Jump to content

Recommended Posts

Posted (edited)

Hi.

Does not work Advanced Memory Scanner 100%! :)

ESS 7.0.317.4

Virus signature database: 9973P (20140620)

Rapid Response module: 4279 (20140620)

Update module: 1051 (20140409)

Antivirus and antispyware scanner module: 1431 (20140619)

Advanced heuristics module: 1151 (20140609)

Archive support module: 1203 (20140528)

Cleaner module: 1094 (20140530)

Anti-Stealth support module: 1060 (20140514)

Personal firewall module: 1212 (20140609)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1241 (20140410)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1225 (20140617)

HIPS support module: 1133 (20140606)

Internet protection module: 1130 (20140605)

Web content filter module: 1033 (20140219)

Advanced antispam module: 1739P (20140620)

Database module: 1058 (20140319)

Edited by evik
  • ESET Moderators
Posted

Hello Evik,

 

could you please provide us with more info what exactly is not working and also provide us with steps how to reproduce the issue.

Posted

With these modules does not catch Trojans in RAM. reproduced accurately with these modules :)

Posted

I don't know exactly how AMS works, only that it is sort of an eagle eye checking behaviors and stuff.  But I don't think one can say that it doesn't work at all only because it doesn't catch a Trojan.

 

Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen the protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation or/and encryption. This causes problems with unpacking and might pose a challenge to bypass for ordinary anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective infection prevention even from heavily obfuscated malware.

 

  • Administrators
Posted

Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.

Posted

With these modules does not catch Trojans in RAM. reproduced accurately with these modules :)

 

Screenshot , or it didn't happen. :rolleyes:

 

Posted

Do you mean that the trojan is detected during an on-demand memory scan but not upon execution by AMS? It definitely works but of course it's not a magic thing that would detect 100% of malware.

does not work Advanced Memory Scanner - 100%!!! I ran the Trojans. who detected RAM! :)
Posted (edited)

:blink:

Regular update:

Antivirus and antispyware scanner module: 1430 (20140619)

21.06.2014 14:52:54 Advanced Memory Scanner file Operating memory » rdpclip.exe(1120) a variant of Win32/Spy.Zbot.ZR trojan cleaned - contained infected files

21.06.2014 15:08:32 Advanced Memory Scanner file Operating memory » C:\Documents and Settings\XPMUser\Рабочий стол\flash_player_update.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined

21.06.2014 14:50:08 Advanced Memory Scanner file Operating memory » vip.exe(3188) a variant of Win32/Packed.ZipMonster.F suspicious application cleaned - contained infected files

------

Pre-release update: does not work Advanced Memory Scanner - 100%!!!

Virus signature database: 9977P (20140621)

Rapid Response module: 4283 (20140621)

Update module: 1051 (20140409)

Antivirus and antispyware scanner module: 1431 (20140619)

Advanced heuristics module: 1151 (20140609)

Archive support module: 1203 (20140528)

Cleaner module: 1094 (20140530)

Anti-Stealth support module: 1060 (20140514)

Personal firewall module: 1212 (20140609)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1241 (20140410)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1225 (20140617)

HIPS support module: 1133 (20140606)

Internet protection module: 1130 (20140605)

Web content filter module: 1033 (20140219)

Advanced antispam module: 1740P (20140620)

Database module: 1058 (20140319)

Edited by evik
  • Administrators
Posted

Thank you for clarification, we are looking into it and will keep you updated about our findings.

Posted

Oh right, so it is the pre-release module that is the issue.   ;)

  • Administrators
Posted

We've released a fix on pre-release servers. Could you please run manual update with pre-release update selected and try to reproduce the issue again?

  • Solution
Posted

works :)

23.06.2014 19:49:25 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\player.exe a variant of Win32/Agent.SFM trojan cleaned - quarantined

23.06.2014 19:46:43 Advanced Memory Scanner file Operating memory » C:\Users\VITALIKEAV\Desktop\xxx_video33445566433.exe a variant of Win32/LockScreen.AGD trojan cleaned - quarantined

  • Administrators
Posted

Thank you for reporting the problem and confirming that the fix worked.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...