Win32:Adloader-JQ

Viruses and worms
1

Thorough scan found infected file MEMORY.DMP in C:\Windows with virus Win32:Adloader-JQ[trj]. Does someone have any information on this? It was recommended to move to chest so that is what I did. What does move to chest do?

I have Windows Vista Home Premium.

Any information is appreciated.

2

“Move to chest” puts the malware file(s) in quarantine where they can not harm your computer.

3

Hi azuser,

Our moto is check and re-check. Consider the information also that I have found to reside here:
http://www.computing.net/userinfo/136140
Scan the file in question through virustotal.com and give us the results, as the infection was found in the file here: MEMORY.DMP, it could well be avast found this changed the next time (could have been a BSOD) and false flagged it, at least make sure, in the chest do not delete if you have to restore it,

polonus

4

Save yourself the grief and just delete it:

The memory.dmp file is created when your system crashes it contains what is in memory at the time of the crash, which could have contained malware. It could be as large as your memory so may not be allowed to send to the chest without changing the settings.

If you have the tools and experience you can examine this file to help discover why the crash happened, if you don’t have this experience and tools, it is worthless to you. The older the file is the less worth it is also.

If windows were to crash again then it would create a new memory.dmp file if one wasn’t present or replace any existing one. So there really is no downside to deleting this memory.dmp file.

5

Hi DavidR,

Still leaving the fact that it is a FP, avast found that file changed and did not know what else to do and flag what came nearest in detection.
If these are the remnants of a crash he may delete according to you, and I think you cannot hold anything against that if these are the facts, but this is not associated with Win32:Adloader-JQ,

polonus

6

It may not be a FP, I haven’t said that, but it makes no difference as it is effectively a redundant file.

They aren’t remnants of a crash but the contents of memory at the time of the crash and that may or may not have had a piece malware running inside, it may even have caused the crash, but this is all historical and the older the file is the less worth it has.

One way or the other it can’t be left there, it is likely to be a) too big to send to the chest without adjusting the maximum size file to send, b) it is likely to be too large to upload to virustotal, c) it may be too may even be too large to contemplate uploading it to avast for further analysis. All this leads me to only one conclusion, delete it, as it can’t really be further investigated and its deletion won’t harm the system.