This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fragments found, how do I go about finding more

Running SAV on Ubuntu, I was scanning drives of a Windows-virtual machine (mounted the VMDK-files) and the memory-snapshot of that VM (i.e. the SnapshotXX.vmem), using the following command:

  • savscan -dn -f --no-stop-scan -rec -archive /mnt/windows_mount

I added -dn to see it making progress, -f for full scan, --no-stop-scan to force scanning large files as the pagefile.sys, -rec for recursive scanning (obviously), and all -archive

SAV reports two hits

  1. fragments of a malware in pagefile.sys (the mounted VMDK-files)
  2. fragments of another malware i the VMEM-file

To rule out false positive, how do I go about finding more useful information than of the above?

Kind regards



This thread was automatically locked due to age.
Parents Reply Children
No Data