Multiple malware in Physical memory?

Viruses and worms
1

I used Avast! External Control and use the Scan Physical Memory (Thorough) and it detected a few malwares during the scan and the scanner crashed. I also did the same scan with the External Control on my other Laptop and it also detected multiple malware called VBS:Scano [Drp] one of the areas that was infected was:

Process 1828, memory block 0x01D30000, block size 2064384

2

It’s a false alarm in the current VPS - will be fixed soon.

3

In my installation of ADNM, the “action” taken on this was: file marked for deletion on next system start. I’m not sure what this means, since the virus was detected in a running process – there’s no indication of what file was marked for deletion, if any.

Any way to find out what file was marked for deletion? I’d like to make sure that it wasn’t actually deleted.

4

If it was the memory block that was detected, then nothing was deleted.

5

I’m using ADNM and the only details I get are “Name of file”, the name of the virus, “Operation”, and “Time”. The name of the file always looks something like this:

[computer name]*PROCESS\6c0\2a60000\1f8000

Does this indicate that the “memory block” was detected, and not a file? I’m assuming that “*PROCESS” indicates a running process – but most, if not all, running processes correspond to an underlying file. It would make sense that “file marked for deletion on next system start” would refer to the file that underlies the running process. Can I be sure that nothing was in fact deleted?

Would this post be better placed in the ADNM forum?

6

Yes, this is a memory block of a running process, so nothing was deleted.
You are right that there’s an underlying file, but avast! doesn’t scan it here - if it were, it would show the filename, not *\PROCESS.…

7

Please be aware that avast! External Control Thorough Memory scan may produce false positives and it might even crash during scan. It’s not really an official feature, though it’s supported by scanner.

8

Why exactly should it crash during the scan?

9

Donno, it happened few times. Mostly if you haven’t closed all running programs.