question regarding avast 8 memory scan options

Discussion in 'other anti-virus software' started by whitestar_999, Apr 4, 2013.

Thread Status:
Not open for further replies.
  1. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
    yesterday someone i know mentioned a weird problem with avast 8.he installed avast 8 & did a quick scan on an infected pc with a flash drive connected.while the scan was going on the running malicious process kept creating infected files in flash drive which were detected immediately by avast but not the running process itself.as far as i know this meant that avast was not scanning the memory but someone else posted that memory scan is enabled by default in quick scan option so what was the problem.
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Memory scan is performed on system startup and is not continuously performed during system runtime. Mostly because of false positives that can and will occur when running memory scan while other apps are running (especially other security programs).
     
  3. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
    but what about the situation where a malicious process is running in memory like i mentioned.if avast could detect the files created by malicious process then why did it failed to detect the running process responsible for continuously creating those files.no matter how i see it this doesn't look good.if an AV can't even figure out a connection between malicious files & the process which is creating them then what's the use of detecting those files.it's like hitting the leaves while leaving out the root.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Apps can't just teleport themselves into memory. Only way they can get there is if they are located on HDD before they go into memory. Thats why memory scan is only done on startup where it may uncover a malware that is trying to hide itself via rootkit mechanisms...
     
  5. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
    but what if the malware is a basic one which runs at startup by using a simple registry entry & is visible in task manager.is avast unable to terminate this malware process(or remove it) without the memory scan at startup option?if no then with what setting & if yes then what would you do using only avast.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    This is no longer true, memory-only malware is not new.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    And how would you get it on the system if it's not through some obscure exploit or via patching/infecting a trusted auto starting app?
     
  8. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    101
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    AFAIK, it's usually through an exploit, but with millions of users not updating software, it doesn't have to be some obscure sophisticated one. The number of exploits in the wild for a vulnerability for which the patch is still in development is also increasing.
     
Loading...
Thread Status:
Not open for further replies.