Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Memory Block virus can't remove


  • This topic is locked This topic is locked

#1
muhib1996

muhib1996

    Member

  • Member
  • PipPip
  • 91 posts
I use Avast Free Antivirus. Few days ago I made a custom scan for scanning rootkit and auto-start programs. Then Avast found the following virus:

Process 1124 [cmdagent.exe], memory block 0x0000000003340000, block size 2097152 Severity: High Status: Threat: Win32:FakeVimes-B [Trj]

But I can't remove, repair or quarantine the virus as it cannot be accessed (the removal options are disabled). Then I searched Avast Help File and found the following:

Memory detections - If the scan results show a detection in "Process X, memory block Y, Block size Z" it means that a virus signature was not found in a file on disk, but rather in the memory. This may suggest that there is something suspicious in the system memory so it is recommended to run a boot-time scan to check the system before the virus can activate. However, such memory detections can also be caused by running other security programs. avast! may have simply detected the virus signatures used by the other program. In that case, nothing would be detected on disk or during the boot-time scan. The reported "Process ID" should be followed by the name of the process file, which should help identify the specific application.

I don't understand what to do now, actually I can't understand what Avast is telling me to do (though I am expert enough). Please help me to remove this virus.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will not be able to as that is a virus definition held in memory by Comodo and not encrypted. It is not a threat

But the question is why are you running a memory scan as that is a bit over the top for standard use
  • 0

#3
muhib1996

muhib1996

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

You will not be able to as that is a virus definition held in memory by Comodo and not encrypted. It is not a threat

But the question is why are you running a memory scan as that is a bit over the top for standard use


You want to say this is not a virus, I am safe?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope not a virus. Memory scan, as the name suggests, scans all elements in the memory. So if Comodo or MBAM have loaded some virus definitions in memory then they will be detected. As they are in memory there is no file to delete so that option is not available

However, such memory detections can also be caused by running other security programs. avast! may have simply detected the virus signatures used by the other program. In that case, nothing would be detected on disk or during the boot-time scan. The reported "Process ID" should be followed by the name of the process file, which should help identify the specific application in your case this was Comodo
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP