Memory Items

AndreiRC
AndreiRC
in Bitdefender 2010 products

Since yesterday, I'm seeing in the BD Deep Scan a very big number of items in the memory section, "memory dump", "full dump", "disk". There are like about 3,000 items.


What's going on? Is this normal? Is there any way clear them out?

Comments

  • AndreiRC
    AndreiRC

    Just to mention that before I didn't have more than 1,000 items in the memory.


    I don't know what happened.


    Perhaps someone can clarify this for me, if it's something wrong or anything.

  • SecurityAdvisor
    SecurityAdvisor

    Is BD finding any malware on your machine?

  • AndreiRC
    AndreiRC

    No, it doesn't find any malware on my computer. I scanned several times.

  • alexcrist
    alexcrist

    Could you please post a scan log?

  • AndreiRC
    AndreiRC

    Of course, here you go.


    Product: BitDefender Antivirus 2010


    Version: BitDefender Antivirus Scanner


    Scanning task: Deep System Scan


    Log date: 03/10/2009 11:58:18 AM


    Log path: C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1254585498_1_00.xml


    Scan paths:


    Path 0000: C:\


    Path 0001: D:\


    Scan Level:


    Scan for viruses: Yes


    Scan for adware: Yes


    Scan for spyware: Yes


    Scan for applications: Yes


    Scan for dialers: Yes


    Scan for rootkits: Yes


    Scan for keyloggers: Yes


    Virus Scanning Options:


    Scan registry keys: Yes


    Scan cookies: Yes


    Scan boot sectors: Yes


    Scan memory processes: Yes


    Scan archives: Yes


    Scan runtime packers: Yes


    Scan e-mails: Yes


    Scan all files: Yes


    Heuristic Scan: Yes


    Scanned extensions: not configured


    Excluded extensions: not configured


    Target Processing:


    Default first action for infected objects: None


    Default second action for infected objects: None


    Default first action for suspect objects : None


    Default second action for suspicious objects: None


    Default action for hidden objects: None


    Default first action for encrypted infected objects: None


    Default second action for encrypted infected objects: None


    Default first action for encrypted suspicious objects: None


    Default second action for encrypted suspicious objects: None


    Default action for password-protected objects: Log only


    Scan Engines Summary


    Virus signatures: 4310866


    Archive plugins: 44


    E-mail plugins: 6


    Scan plugins: 13


    System plugins: 5


    Unpack plugins: 8


    Basic


    Scanned items: 321974


    Infected items: 0 (no infected items have been detected)


    Suspect items: 0 (no suspected items have been detected)


    Hidden items: 0 (no hidden items have been detected during this scan)


    Resolved items: 0 (no threats have been detected during this scan)


    Unresolved items: 0 (no issues remained unresolved)


    Advanced


    Skipped items: 428976


    Password-protected items: 0


    Over-compressed items: 0


    Individual viruses found: 0


    Scanned folders: 29941


    Scanned boot sectors: 3


    Scanned archives: 851


    Input-output errors: 14


    Scanned processes: 135


    Infected processes: 0


    Scanned registry keys: 1145


    Infected registry keys: 0


    Scanned cookies: 7


    Infected cookies: 0

  • alexcrist
    alexcrist

    Excuse me, but I don't get it... where exactly are those 3000+ items that you are talking about? Because the log clearly says that there are no detections whatsoever.

  • AndreiRC
    AndreiRC

    No, I wasn't referring to any detections. I was referring to the items that BD Scan found in the memory area. For some reason, they went up from like 1,000 to 3,000 yesterday (I looked at the scan as it was performed, just in case you're wondering how I would know that).


    It's those items that look like this one:


    [system]=]C:\WINDOWS\system32\svchost.exe (full dump)


    It's probably not a BD related issue. I would just like to know how can so many new memory items show up overnight. If possible, of course.

  • alexcrist
    alexcrist
    edited October 2009

    Basically, that only depends on your system and the processes that you run. The number of "memory items" (as you call them) is not directly proportional with the number of running processes, because every single process can load a different number of modules (DLLs), depending of it's needs.


    And, for instance, if you were running a process that was having many modules, of course that the scanned items will go up. Also, every loaded module is scanned 3 times:


    - one, as "memory dump"


    - one, as "full dump"


    - one, as "disk" (the actual file on disk)


    There is no "normal" number of items in this case (as I said, it only depends on your system). You can lower this number by closing the processes that you don't need.


    Cris.

  • AndreiRC
    AndreiRC

    Ah, I see. So it depends on the modules. Alright, thanks for that explanation.


    I also noticed that these "items" have like some numbers included, like [3452], for instance (that number was made-up, of course). What are those numbers signifying, if you could tell me?

  • alexcrist
    alexcrist

    That number is the PID (Process Identifier) of the process which that module belongs to.


    So if the process with the PID 3452 loads a module named "module.dll", then that module (and all other modules of that process) will be marked with the number 3452.


    The PID of your processes can be seen in TaskManager.


    Cris.

All Time Leaders

Categories

Defenders of the month