I'm a bit amused and annoyed with my Anti-virus software this time.
I was doing a Mem2 Scan with the 90 addresses via USBGecko and Wiird, and my antivirus program pops up saying that Block 46/52 is associated with the MyDoom email virus.
Has anybody else experienced this before?
Quote from: Arudo on October 04, 2010, 04:58:59 AM
I'm a bit amused and annoyed with my Anti-virus software this time.
I was doing a Mem2 Scan with the 90 addresses via USBGecko and Wiird, and my antivirus program pops up saying that Block 46/52 is associated with the MyDoom email virus.
Has anybody else experienced this before?
While this is hardly believable it is possible that memory dumps can contain code which seems suspicious for anti virus applications. This should not happen but it is technically possible!
I'm reminded of a quote.
"an infinite number of monkeys smashing away at keyboards randomly forever will eventually produce the complete works of Shakespeare."
It's entirely possible that the heuristics that the anti-virus scanner uses to detect a virus got fooled by the random order of bits in the memory dump.
Must be the case, it stopped doing that after I started scanning again.
The only thing I can think is that the memory values in a set sequence had similarities to data sequences in the virus.
It's NOT the virus itself, just that the variables in that memory area at the time of the dump just happened to coincide with similar patterns found in the viral signature that your AV uses...
This would be like a 1 in a billion billion chance to happen, and since it didn't trigger the alert the next time you dumped the ram, this would mean that the sequence of data from that region had changed in the game, as would be expected.
Kinda like trying to guess the winning lottery numbers! lol
better you win in lotto instead of this :P
Hmm, now if i was a games developer, i would know what to do with free memory...
Getting the payload to the victim is the easy part. Getting the payload executed is more difficult...
If they could just place some binary dumps of common viruses in the free space they could make any virus scanner go nuts if we do some searches.
That's what i thought. Getting the virus to be actually executed would require them to find an exploit in Wiird. But if a virus would show up on the virus scanner everytime you scan the memory of a game, that would be a nice way to say 'hello' for the game devs. I would do that just for the fun of it.