No announcement yet.

12 Trojans in Memory, all imf.exe

  • Filter
  • Time
  • Show
Clear All
new posts

  • 12 Trojans in Memory, all imf.exe

    Hi there just did a full scan with Avast Anti-virus including memory and it came up with this. Are they false positives? Also I am unable to make any actions to repair, move to chest or delete. They all have the same details except the threat and memory location.

    Filename: Process 3640 [imf.exe], memory block 0x0000000002780000, block size 1310720
    Severity: High
    Threat: HTML:Agent-B [Trj]

    Memory Block: 6BF0000
    Threat: Win32-Patched-SV [Trj]

    Memory Block: 6D50000
    Threat: HTML:Agent-B [Trj]

    Memory Block: 8AB0000
    Threat: HTML:Agent-B [Trj]

    Memory Block: B710000
    Threat: HTML:Agent-B [Trj]

    Memory Block: C940000
    Threat: HTML:Agent-B [Trj]

    Memory Block: D2B0000
    Threat: Win32:Patched-LH [Trj]

    Memory Block: D710000
    Threat: Win32:Crypt-FND [Trj]

    Memory Block: DD50000
    Threat: HTML:Agent-B [Trj]

    Memory Block: DE90000
    Threat: Win32:Sadenav-D [Trj]

    Memory Block: DFD0000
    Threat: HTML:Agent-B [Trj]

    Memory Block: F190000
    Threat: Win32:Patched-SV [Trj]

    Any help would be greatly appreciated.

  • #2
    Not a problem.

    I use Avast AIS and IMF. I have seen these messages too.

    The reason that they come up is when IMF is running it has unencrypted virus definitions loaded into memory. Avast detects them as viruses. They are not. I do not believe that there is a way to exclude them from showing up in an Avast scan that includes scanning the Memory. So the only way to exclude them from scans is to exclude Memory from a scan. I have done this with my regular/custom scans and created a Memory only scan that runs in about 2 minutes. I run in once in a while but so far have not noticed any real viruses in memory, thank goodness.
    "640K ought to be enough for anybody."
    Bill Gates