Author Topic: D:\pagefile.sys trojan  (Read 11987 times)

0 Members and 1 Guest are viewing this topic.

jess111

  • Guest
D:\pagefile.sys trojan
« on: February 12, 2008, 10:42:50 PM »
Hi, recently my computer has been behaving very badly, it freezes up, very hard to go anywhere and so on. I did an Avast scan and it found a Win32:Agent-SG [trj] in D:\pagefile.sys. The recomended action was to move to chest but it says the disk doesnt have enough room and increasing the chest size doesn't help either. I don't want to delate the file without knowing what i'm doing so I thought I would ask for some help.
Thank you very much.

Update: Zonealarm detected a rootkit in my windows, system file. It wont let me delete it or do anything at all. It's a Rootkit.Win32.Agent.zl. I Get pop-ups all the time, my computer freeze and shuts itself down.
« Last Edit: February 13, 2008, 09:35:54 AM by jess111 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: D:\pagefile.sys trojan
« Reply #1 on: February 12, 2008, 11:31:39 PM »
I though that the pagefile.sys files were excluded from scans.

The pagefile.sys can be very large and I wouldn't advise increasing the size of the chest (Program Settings, Chest) I have ?:/pagefile.sys entered in my Program Settings, Exclusions, Add and copy and paste the above into the text input. The ? is a wildcard that will cater if you have a pagefile.sys in more than one partition (as I have).

I believe you can have your settings to clear the pagefile.sys on shutting down as another option.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jess111

  • Guest
Re: D:\pagefile.sys trojan
« Reply #2 on: February 13, 2008, 04:06:49 AM »
Hi thank you for your answer. Does that mean it's a false positive and I should ignore it?

dhanis_4us

  • Guest
How i remove Win32/NSAnti???
« Reply #3 on: February 13, 2008, 06:22:19 AM »
I can't remove this virus, what should i do? I use avast, it's can detect, but can't remove. Virus still exist. any body can help me?

CharleyO

  • Guest
Re: D:\pagefile.sys trojan
« Reply #4 on: February 13, 2008, 08:58:51 AM »
***

dhanis_4us -

Please start your own thread about your problem as it is different from the problem in this thread. That way, you will more likely get the help you need.

And ... welcome to the forums.


***

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: D:\pagefile.sys trojan
« Reply #5 on: February 13, 2008, 05:09:54 PM »
Hi thank you for your answer. Does that mean it's a false positive and I should ignore it?

I don't think it is possible to say one way or another as there is no way to upload it (as it is too big) to a multi-engine scanner.

The pagefile.sys is strange in that there could be fragments of information swapped in to the page file, this could possibly be a string that matches a virus signature.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jess111

  • Guest
Re: D:\pagefile.sys trojan
« Reply #6 on: February 15, 2008, 07:40:48 AM »
thank you for your time. What would you advice that I do? Leave it or try to look elsewhere for a program that can remove it?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: D:\pagefile.sys trojan
« Reply #7 on: February 15, 2008, 08:54:51 AM »
exclude the pagefile.sys from scanning ;)

maybeok0

  • Guest
Pagefile.sys trojan
« Reply #8 on: March 23, 2009, 06:21:25 AM »
The below woked 100% for me!!! Have carried out 3 through scans and Avast found no viruses
Use at your own risk!
Be careful in using the below as I understand there is “Some Risk” by playing around with the Computer’s Window’s Pagefile! The problem is after doing the below you may find your computer may not “Boot” at start-up??
a)   Windows XP Virus in Pagefile.
During the early part of Avast Full /Archives scan it locates this Trojan with their notification box showing [An example]  C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys
Win32:Zlob-RF [trj] Trojan Horse 090321-0, 21/03/2009.
b)   Avast suggest you send it to the “Chest”  from which you notified the Paging file is too large to transfer to the “Chest”
c)   Next go into = “Control Panel – open – Icon System –Advanced – Settings [top one]    - Advanced – Change Virtual Memory [Make a note of the Pagefile sizes your computer is set to. so you will be able to customise it back to it’s previous settings]
d)   Within – Change Virtual Memory “Delete” the Minium and maximum sizes [so there is no figures within – both boxes must clear/clean] – put radio dot into - No Paging File” = Restart your computer”.
e)   During the next Through Scan and Avast when locates this Virus, click on the Button “Delete”.
f)   Next stop the scan and Restart your computer and redo a New Full Scan. You should be clean of this virus.
g)   Go into “Change Virtual Memory” and reconfigure the “Pagefile” back to its original settings and restart your computer..
h)   Redo a New Full Scan to be sure you are clean.
Information on this file in the registers Pagefile.sys relates to a file that is currently used by Microsoft Windows to store frames of memory that do not currently fit into physical memory. The paging file allows the memory requirement to run all tasks to exceed the amount of physical memory and swapping allows multiple processes to run at the same time
Virtual memory extension
Now this is questionable? If you take above the Page File problems they may relate to me loosing some financial data/photos that I had had created a few days before? If you relate the Pagefile manages the frames of memory and the above virus contained just went in and upset/removed some of my data??


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: D:\pagefile.sys trojan
« Reply #9 on: March 23, 2009, 10:52:21 PM »
loosing some financial data/photos that I had had created a few days before?
No, pagefile.sys has nothing to do with other saved files.

If you relate the Pagefile manages the frames of memory and the above virus contained just went in and upset/removed some of my data??
Other virus could have messed your files and trace of them were detected in memory.
But, generally, this is due to false positives on pagefile.sys that could be removed from scanning.
The best things in life are free.