come ogni settimana, ho fatto una scansione con questo programma : http://www.threatexpert.com/memoryscanner.aspx
Questa volta, l'ho impostato anche con questa opzione(non so a cosa serva) :
Comprehensive Heap Scan; mi dice che così potrebbero esserci qualche falsa rilevazione.
Finita la scansione, mi ha trovato tre oggetti ''Heap Memopry pages'' , che sono, a suo giudizio, ''Malicious''.
Credo che si sia sbagliato.
Questo è il report :
Full Scan Summary:
* Scan details:
o Scan started: Tuesday, March 11, 2008 14:14:24
o Scan time: 02 minutes, 25 seconds
o Number of memory objects scanned: 6685
+ processes: 42
+ modules: 1785
+ heap pages: 4858
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 3
o Overall Risk Level: High
* Summary of the detected threat characteristics:
Severity Level What's been found
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations
* Process "lsass.exe", heap page: [0x00090000 - 0x00124000]
* Process "lsass.exe", heap page: [0x00e30000 - 0x00e32000]
* Process "svchost.exe", heap page: [0x00090000 - 0x000ef000]
MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations
* Process "lsass.exe", heap page: [0x00090000 - 0x00124000]
* Process "lsass.exe", heap page: [0x00e30000 - 0x00e32000]
MS04-012: DCOM RPC Overflow exploit - replication across TCP 135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC Bots).
View detected locations
* Process "svchost.exe", heap page: [0x00090000 - 0x000ef000]
* Summary of the detected memory objects:
Severity Level Memory Object
Process "lsass.exe", heap page: [0x00090000 - 0x00124000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Process "lsass.exe", heap page: [0x00e30000 - 0x00e32000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Process "svchost.exe", heap page: [0x00090000 - 0x000ef000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-012: DCOM RPC Overflow exploit - replication across TCP 135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC Bots).
Che dite?