262144 [L] Win32:Perflogger-CG [PUP] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007E40000, block size 262144 [L] HTML:Script-inf (0)
Process 1184 [msmpeng.exe], memory block 0x0000000007EC0000, block size 262144 [L] JS:ADODB-BY [Expl] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000008000000, block size 348160 [L] HTML:IFrame-HW [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000008060000, block size 1478656 [L] Win32:Small-HUF [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x0000000008410000, block size 262144 [L] Win32:VB-EIJ [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000A300000, block size 262144 [L] Win32:FakeAV-ANO [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000A510000, block size 262144 [L] Win32:Zango-AG [PUP] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000A630000, block size 262144 [L] Win32:FraudLoad-P [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000A6B0000, block size 262144 [L] Win32:Small-XK [Trj] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000A6F0000, block size 262144 [L] NSIS:Bignetdaddy [Adw] (0)
Process 1184 [msmpeng.exe], memory block 0x000000000AA40000, block size 262144 [L] Bleah-D (0)
Infected files: 53
Total files: 276093
Total folders: 1
Total size: 97.9 GB

  • Scan stopped: 22 March 2011 11:56:44
  • Run-time was 56 minute(s), 2 second(s)

Don’t worry, these are signatures, that WD loads unecrypted into memory. :wink:
asyn

msmpeng.exe belongs to Windows Defender. What type of scan are you running? (Whatever, I’d recommend to disable WD and check again, the “issue” should be gone).

This happens bc you are doing a custom scan and have selected “scan memory” and as already mentioned detecting windows defender signatures in memory.

I recomend using the default quick/full scan with default settings

Or remove the Memory Scan from your custom scan or down grade it to one of the lesser thorough memory scans, see image red box-out.

ok guys thanks for the replies. Because I had so many viruses, I set avast to full sensitivity, checking all files, memory, unpacking all files etc. So there is nothing to worry about then. I dont quite understand what they are. Are these traces of old viruses I have had?

  1. Right.
  2. See Reply #1 :wink:
  3. No.

It has been already explained that those are unencrypted Windows Defender virus definitions in memory.

You’re welcome.

As has been said, Windows Defender (WD) has loaded its unencrypted virus signatures into memory and you have asked avast to do a thorough scan of memory, looking for viruses and it is looking for specific signatures (and it found them).

WD loads these virus signatures into memory because it is quicker to check against memory than it is to check against the Hard Disk when searching for viruses. The problem being other security software scanning memory is going to find them because they aren’t encrypted (which would slow things as they would also need decrypted).

Setting to full sensitivity isn’t necessarily going to increase your protection, especially on an on-demand scan as in effect it is scanning files that would otherwise be inert or dormant. That is the whole purpose of the resident, on-access scanners to scan files before they are created, modified, opened or run, etc.

It is in the resident Shields that sensitivity could be bumped up (rather than in on-demand scans), but again you have to take care as increasing heuristic sensitivity could well flag files that are good but suspect. PUPs (Potentially Unwanted Program) for instance and the alert is more likely to cause you anxiety than the actual file itself.