evik 0 Posted June 20, 2014 Posted June 20, 2014 (edited) Hi. Does not work Advanced Memory Scanner 100%! ESS 7.0.317.4 Virus signature database: 9973P (20140620) Rapid Response module: 4279 (20140620) Update module: 1051 (20140409) Antivirus and antispyware scanner module: 1431 (20140619) Advanced heuristics module: 1151 (20140609) Archive support module: 1203 (20140528) Cleaner module: 1094 (20140530) Anti-Stealth support module: 1060 (20140514) Personal firewall module: 1212 (20140609) Antispam module: 1027 (20131119) ESET SysInspector module: 1241 (20140410) Real-time file system protection module: 1009 (20130301) Translation support module: 1225 (20140617) HIPS support module: 1133 (20140606) Internet protection module: 1130 (20140605) Web content filter module: 1033 (20140219) Advanced antispam module: 1739P (20140620) Database module: 1058 (20140319) Edited June 20, 2014 by evik
ESET Moderators Peter Randziak 1,178 Posted June 20, 2014 ESET Moderators Posted June 20, 2014 Hello Evik, could you please provide us with more info what exactly is not working and also provide us with steps how to reproduce the issue.
evik 0 Posted June 20, 2014 Author Posted June 20, 2014 With these modules does not catch Trojans in RAM. reproduced accurately with these modules
SweX 871 Posted June 20, 2014 Posted June 20, 2014 I don't know exactly how AMS works, only that it is sort of an eagle eye checking behaviors and stuff. But I don't think one can say that it doesn't work at all only because it doesn't catch a Trojan. Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen the protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation or/and encryption. This causes problems with unpacking and might pose a challenge to bypass for ordinary anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective infection prevention even from heavily obfuscated malware.
Administrators Marcos 5,408 Posted June 20, 2014 Administrators Posted June 20, 2014 Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.
Arakasi 549 Posted June 20, 2014 Posted June 20, 2014 With these modules does not catch Trojans in RAM. reproduced accurately with these modules Screenshot , or it didn't happen.
evik 0 Posted June 21, 2014 Author Posted June 21, 2014 Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.does not work Advanced Memory Scanner - 100%!!! I ran the Trojans. who detected RAM!
evik 0 Posted June 21, 2014 Author Posted June 21, 2014 (edited) Regular update: Antivirus and antispyware scanner module: 1430 (20140619) 21.06.2014 14:52:54 Advanced Memory Scanner file Operating memory » rdpclip.exe(1120) a variant of Win32/Spy.Zbot.ZR trojan cleaned - contained infected files 21.06.2014 15:08:32 Advanced Memory Scanner file Operating memory » C:\Documents and Settings\XPMUser\Рабочий стол\flash_player_update.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined 21.06.2014 14:50:08 Advanced Memory Scanner file Operating memory » vip.exe(3188) a variant of Win32/Packed.ZipMonster.F suspicious application cleaned - contained infected files ------ Pre-release update: does not work Advanced Memory Scanner - 100%!!! Virus signature database: 9977P (20140621) Rapid Response module: 4283 (20140621) Update module: 1051 (20140409) Antivirus and antispyware scanner module: 1431 (20140619) Advanced heuristics module: 1151 (20140609) Archive support module: 1203 (20140528) Cleaner module: 1094 (20140530) Anti-Stealth support module: 1060 (20140514) Personal firewall module: 1212 (20140609) Antispam module: 1027 (20131119) ESET SysInspector module: 1241 (20140410) Real-time file system protection module: 1009 (20130301) Translation support module: 1225 (20140617) HIPS support module: 1133 (20140606) Internet protection module: 1130 (20140605) Web content filter module: 1033 (20140219) Advanced antispam module: 1740P (20140620) Database module: 1058 (20140319) Edited June 21, 2014 by evik
Administrators Marcos 5,408 Posted June 21, 2014 Administrators Posted June 21, 2014 Thank you for clarification, we are looking into it and will keep you updated about our findings.
SweX 871 Posted June 21, 2014 Posted June 21, 2014 Oh right, so it is the pre-release module that is the issue.
Administrators Marcos 5,408 Posted June 22, 2014 Administrators Posted June 22, 2014 We've released a fix on pre-release servers. Could you please run manual update with pre-release update selected and try to reproduce the issue again?
Solution evik 0 Posted June 23, 2014 Author Solution Posted June 23, 2014 works 23.06.2014 19:49:25 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\player.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined 23.06.2014 19:46:43 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\xxx_video33445566433.exe a variant of Win32/LockScreen.AGD trojan cleaned - quarantined
Administrators Marcos 5,408 Posted June 24, 2014 Administrators Posted June 24, 2014 Thank you for reporting the problem and confirming that the fix worked.
Recommended Posts