- Sep 28, 2013
- 246
High ram usage ZAM.exe
- Thread starter koko
- Start date
This thread is being handled by a member of the staff.
- Status
On my system ZAM consumes about 200 MB at certain times, but never on that level.
I think that you should try to uninstall and reinstall ZAM, otherwise likely some conflict.
I think that you should try to uninstall and reinstall ZAM, otherwise likely some conflict.
- Sep 28, 2013
- 246
I will try, I have more then enough RAM but it seems a bit strange to me
It could be a memory leak, contact Zemana and report the issue for further information. The ZAM.exe process shouldn't be using anywhere near that amount of RAM.
- Sep 28, 2013
- 246
I will do that, thanks!
You can do it at ease from the following link (will take a few minutes at the most): Contact Us or Bug Report
Make sure to provide details such as your OS environment, other software which may cause a potential conflict (e.g. any other security software), when the issue started occurring (may help them find an issue in a recent update which may have caused the problem), etc.
It's definitely a bug as opposed to just a one-off, since the process shouldn't be using 1GB+ RAM at all; I've never seen this with Zemana before.
- Sep 28, 2013
- 246
They'll probably have gotten back to you within 2-3 days, they have a fast support team and they crack down on important issues quickly.I sended a bug report with the screenshot. Now we wait
- Aug 16, 2016
- 126
only using 102mb on mine. normally sits on 48mb, i think its scanning. So yeah definitely a bug. unless its a conflict with Kaspersky
- Sep 28, 2013
- 246
Could be, we shall see what support asks me
Do you have ZAM.exe white-listed in Kaspersky AV/IS and vice-versa?
- Aug 23, 2016
- 193
Maybe is because they upload a lot of things to the cloud so it could explain the so called usage.
- Sep 28, 2013
- 246
I have not, I am going to add both as exeption right now.
Thank you !
- Jun 9, 2013
- 6,720
Using less than 50 mb of ram here, be good to see what you get after being white-listed if it makes a difference.
Since it was not white-listed, can you use a program like Process Explorer/Process Hacker to check the modules imported into the process? (e.g. the DLLs loaded by the program - on PH for example you can Double Click the process -> Modules).
If it's possible for you to do this, can you let me know the list of modules in the ZAM.exe process?
- Sep 28, 2013
- 246
ZAM.exe, 0xde0000, 17,39 MB, ZAM
advapi32.dll, 0x75cc0000, 496 kB, Geavanceerde Windows 32 basis-API
bcd.dll, 0x66c30000, 84 kB, BCD DLL
bcryptprimitives.dll, 0x74820000, 336 kB, Windows Cryptographic Primitives Library
cfgmgr32.dll, 0x762a0000, 240 kB, Configuration Manager DLL
clbcatq.dll, 0x76210000, 564 kB, COM+ Configuration Catalog
combase.dll, 0x768f0000, 1,49 MB, Microsoft COM voor Windows
comctl32.dll, 0x744f0000, 2,02 MB, Bibliotheek met elementen voor gebruikerservaring
comctl32.dll.mui, 0xa80000, 12 kB, Bibliotheek met elementen voor gebruikerservaring
comdlg32.dll, 0x76040000, 620 kB, DLL voor gedeelde dialoogvensters
crypt32.dll, 0x76df0000, 1,53 MB, Crypto-API32
cryptbase.dll, 0x74880000, 40 kB, Base cryptographic API DLL
devobj.dll, 0x743f0000, 132 kB, Device Information Set DLL
dhcpcsvc.dll, 0x6c120000, 80 kB, DHCP Client-service
dnsapi.dll, 0x6d2b0000, 504 kB, API DLL van DNS Client
dsrole.dll, 0x67470000, 32 kB, DS Setup Client DLL
Faultrep.dll, 0x742f0000, 372 kB, DLL-bestand van crashrapporten voor Windows Gebruikersrapporten
fltLib.dll, 0x70430000, 32 kB, Filterbibliotheek
gdi32.dll, 0x76ba0000, 1,06 MB, GDI Client DLL
iertutil.dll, 0x70440000, 2,2 MB, Runtime-hulpprogramma voor Internet Explorer
imagehlp.dll, 0x762e0000, 80 kB, Windows NT Image Helper
imm32.dll, 0x75d40000, 156 kB, Multi-User Windows IMM32 API Client DLL
kernel.appcore.dll, 0x74350000, 36 kB, AppModel API Host
kernel32.dll, 0x75f00000, 1,25 MB, DLL-bestand voor Windows NT BASE API-client
KernelBase.dll, 0x76ac0000, 860 kB, DLL-bestand voor Windows NT BASE API-client
KEYCRY~3.DLL, 0x66bf0000, 96 kB, Zemana AntiLogger Free
locale.nls, 0x20000, 504 kB,
msasn1.dll, 0x75d70000, 56 kB, ASN.1 Runtime APIs
msctf.dll, 0x76590000, 1,07 MB, DLL-bestand voor MSCTF-server
msvcrt.dll, 0x767c0000, 780 kB, Windows NT CRT DLL
netapi32.dll, 0x74160000, 76 kB, Net Win32 API DLL
netutils.dll, 0x740f0000, 40 kB, Net Win32 API Helpers DLL
nsi.dll, 0x763c0000, 28 kB, NSI User-mode interface DLL
ntdll.dll, 0x770a0000, 1,43 MB, DLL-bestand voor NT-laag
ntdll.dll, 0x7ffb6e600000, 1,68 MB, DLL-bestand voor NT-laag
ntmarta.dll, 0x742c0000, 160 kB, Windows NT MARTA-provider
ole32.dll, 0x760e0000, 1,16 MB, Microsoft OLE voor Windows
oleaut32.dll, 0x76cc0000, 604 kB,
olepro32.dll, 0x674d0000, 96 kB,
powrprof.dll, 0x6cb30000, 256 kB, Helper-DLL-bestand voor energieprofiel
profapi.dll, 0x74450000, 60 kB, User Profile Basic API
propsys.dll, 0x74180000, 1,23 MB, Microsoft Eigenschappensysteem
psapi.dll, 0x76cb0000, 24 kB, Process Status Helper
rpcrt4.dll, 0x76300000, 744 kB, Runtime voor RPC (Remote Procedure Call)
sechost.dll, 0x76730000, 260 kB, Host for SCM/SDDL/LSA Lookup APIs
secur32.dll, 0x70ca0000, 40 kB, Security Support Provider Interface
security.dll, 0x70cb0000, 12 kB, Security Support Provider Interface
setupapi.dll, 0x763d0000, 1,69 MB, Windows Setup API
sfc.dll, 0x70680000, 12 kB, Windows File Protection
sfc_os.dll, 0x70420000, 60 kB, Windows File Protection
SHCore.dll, 0x74360000, 556 kB, SHCORE
shell32.dll, 0x74890000, 18,73 MB, Gemeenschappelijk DLL-bestand van Windows Shell
shell32.dll.mui, 0x3cd0000, 512 kB, Gemeenschappelijk DLL-bestand van Windows Shell
shlwapi.dll, 0x76a70000, 276 kB, Shell lichtgewicht hulpprogrammabibliotheek
SortDefault.nls, 0x28f0000, 2,83 MB,
spp.dll, 0x66c50000, 232 kB, Bibliotheek voor Microsoft® Windows Gedeeld beveiligingspunt
srclient.dll, 0x6ffc0000, 72 kB, Microsoft® Windows System Restore Client Library
srvcli.dll, 0x740d0000, 116 kB, Server Service Client DLL
sspicli.dll, 0x766b0000, 120 kB, Security Support Provider Interface
urlmon.dll, 0x66df0000, 1,29 MB, OLE32-extensies voor Win32
user32.dll, 0x75b60000, 1,32 MB, DLL-bestand voor Windows USER API-client (meerdere gebruikers)
userenv.dll, 0x747f0000, 108 kB, Userenv
uxtheme.dll, 0x71020000, 948 kB, DLL-bestand Microsoft UxTheme
version.dll, 0x74810000, 32 kB, Version Checking and File Installation Libraries
vssapi.dll, 0xf330000, 1,11 MB, Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll, 0x67480000, 68 kB, Traceringsbibliotheek voor Microsoft® Volume Shadow Copy-service
winhttp.dll, 0x6ebc0000, 632 kB, Windows HTTP-services
wininet.dll, 0x70d20000, 2,36 MB, Internetuitbreidingen voor Win32
winmm.dll, 0x747b0000, 140 kB, MCI API DLL
winmmbase.dll, 0x74420000, 140 kB, Base Multimedia Extension API DLL
winspool.drv, 0x74480000, 404 kB, Windows Spoolerstuurprogramma
winsta.dll, 0x71840000, 276 kB, Winstation Library
wintrust.dll, 0x76780000, 244 kB, Microsoft Trust Verification APIs
wkscli.dll, 0x740b0000, 68 kB, Workstation Service Client DLL
wow64.dll, 0x76fd0000, 300 kB, Win32 Emulation on NT64
wow64cpu.dll, 0x77020000, 36 kB, AMD64 Wow64 CPU
wow64win.dll, 0x77030000, 416 kB, Wow64 Console and Win32 API Logging
ws2_32.dll, 0x76f80000, 316 kB, Windows Socket 2.0 32-bits DLL-bestand
wtsapi32.dll, 0x747e0000, 60 kB, Windows Remote Desktop Session Host Server SDK APIs
advapi32.dll, 0x75cc0000, 496 kB, Geavanceerde Windows 32 basis-API
bcd.dll, 0x66c30000, 84 kB, BCD DLL
bcryptprimitives.dll, 0x74820000, 336 kB, Windows Cryptographic Primitives Library
cfgmgr32.dll, 0x762a0000, 240 kB, Configuration Manager DLL
clbcatq.dll, 0x76210000, 564 kB, COM+ Configuration Catalog
combase.dll, 0x768f0000, 1,49 MB, Microsoft COM voor Windows
comctl32.dll, 0x744f0000, 2,02 MB, Bibliotheek met elementen voor gebruikerservaring
comctl32.dll.mui, 0xa80000, 12 kB, Bibliotheek met elementen voor gebruikerservaring
comdlg32.dll, 0x76040000, 620 kB, DLL voor gedeelde dialoogvensters
crypt32.dll, 0x76df0000, 1,53 MB, Crypto-API32
cryptbase.dll, 0x74880000, 40 kB, Base cryptographic API DLL
devobj.dll, 0x743f0000, 132 kB, Device Information Set DLL
dhcpcsvc.dll, 0x6c120000, 80 kB, DHCP Client-service
dnsapi.dll, 0x6d2b0000, 504 kB, API DLL van DNS Client
dsrole.dll, 0x67470000, 32 kB, DS Setup Client DLL
Faultrep.dll, 0x742f0000, 372 kB, DLL-bestand van crashrapporten voor Windows Gebruikersrapporten
fltLib.dll, 0x70430000, 32 kB, Filterbibliotheek
gdi32.dll, 0x76ba0000, 1,06 MB, GDI Client DLL
iertutil.dll, 0x70440000, 2,2 MB, Runtime-hulpprogramma voor Internet Explorer
imagehlp.dll, 0x762e0000, 80 kB, Windows NT Image Helper
imm32.dll, 0x75d40000, 156 kB, Multi-User Windows IMM32 API Client DLL
kernel.appcore.dll, 0x74350000, 36 kB, AppModel API Host
kernel32.dll, 0x75f00000, 1,25 MB, DLL-bestand voor Windows NT BASE API-client
KernelBase.dll, 0x76ac0000, 860 kB, DLL-bestand voor Windows NT BASE API-client
KEYCRY~3.DLL, 0x66bf0000, 96 kB, Zemana AntiLogger Free
locale.nls, 0x20000, 504 kB,
msasn1.dll, 0x75d70000, 56 kB, ASN.1 Runtime APIs
msctf.dll, 0x76590000, 1,07 MB, DLL-bestand voor MSCTF-server
msvcrt.dll, 0x767c0000, 780 kB, Windows NT CRT DLL
netapi32.dll, 0x74160000, 76 kB, Net Win32 API DLL
netutils.dll, 0x740f0000, 40 kB, Net Win32 API Helpers DLL
nsi.dll, 0x763c0000, 28 kB, NSI User-mode interface DLL
ntdll.dll, 0x770a0000, 1,43 MB, DLL-bestand voor NT-laag
ntdll.dll, 0x7ffb6e600000, 1,68 MB, DLL-bestand voor NT-laag
ntmarta.dll, 0x742c0000, 160 kB, Windows NT MARTA-provider
ole32.dll, 0x760e0000, 1,16 MB, Microsoft OLE voor Windows
oleaut32.dll, 0x76cc0000, 604 kB,
olepro32.dll, 0x674d0000, 96 kB,
powrprof.dll, 0x6cb30000, 256 kB, Helper-DLL-bestand voor energieprofiel
profapi.dll, 0x74450000, 60 kB, User Profile Basic API
propsys.dll, 0x74180000, 1,23 MB, Microsoft Eigenschappensysteem
psapi.dll, 0x76cb0000, 24 kB, Process Status Helper
rpcrt4.dll, 0x76300000, 744 kB, Runtime voor RPC (Remote Procedure Call)
sechost.dll, 0x76730000, 260 kB, Host for SCM/SDDL/LSA Lookup APIs
secur32.dll, 0x70ca0000, 40 kB, Security Support Provider Interface
security.dll, 0x70cb0000, 12 kB, Security Support Provider Interface
setupapi.dll, 0x763d0000, 1,69 MB, Windows Setup API
sfc.dll, 0x70680000, 12 kB, Windows File Protection
sfc_os.dll, 0x70420000, 60 kB, Windows File Protection
SHCore.dll, 0x74360000, 556 kB, SHCORE
shell32.dll, 0x74890000, 18,73 MB, Gemeenschappelijk DLL-bestand van Windows Shell
shell32.dll.mui, 0x3cd0000, 512 kB, Gemeenschappelijk DLL-bestand van Windows Shell
shlwapi.dll, 0x76a70000, 276 kB, Shell lichtgewicht hulpprogrammabibliotheek
SortDefault.nls, 0x28f0000, 2,83 MB,
spp.dll, 0x66c50000, 232 kB, Bibliotheek voor Microsoft® Windows Gedeeld beveiligingspunt
srclient.dll, 0x6ffc0000, 72 kB, Microsoft® Windows System Restore Client Library
srvcli.dll, 0x740d0000, 116 kB, Server Service Client DLL
sspicli.dll, 0x766b0000, 120 kB, Security Support Provider Interface
urlmon.dll, 0x66df0000, 1,29 MB, OLE32-extensies voor Win32
user32.dll, 0x75b60000, 1,32 MB, DLL-bestand voor Windows USER API-client (meerdere gebruikers)
userenv.dll, 0x747f0000, 108 kB, Userenv
uxtheme.dll, 0x71020000, 948 kB, DLL-bestand Microsoft UxTheme
version.dll, 0x74810000, 32 kB, Version Checking and File Installation Libraries
vssapi.dll, 0xf330000, 1,11 MB, Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll, 0x67480000, 68 kB, Traceringsbibliotheek voor Microsoft® Volume Shadow Copy-service
winhttp.dll, 0x6ebc0000, 632 kB, Windows HTTP-services
wininet.dll, 0x70d20000, 2,36 MB, Internetuitbreidingen voor Win32
winmm.dll, 0x747b0000, 140 kB, MCI API DLL
winmmbase.dll, 0x74420000, 140 kB, Base Multimedia Extension API DLL
winspool.drv, 0x74480000, 404 kB, Windows Spoolerstuurprogramma
winsta.dll, 0x71840000, 276 kB, Winstation Library
wintrust.dll, 0x76780000, 244 kB, Microsoft Trust Verification APIs
wkscli.dll, 0x740b0000, 68 kB, Workstation Service Client DLL
wow64.dll, 0x76fd0000, 300 kB, Win32 Emulation on NT64
wow64cpu.dll, 0x77020000, 36 kB, AMD64 Wow64 CPU
wow64win.dll, 0x77030000, 416 kB, Wow64 Console and Win32 API Logging
ws2_32.dll, 0x76f80000, 316 kB, Windows Socket 2.0 32-bits DLL-bestand
wtsapi32.dll, 0x747e0000, 60 kB, Windows Remote Desktop Session Host Server SDK APIs
Is this what you mean ?
Yeah, that was what I was after; but do not worry about it anymore, I was just interested to see if I would find a Kaspersky DLL present in the address space of ZAM.exe (since it wasn't white-listed) but it appears not (which means Kaspersky won't be altering the execution flow of ZAM.exe via hooks, unless of course it used a different injection technique which was more stealth to hide the fact that the DLL was loaded in the program, which could always be done to help prevent malware detecting presence of Kaspersky monitoring, similar to how they search for sandbox/virtualisation and then alter their behaviour).
I did notice that ZAM.exe imports KEYCRY~3.DLL which is apart of Zemana AntiLogger Free, therefore it could always be a bug present in a function exported by this DLL, as opposed to within ZAM.exe code itself. But who knows, you reported the issue so for sure ZAM team will work hard to hunt down the problem and fix it.
- Sep 28, 2013
- 246
Yeah, that was what I was after; but do not worry about it anymore, I was just interested to see if I would find a Kaspersky DLL present in the address space of ZAM.exe (since it wasn't white-listed) but it appears not (which means Kaspersky won't be altering the execution flow of ZAM.exe via hooks, unless of course it used a different injection technique which was more stealth to hide the fact that the DLL was loaded in the program, which could always be done to help prevent malware detecting presence of Kaspersky monitoring, similar to how they search for sandbox/virtualisation and then alter their behaviour).
I did notice that ZAM.exe imports KEYCRY~3.DLL which is apart of Zemana AntiLogger Free, therefore it could always be a bug present in a function exported by this DLL, as opposed to within ZAM.exe code itself. But who knows, you reported the issue so for sure ZAM team will work hard to hunt down the problem and fix it.
Thanks for the explanation
Indeed, I will just wait for the support request.
Is ZAM.exe still using too much memory (e.g. similar to the amount you mentioned in the original post via the screenshot, 1GB+)?Thanks for the explanation
Indeed, I will just wait for the support request.
- Sep 28, 2013
- 246
I have been monitoring it since then and right now I have 300mb. It gets in between 20 and 300. So it seems stable for now
- Status
Similar threads
