Author Topic: D:\pagefile.sys trojan  (Read 5335 times)

Offline jess111

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
D:\pagefile.sys trojan
« on: February 12, 2008, 08:42:50 PM »
Hi, recently my computer has been behaving very badly, it freezes up, very hard to go anywhere and so on. I did an Avast scan and it found a Win32:Agent-SG [trj] in D:\pagefile.sys. The recomended action was to move to chest but it says the disk doesnt have enough room and increasing the chest size doesn't help either. I don't want to delate the file without knowing what i'm doing so I thought I would ask for some help.
Thank you very much.

Update: Zonealarm detected a rootkit in my windows, system file. It wont let me delete it or do anything at all. It's a Rootkit.Win32.Agent.zl. I Get pop-ups all the time, my computer freeze and shuts itself down.
« Last Edit: February 13, 2008, 07:35:54 AM by jess111 »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #1 on: February 12, 2008, 09:31:39 PM »
I though that the pagefile.sys files were excluded from scans.

The pagefile.sys can be very large and I wouldn't advise increasing the size of the chest (Program Settings, Chest) I have ?:/pagefile.sys entered in my Program Settings, Exclusions, Add and copy and paste the above into the text input. The ? is a wildcard that will cater if you have a pagefile.sys in more than one partition (as I have).

I believe you can have your settings to clear the pagefile.sys on shutting down as another option.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline jess111

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #2 on: February 13, 2008, 02:06:49 AM »
Hi thank you for your answer. Does that mean it's a false positive and I should ignore it?

Offline dhanis_4us

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
How i remove Win32/NSAnti???
« Reply #3 on: February 13, 2008, 04:22:19 AM »
I can't remove this virus, what should i do? I use avast, it's can detect, but can't remove. Virus still exist. any body can help me?

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #4 on: February 13, 2008, 06:58:51 AM »
***

dhanis_4us -

Please start your own thread about your problem as it is different from the problem in this thread. That way, you will more likely get the help you need.

And ... welcome to the forums.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #5 on: February 13, 2008, 03:09:54 PM »
Hi thank you for your answer. Does that mean it's a false positive and I should ignore it?

I don't think it is possible to say one way or another as there is no way to upload it (as it is too big) to a multi-engine scanner.

The pagefile.sys is strange in that there could be fragments of information swapped in to the page file, this could possibly be a string that matches a virus signature.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline jess111

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #6 on: February 15, 2008, 05:40:48 AM »
thank you for your time. What would you advice that I do? Leave it or try to look elsewhere for a program that can remove it?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1434
  • Gender: Male
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #7 on: February 15, 2008, 06:54:51 AM »
exclude the pagefile.sys from scanning ;)

Offline maybeok0

  • Jr. Member
  • **
  • Posts: 42
  • Gender: Male
    • Personal Message (Offline)
Pagefile.sys trojan
« Reply #8 on: March 23, 2009, 04:21:25 AM »
The below woked 100% for me!!! Have carried out 3 through scans and Avast found no viruses
Use at your own risk!
Be careful in using the below as I understand there is “Some Risk” by playing around with the Computer’s Window’s Pagefile! The problem is after doing the below you may find your computer may not “Boot” at start-up??
a)   Windows XP Virus in Pagefile.
During the early part of Avast Full /Archives scan it locates this Trojan with their notification box showing [An example]  C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys
Win32:Zlob-RF [trj] Trojan Horse 090321-0, 21/03/2009.
b)   Avast suggest you send it to the “Chest”  from which you notified the Paging file is too large to transfer to the “Chest”
c)   Next go into = “Control Panel – open – Icon System –Advanced – Settings [top one]    - Advanced – Change Virtual Memory [Make a note of the Pagefile sizes your computer is set to. so you will be able to customise it back to it’s previous settings]
d)   Within – Change Virtual Memory “Delete” the Minium and maximum sizes [so there is no figures within – both boxes must clear/clean] – put radio dot into - No Paging File” = Restart your computer”.
e)   During the next Through Scan and Avast when locates this Virus, click on the Button “Delete”.
f)   Next stop the scan and Restart your computer and redo a New Full Scan. You should be clean of this virus.
g)   Go into “Change Virtual Memory” and reconfigure the “Pagefile” back to its original settings and restart your computer..
h)   Redo a New Full Scan to be sure you are clean.
Information on this file in the registers Pagefile.sys relates to a file that is currently used by Microsoft Windows to store frames of memory that do not currently fit into physical memory. The paging file allows the memory requirement to run all tasks to exceed the amount of physical memory and swapping allows multiple processes to run at the same time
Virtual memory extension
Now this is questionable? If you take above the Page File problems they may relate to me loosing some financial data/photos that I had had created a few days before? If you relate the Pagefile manages the frames of memory and the above virus contained just went in and upset/removed some of my data??


Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64873
  • Gender: Male
    • Personal Message (Offline)
Re: D:\pagefile.sys trojan
« Reply #9 on: March 23, 2009, 08:52:21 PM »
loosing some financial data/photos that I had had created a few days before?
No, pagefile.sys has nothing to do with other saved files.

If you relate the Pagefile manages the frames of memory and the above virus contained just went in and upset/removed some of my data??
Other virus could have messed your files and trace of them were detected in memory.
But, generally, this is due to false positives on pagefile.sys that could be removed from scanning.
The best things in life are free.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now