Clearing RAM for PC's

Gateway / Mx6436
March 12, 2013 at 11:52:44
Specs: Windows XP, 1.794 GHz / 1370 GB Ram
Is it true that if you manually remove a computers/laptops memory for a few minutes that EVERYTHING stored on it will be erased?

See More: Clearing RAM for PCs

Report •

#1
March 12, 2013 at 12:17:32
If you are referring to the RAM modules, you don't even have to remove them.
RAM content is lost whenever you restart or shutdown your PC, unless you shut down using the "hibernate" option.

When you choose the "hibernate" option, Windows writes the existing contents of RAM to the hard drive before shutting down. Next time you start Windows, it writes that data back into RAM so everything is just as you left it.


Report •

#2
March 12, 2013 at 14:50:14
Memory is RAM. If by any chance you mean "Hard Disk" then that will retain everything on shut down.

Always pop back and let us know the outcome - thanks


Report •

#3
March 12, 2013 at 18:22:19
I meant the memory modules that can be taken out or upgraded.

I have had Live/bootable scanners detect malware on my memory modules before in the past.


Report •

Related Solutions

#4
March 12, 2013 at 19:22:44
Some idiot reporter for CNN posted an article a couple of years ago stating that memory actually holds data for a short while even after the computer is shut off.

It drove the computer illiterate crowd into a frenzy.

Technically yes, computer memory holds data for a few nanoseconds after the computer is shut off. How fast is that, we'll think how fast you can blink, then divide that by 1 million or so. That is how long it can store data.


Report •

#5
March 12, 2013 at 21:19:12
If a malware scan detected something in ram then, as already mentioned, it'll go away when you turn off the computer. However the source of the malware is almost certainly on your hard drive.

Report •

#6
March 13, 2013 at 07:02:16
Dave,

The computer had been shut off.

As to the CNN reporter, they may have been on to something.

When I got this laptop years ago and I was using its Manufacturers Technical Support to resolve issues I remember them getting me to remove the laptops RAM in hopes to solve problems with no favorable results. I can now see why I had so many problems after running them Live scanners that the software provided was riddled with malware.

When you run a Live virus scanner it requires you to reboot to the ROM drive or wherever you have the Live scanner stored.

I would agree that the cause of the malware is someplace hidden on the hardrive, but it must be in one of them archives that is unable to be scanned because during the same scan nothing was detected on the hard drive, just the memory.


Report •

#7
March 13, 2013 at 08:00:44
As to the CNN reporter, they may have been on to something.

He was talking absolute total rubbish. Indeed the RAM used in your computer is so volatile, even with power applied, that it has to be refreshed every 15 ms to stop it losing its contents. That is why it is called Dynamic RAM. Static RAM doesn't need a refresh. Static RAM is used for the cache memory in your CPU. Static RAM is used because it is extremely fast and extremely expensive compared to Dynamic RAM. It still loses its contents when power is removed.

The only memory that may retain its contents is CMOS memory, the type that is used to store your BIOS settings and has a battery specifically to retain ts contents. That can retain its contents for a some seconds when power is removed but not so long that you can make any use of it.

Then there is ROM which does retain its contents indefinitely but that's a different thing altogether.

If you suspect you have malaware, before running a scan disable System Recovery and reboot before doing the scan. This will rewove any System files from the System Volume Information folder which scanners cannot get to and malware often hides.

There are all kinds of weird and wonderful places malware can hide, the registry being on of them which is stored on the hard disk.

I can assure you,virus do not rely on RAM retaining its contents to preserve itself.

Stuart


Report •

#8
March 13, 2013 at 20:30:29
Advice: If/when you suspect that your system is infected, reboot into Safe Mode and scan from within safe mode. This will generally prevent most infections from being active (not in RAM, not hiding, not counter-attacking) so they can be found and removed more completely. I recommend Malwarebytes as the first back up scanner when you think something has slipped past your antivirus program. Your choice of antivirus program may also make a great difference in you getting these infections (as well as good sound browsing practices) in the first place. If you keep an image of your hard drive when it is clear of infections and everything is running exactly the way you want it to, You can overwrite the disk with the stored disk image, recover your most up to date back up (personal files), and you are completely back in business in practically no time (even really nasty root Infections).

You have to be a little bit crazy to keep you from going insane.


Report •

#9
March 14, 2013 at 16:24:33
When I say Live/bootable scanner I am referring to those .ISO files you can download and burn to a disc to load at start up that supposedly loads itself to the computers physical memory only(but I noticed that Kaspersky creates a folder in the C: partition) where you can run a scan without having any hard disk files start during the boot.

I was told that the capacitors(I forget exactly for how long they were saying other than it is quicker to unplug it rather than wait days/weeks) on the mainboard store energy which in turn allows any information saved to the physical memory to remain unless manually unplugged from the mainboard and thats why technical help will sometimes ask to remove them to troubleshot certain problems.

hahaha, that is funny Stuart when you say that a virus does not rely on RAM to perserve itself, I got a chuckle from that. It makes me wonder about L1&2 cache memory and what can be stored on that. I have no idea what you are referring to when you mention ROM but I may come back to that at a much later time?

Thanks for the advice Tickle but I am NOT a fan of Malewarebytes after learning the hard/expensive way that this program is susceptible to reporting red hearings/or things that are not applicable. I used to use it but not after the last time I took my computer into a shop to have it inspected for maleware and requesting that it be used in conjunction with my full security software to detect any problems(not at the same time, just thought that while it was in the shop to have it tested/checked for its accuracy with my Operating System mostly to see if it was glitches in Operating System or if it was the free version of Malewarebytes which I was told any free virus software should not be taken seriously only as an indicator....) and was told that it listed and was known to list false positives.

I stopped using System Restore long long time ago. It is quicker to make an image of XP and load that then try to troubleshoot what is going on. That and whenever something goes wrong I was never lucky enough to troubleshoot it successfully. Its finding and adding new things to an image that make imaging software tricky to manage.


Report •

#10
March 14, 2013 at 17:10:20
If you want to ensure your capacitors on the mobo are discharged, shut down, remove the power plug (battery too if it's a laptop) and hold the power off/on button in for about 20 secs. Without even residual power there is no chance the RAM will then hold anything. Microchips without power (apart from those that are flashable such as BIOS) cannot hold a thing.

Any anti-malware program can have false positives but I've not found MWB particularly bad in this respect. Helpers on this forum suggest it regularly and I've not seen a case reported where it has wrecked anything. Not everything that computer fixers at repair shops say is correct. Often the only reason they can claim they are "professional" is because they scrape a living out of it. They can often be surprisingly weak on detailed technicalities.

"hahaha, that is funny Stuart when you say that a virus does not rely on RAM to preserve itself, I got a chuckle from that. It makes me wonder about L1&2 cache memory".
Well, you need to wonder because L1 & L2 cache is not stored in RAM.

Always pop back and let us know the outcome - thanks


Report •

#11
March 14, 2013 at 18:04:15
ROM - Read only Memory. It is what the BIOS is stored in. EPROM to give it is full title. Erasable, Programmable, Read Only Memory

I think Derek that you will find that it is a long tome since L1 and L2 cache has been mounted on chips on the motherboard. The last CPU to use cache on the motherboard was the Pentium 1 and even then L1 Cache was incorporated in to the CPU core. Since the Pentium Pro both L1 and L2 Cache has been part of the CPU. Indeed, modern CPUs even have a L3 Cache.

The reason that Viruses do not use L1&L2 Cashe is because they cannot get at it. It is outside the memory map and only the CPU has access to it. Plus the fact that is not very big. 256 kBytes is not unusual.and it is constantly changing.

L1 and L2 Cashe is RAM. It can be accessed randomly as opposed to a serial fashion. RAM in this context is an adjective, not a noun. Strictly speaking even ROM is a type of RAM but RAM has come to describe any kind of volatile memory. and the L1 and L2 cache is certainly volatile.

While on the subject of capacitors, the memory element in DRAM is a capacitor. While the capacitor on the motherboard may take a while to discharge, they are gigantic compared to the size of the capacitors in a memory chip That is why they need the constant refresh as they can discharge in ms.

Stuart


Report •

#12
March 14, 2013 at 19:41:55
StuartS

"I think Derek that you will find that it is a long tome since L1 and L2 cache has been mounted on chips on the motherboard."

Ooops, I'm obviously showing my age. Thanks for bringing me into the 21st century - I've removed the outdated line in my #10.

Always pop back and let us know the outcome - thanks


Report •

#13
March 14, 2013 at 20:15:46
The only reason you were told that free antivirus software and free Malwarebytes are not good is so that the shop can sell you antivirus software and convince you to take the system in to them to have them periodically scan your machine when you can do this yourself without paying them all that money.
As a point of fact, Free versions of Avast antivirus is better than 95% of the pay for antivirus programs, especially the more expensive 'popular' antivirus programs sold out there. Malwarebytes Free (and paid for versions) continue to be a very reliable tool for double checking your system for anything that may have slipped by your antivirus program. This is needed because even the best, most expensive, enterprise level antivirus suite cannot claim to keep out 100% of malware 100% of the time. You have to learn who to listen to and who has their own (or their boss') motives.

Forget the infections in memory already. an infection loads itself into memory to do it's nasty work, but it is saved on your hard drive. Every time you shut down for more than a fraction of a second, it is gone. As soon as you start up again, it reloads, unless you boot to Safe Mode, which is why it is better for finding and removing the nasty software. A Root Virus is much harder to remove, and there, I agree that sometimes it is just easier to reimage the drive rater than waste the time (assuming you keep a reasonably current image around) removing it and repairing the system.

You have to be a little bit crazy to keep you from going insane.


Report •

#14
March 14, 2013 at 20:32:56
Yeah, it's unfortunate that on those occasions when you booted directly to your virus/malware program you didn't make a note of the name(s) of the stuff it found. If it was one of those oddball ones that hide in unconventional places then a little research should tell you where.

But they definitely are not hiding in your ram.


Report •

Ask Question