Products
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Download
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Purchase
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Help me choose
Support
- Online Support
- Lost Code
Company
- Awards
- Careers
- Community Forum
- Contact
- Labs
- News
- Partners
- Press Room
- Industry News

ThreatExpert Memory Scanner (TEMS)

ThreatExpert Memory Scanner (TEMS) is an experimental lab product developed by the ThreatExpert team.

TEMS is a "post-mortem" diagnostics tool designed to detect a range of high-profile threats in different regions of a computer's memory.

This tool is designed to assist in answering a common question asked by many customers whose systems have been susceptible to threats: "Is my system still infected?"

A threat may potentially slip under the radar of conventional malware scanners by engaging in stealth techniques to stay undetected as long as possible. Often, in such a scenario, the original threat file is encrypted with polymorphic encryptors which rely on anti-debugging and anti-emulation techniques, presenting a challenging task for malware scanners in detecting it.

However, when such a threat is loaded in memory, it needs to decrypt its own malicious code, completely or partially, or it is unable to run. These stealth techniques are used by threat families including Citwail/Pandex/DieHard, Storm and Mailbot/Rustock.

NOTE: ThreatExpert Memory Scanner targets threats that are already active on a client’s computer system. It does NOT provide you with any protection or defence, nor does it replace conventional antivirus or antispyware products.

In the current beta release, the Memory Scanner does not attempt to remove any detected threats.

If the scanner is capable of locating a file linked to the offensive memory module, you may submit that file by using a stand-alone ThreatExpert Submission Applet.

If you have identified a suspicious file, you may run the submission applet to submit that file for analysis.

Once the file is submitted, ThreatExpert Automation processes it in a fully isolated environment and builds a comprehensive report that describes any detected potentially malicious behaviour. A report is submitted to you via email and a copy of it posted online at: http://www.threatexpert.com/reports.aspx

In certain rare cases, when a threat injects malicious code into a legitimate process, the Memory Scanner may be unable to locate the malicious module/s responsible for such code injection. Nevertheless, it should still be able to detect the injected malicious code and inform you if your computer is compromised or not.

NOTES:

The ThreatExpert team provides no technical support for its beta product releases.
The tool is complimentary (free), and contains no adware/spyware.
Please feel free to leave your feedback at: http://www.threatexpert.com/contact.aspx