The widespread use of the Internet has caused computer security to become an important issue. Currently, antivirus software is the primary mechanism that prevents computers from the damage of viruses. Such a mechanism relies on the update of virus patterns (or signatures) to detect new viruses. However, serious damage is usually caused before the update occurs. In addition, a few modification of the same virus can pass the pattern matching. This is one reason that the quantity of new viruses has exceeded 600 per month. This situation has also caused inefficiency in virus scans. To overcome the above problems, a new memory symptom-based approach is proposed in this paper. This idea comes from how diseases are diagnosed in real life. Doctors diagnose diseases based on the symptoms of a patient, such as a fever, a cough, etc., rather than based on the type of virus. Similarly, the program execution requires the usage of computer resources, such as CPU, memory, network, etc. We define the usage of a resource as a ”symptom” of the program. Viruses can be detected according to their symptoms. In this paper, we focus on the memory symptom. The memory symptom of an unknown program is sampled, encoded, and matched with those of sample programs. Then a certainty factor (CF) value is computed to represent the possibility that the unknown program is a virus. In the experimental study, 109 test programs were detected. According to the analysis of the confusion matrix, a true positive rate can be as high as 97 percent, and a false positive rate can be 13 percent while the unknown rate is only 18 percent. This shows that the memory symptom-based approach is effective for virus detection.