question regarding avast 8 memory scan options

yesterday someone i know mentioned a weird problem with avast 8.he installed avast 8 & did a quick scan on an infected pc with a flash drive connected.while the scan was going on the running malicious process kept creating infected files in flash drive which were detected immediately by avast but not the running process itself.as far as i know this meant that avast was not scanning the memory but someone else posted that memory scan is enabled by default in quick scan option so what was the problem.

 

Memory scan is performed on system startup and is not continuously performed during system runtime. Mostly because of false positives that can and will occur when running memory scan while other apps are running (especially other security programs).

 

but what about the situation where a malicious process is running in memory like i mentioned.if avast could detect the files created by malicious process then why did it failed to detect the running process responsible for continuously creating those files.no matter how i see it this doesn't look good.if an AV can't even figure out a connection between malicious files & the process which is creating them then what's the use of detecting those files.it's like hitting the leaves while leaving out the root.

 

Apps can't just teleport themselves into memory. Only way they can get there is if they are located on HDD before they go into memory. Thats why memory scan is only done on startup where it may uncover a malware that is trying to hide itself via rootkit mechanisms...

 

but what if the malware is a basic one which runs at startup by using a simple registry entry & is visible in task manager.is avast unable to terminate this malware process(or remove it) without the memory scan at startup option?if no then with what setting & if yes then what would you do using only avast.

 

This is no longer true, memory-only malware is not new.

 

And how would you get it on the system if it's not through some obscure exploit or via patching/infecting a trusted auto starting app?

 

http://www.infoworld.com/d/security/java-based-web-attack-installs-hard-detect-malware-in-ram-188960

i just want to know about avast reaction to a simple malware which launch from an exe file using a registry entry at startup & clearly visible in task manager not some sophisticated only-in-ram malware.

 

AFAIK, it's usually through an exploit, but with millions of users not updating software, it doesn't have to be some obscure sophisticated one. The number of exploits in the wild for a vulnerability for which the patch is still in development is also increasing.