Avast caught Win32 cutwail-t in a memory.dmp file from a recent BSOD. Earlier, it found JS:Seeker-gen in a older memory.dmp and there was no way to confirm because they were to large. about 3.5 gigs each. now here’s what scares me about cutwail, taken from threatexpert:
The memory.dmp file is created when your system crashes it contains what is in memory at the time of the crash, which could have contained malware. It could be as large as your memory so may not be allowed to send to the chest without changing the settings.
If you have the tools and experience you can examine this file to help discover why the crash happened, if you don’t have this experience and tools, it is worthless to you. The older the file is the less worth it is also.
If windows were to crash again then it would create a new memory.dmp file if one wasn’t present or replace any existing one. So there really is no downside to deleting this memory.dmp file.
So given these recent BSODs and something being found in the memory.dmp it would be advisable to see if there is anything hidden/undetected on your system that might be injecting this into memory (though avast should alert on loading into memory).
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
By default SAS wouldn’t scan it as it is over 4MB and I don’t know what default sizes apply to MBAM.
RootRepeal is good at what it does anti-rootkit detection, and the memory.dmp file would have nothing to do with any rootkit infection unless that caused a system crash and even then memory.dmp is the messenger rather than the culprit.
None of the aliases for cutwail (a mass email trojan) appear to be directly rootkit related, though some may be protected by rootkit, see below.
Rootkit Functionality
Cutwail’s rootkit functionality appears to prevent registry modifications from being detected by security and monitor programs. It may also monitor a list of running processes. Most variants also hide files and registry entries associated with Cutwail.]Rootkit Functionality
Cutwail’s rootkit functionality appears to prevent registry modifications from being detected by security and monitor programs. It may also monitor a list of running processes. Most variants also hide files and registry entries associated with Cutwail.
Bearing that in mind I would still expect MBAM/SAS to find something in the registry, which as you say they didn’t.
So it wouldn’t hurt to run rootrepeal, though I’m not familiar with its log.