VM_00DA0000

Discussion in 'ewido anti-spyware forum' started by chiawaikian, Dec 18, 2006.

Thread Status:
Not open for further replies.
  1. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    Hello all. :)

    In an AVG-AS scan report, I sometimes see some entries like this:
    May I ask where is the exact location this infection is at?




    Merry Christmas,
    Chia
     
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Update the AVG AntiSpyware and scan again. You should scan your System also in safe-mode of Windows.
    Still removal problems, then scan your System with an Anti-Rootkit Scanner:
    http://www.softpedia.com/get/Antivirus/AVG-Anti-Rootkit.shtml

    EDIT:
    There is no full path information because the threat is loaded in the virtual memory space of a running process.
     
    Last edited: Dec 19, 2006
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The threat is in 'memory' but you can look in AVG-AS's analysis section to find out what Process is involved. The number in square brackets is the PID which will appear in the Processes tab. If the object doesn't clean, it is sometimes possible to terminate the process and then get AVG-AS to clean it. Unfortunately, where the threat is a .dll trojan loaded into an important system file it may not be possible to terminate the process because to do so would BSOD you.
     
Thread Status:
Not open for further replies.