Win32:Sytro-AB [WRM]

[uncle-buck]

Installed avast! this morning and had it scan my PC. It detected Win32:Sytro-AB [WRM] in a file called pagefile.sys that is located on a supplemental hard drive. I think that's the paging file from an old computer whose drive I added to my existing system.

I tried moving the file to the Virus Chest, but was not successful.

Is this a false positive? How do I determine whether or not that particular paging file is being used by my current system?

Thanks in advance for any help.

[polonus]

Hi uncle-buck,

There has been reports of this being a false positive avast found with a ZoneAlarm update, is there a relation there with the supplemental hard-drive?
Aliases:
P2P-Worm.Win32.Sytro.g   VirusBlokAda Vba32
W32/Forlorn-D   Sophos SWEEP virus detection utility
W32/Sytro.G@p2p (exact)   F-PROT ANTIVIRUS for Linux
W32/Sytro.worm.gen!p2p    McAfee Virus Scan for Linux
Win32.HLLW.Sytro   Doctor Web Ltd, Dr.Web (R) for Linux
Worm.P2P.Sytro.G   Clam AntiVirus
Worm.P2p.Sytro.G   Bitdefender/Linux-Console
WORM/Sytro.G1   AVIRA Desktop for UNIX
WORM/Sytro.P2P.F   AVIRA Desktop for UNIX

Try to scan the file in question by uploading to virustotal.com and give us the results as an attached txt file to your next posting, if any of the above scanners at virustotal.com do not flag it and only avast flags it, it could be a false positive because of heuristic scanning,

polonus

[uncle-buck]

polonus, I turned off ZoneAlarm's anti-spyware feature, rescanned, and it was not detected - so I think you are correct about it being a false positive. Thanks for your help!

[polonus]

Hi uncle-buck,

Thanks for checking that for us, so we could clear that particular issue here in this thread. Somehow because of earlier reactions on the forum that hunch came up with me, and I was right. Well, also thanks for stopping by here. Stay safe and secure on the World Wide Web is my wish and my command,

polonus (malware fighter)