REAL av memory scanner!

Discussion in 'other anti-virus software' started by Firefighter, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Hi everyone! How I can check that an av has real memory scanner that for example DrWeb has but not Kaspersky according to illukka?

    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  2. Godzilla

    Godzilla AV Expert

    Joined:
    Nov 1, 2003
    Posts:
    63
    LOL!

    I doub't that you can test it without memory - isn't it ?
    What a question.... What does EXIST IN THE MEMORY ?
    Right.... Processes and programs. So put up your five fingers and count down and you know how you can test it.
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    There is (as far I am aware) no safe test for memory scanning like the EICAR file. You can might take TrojanSimulator from Magnus Mischel and try to make it "undetectable" (don't want to go into details here). But if I am not totally wrong most av's don't support detection for TrojanSimulator at the moment.

    wizard
     
  4. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
  5. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    someone explained kasperskys memory scanning to me(probably you michael..). it seems that kaspersky scanner,when the option is enabled, dumps the memory contents to a temp file and then scans the contents of it.this happens first when you laucn a scan, but it is not a real memory scanner IMO.. like for example boclean or TH,which have a continuous real time memory scan.. tds does scan memory contents in real time when you launch tds, if you have process memory scan and/or memory mutex scan enabled, but again it is not continuous..
    drweb has a real time memory scan, or so i'm told, and jdong posted @dslreports about avast! having memory scanning capabilities on nt-based systems
    hmm maybe i'll have to give drweb another try.. a hacker friend of mine highly praises it.. he ought to know his stuff, he says it is usually hardest to make trojans undetected by drweb..
    can someone enlighten me?
     
Loading...
Thread Status:
Not open for further replies.