pagefile.sys always have diff viruses...

[sonny082006]

...good day, I would like to seek for your help on how to free from viruses my d:\pagefile.sys because only avast w/ vps ver 743-3 could detect that it has the ff;
5.27.07  detected Int13.512 (quarantined)
5.26.07  detected Win32 nurech-af (deleted)
5.18.07  detected win32 Zlob-rf (deleted )
5.16.07  detected win32 Dialer-DW (deleted)
5.08.07 detected Saturday 14th-669 (deleted)
5.06.07 detected Whiplash 4592-B (deleted)
I also noticed that when I'm dialing my slrundll.exe (smartlink) a messages prompt me that "windows is increasing the memory for ..." Why is that? Is it possible that another infected files is trying to create/access pagefile.sys? How can I detect which file is it? Please advise on how to free from viruses pagefile.sys.Thanks in advance - fr sonny (note ; XP sp2 , dual boot  c:=w98 & d:=xp , already run AVG Antispyware,Adware,Spybot,CCleaner,ComodoPF,Bitdepender and AVast in w98)

[sonny082006]

Logfile of HijackThis v1.99.1
Scan saved at 6:28:10 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\WINDOWS\system32\slserv.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\system32\VTTimer.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\program files\softwin\bitdefender8\bdnagent.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Documents and Settings\sonny\Desktop\procexp.exe
D:\WINDOWS\system32\slrundll.exe
D:\Program Files\Opera\Opera.exe
D:\HJT\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BDNewsAgent] "d:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F1A397-01AE-4A1D-9E04-33FA55EE580B}: NameServer = 210.14.16.5 210.14.16.2
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: SmartLinkService (SLService) -   - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Lisandro]

Is d:\pagefile.sys your virtual memory file for XP? Did you set it to be there?
Messages prompt me that "windows is increasing the memory for ..." are related to few memory available. How much RAM do you have? Did you change default settings of virtual memory?
Does this occur when you're booted in W98 or XP?

[sonny082006]

...thanks for replies, the messages always prompted every time i connect to internet(dial up) using XP on drive D:, I've set my virtual page file size to custom fr 144 - 288 MB while on win98 it is set to no paging file.I have 256 ram and i dont know the default settings of virtual memory in xp...please advise.This pagefile.sys always have a virus as detected by Avast, is there a way to make this file free from viruses?Why is pagefile.sys prone to viruses?And why other anti-virus detected none on pagefile.sys ie AVG,Bitdefender,Sav32cli.exe and scan.exe of mcaffee.Also i've tried sending pagefile.sys to virustotal and jotti but to no virus found either.Please enlighten me on this pagefile.sys 's viruses.Thanks a lot.

[Lisandro]

I dont know the default settings of virtual memory in xp...please advise.

1.5 * 256Mb RAM = 384 (as minimum)

This pagefile.sys always have a virus as detected by Avast, is there a way to make this file free from viruses?

Generally, this file is into the exclusion list of avast to avoid this detection.
This is a temporary file that shouldn't affect your system IF it is clean?
Did you run a thorough scanning with avast or a boot time scanning with avast?

And why other anti-virus detected none on pagefile.sys ie AVG,Bitdefender,Sav32cli.exe and scan.exe of mcaffee.

Are you using more than one antivirus at a time?

Also i've tried sending pagefile.sys to virustotal and jotti but to no virus found either.

Just you can't even upload the file. It's more than the 10-15Mb limit size...

[DavidR]

The default settings for virtual memory is to let XP manage it, but as a general rule of thumb for manual settings is 1.5 times RAM as Tech mentioned.

I would suggest you upgrade your memory to 512MB (or higher) and you should see an improvement in overall system performance.

I Have two Hard disks and manually set mine up differently, with a fixed size pagefile of 128MB in drive C: (this means that it doesn't grow or shrink and to a certain extent avoids pagefile fragmentation) and another of 896-1536MB on drive F: my second HDD. Cmbined this is a little over 1.5 times my RAM of 1GB.

I also have the ?:\pagefile.sys in my exclusions, the ? is a wildcard that excludes pagefile.sys on any of my drives.

[Lisandro]

?:\pagefile.sys

I think that option is there by default, isn't it?
I don't remember to have added it and it's there...

[DavidR]

No it isn't, or it wasn't when I first added it.

The problem is it isn't in the On-demand exceptions, which is why it is being scanned. I don't know what the original posters scan sensitivity was or if .sys files will be scanned on all sensitivities.

[Lisandro]

No it isn't, or it wasn't when I first added it.

Maybe this was an 'old' setting that comes from my old installations, continuously updated but not installed from the scratch.

[DavidR]

I can't recall I have had a couple re-installs but mostly updates in the 3 years plus I have had avast, sometimes I saved the avast4.ini other times not. It is hard to recall the original default settings.

[sonny082006]

...sorry just arrive from work...for now I follow Tech's advice and it seems working.Thanks a lot and the windows virtual paging file already disappeared.Now I will add the exclusion of pagefile.sys in Avast. I run several thorough scanning of avast in w98 and double check it with another command line antivirus so far it didn't find anything.Again thanks a lot for your kind assistance...

[Lisandro]

Again thanks a lot for your kind assistance...

You're welcome. Feel free to come back any time you need help