does not work Advanced Memory Scanner

evik · June 20, 2014

Hi.

Does not work Advanced Memory Scanner 100%!

ESS 7.0.317.4

Virus signature database: 9973P (20140620)

Rapid Response module: 4279 (20140620)

Update module: 1051 (20140409)

Antivirus and antispyware scanner module: 1431 (20140619)

Advanced heuristics module: 1151 (20140609)

Archive support module: 1203 (20140528)

Cleaner module: 1094 (20140530)

Anti-Stealth support module: 1060 (20140514)

Personal firewall module: 1212 (20140609)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1241 (20140410)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1225 (20140617)

HIPS support module: 1133 (20140606)

Internet protection module: 1130 (20140605)

Web content filter module: 1033 (20140219)

Advanced antispam module: 1739P (20140620)

Database module: 1058 (20140319)

Edited June 20, 2014 by evik

Peter Randziak · June 20, 2014

Hello Evik,

could you please provide us with more info what exactly is not working and also provide us with steps how to reproduce the issue.

evik · June 20, 2014

With these modules does not catch Trojans in RAM. reproduced accurately with these modules

SweX · June 20, 2014

I don't know exactly how AMS works, only that it is sort of an eagle eye checking behaviors and stuff. But I don't think one can say that it doesn't work at all only because it doesn't catch a Trojan.

Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen the protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation or/and encryption. This causes problems with unpacking and might pose a challenge to bypass for ordinary anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective infection prevention even from heavily obfuscated malware.

Marcos · June 20, 2014

Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.

Arakasi · June 20, 2014

With these modules does not catch Trojans in RAM. reproduced accurately with these modules

Screenshot , or it didn't happen. :rolleyes:

evik · June 21, 2014

Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.

does not work Advanced Memory Scanner - 100%!!! I ran the Trojans. who detected RAM!

evik · June 21, 2014

:blink:

Regular update:

Antivirus and antispyware scanner module: 1430 (20140619)

21.06.2014 14:52:54 Advanced Memory Scanner file Operating memory » rdpclip.exe(1120) a variant of Win32/Spy.Zbot.ZR trojan cleaned - contained infected files

21.06.2014 15:08:32 Advanced Memory Scanner file Operating memory » C:\Documents and Settings\XPMUser\Рабочий стол\flash_player_update.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined

21.06.2014 14:50:08 Advanced Memory Scanner file Operating memory » vip.exe(3188) a variant of Win32/Packed.ZipMonster.F suspicious application cleaned - contained infected files

------

Pre-release update: does not work Advanced Memory Scanner - 100%!!!

Virus signature database: 9977P (20140621)

Rapid Response module: 4283 (20140621)

Update module: 1051 (20140409)

Antivirus and antispyware scanner module: 1431 (20140619)

Advanced heuristics module: 1151 (20140609)

Archive support module: 1203 (20140528)

Cleaner module: 1094 (20140530)

Anti-Stealth support module: 1060 (20140514)

Personal firewall module: 1212 (20140609)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1241 (20140410)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1225 (20140617)

HIPS support module: 1133 (20140606)

Internet protection module: 1130 (20140605)

Web content filter module: 1033 (20140219)

Advanced antispam module: 1740P (20140620)

Database module: 1058 (20140319)

Edited June 21, 2014 by evik

Marcos · June 21, 2014

Thank you for clarification, we are looking into it and will keep you updated about our findings.

SweX · June 21, 2014

Oh right, so it is the pre-release module that is the issue.

Marcos · June 22, 2014

We've released a fix on pre-release servers. Could you please run manual update with pre-release update selected and try to reproduce the issue again?

evik · June 23, 2014

works

23.06.2014 19:49:25 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\player.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined

23.06.2014 19:46:43 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\xxx_video33445566433.exe a variant of Win32/LockScreen.AGD trojan cleaned - quarantined

Arakasi · June 23, 2014

Awesome !

Marcos · June 24, 2014

Thank you for reporting the problem and confirming that the fix worked.

Sign In

does not work Advanced Memory Scanner

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics