I see entries in Scan reports that look like this:

[176] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning

[180] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning

[580] VM_10001000 -> Adware.NaviPromo : Error during cleaning

Can you tell me what the numbers between brackets mean?

I guessed they are the PID for the process, but would like to know for sure.

TIA,

Pieter

{QUOTE-> Can you tell me what the numbers between brackets mean? <-QUOTE}Hey Pieter,

While you await the Ewido experts....I am of the opinion that the numbers between brackets are associated with the PID.

Hi Bubba, :)

I reached the same conclusion, but I would like to have it confirmed.
(+ suck up any extra info they would be willing to provide) ;D

Thanks,

Pieter

Hey Pieter,

How Bubba and you already expected this is the Process ID of the process where the memory currently is scanned belongs to.

If ewido anti-malware has problems removing a threat ( which is active in memory ) it can be very helpful if you go into safe mode and scan there again.

In case of trojan.agent.uj you should execute first of all a memory scan in safemode and save a scan report ( To have the PIDs of it )
Then go to ananlysis->processes and select the infected entries one by one and click on 'Terminate process'

This will kill the process, but watchout if the threat is in WinLogon.exe or csrss.exe. If you kill that process your pc will reboot!

After removing the threats from memory execute a complete system scan.

BR
Vinzenz

Thanks Vinzenz :thumb: