Pagefile infected by win32:notre

[insider]

VLK as you suggested : I got a warning that on the HD, which is not in use, the pagefile is infected .... what to do to get rid of this pest It seems that I'm not the only one who got this warning when using Avast! http://help.com/post/12362-pagefilesys-has-been-infected-with

[Lisandro]

For this particular false positive (pagefile), as a workaround, you can add the file to the Standard Shield provider (on-access scanning) exclusion list (if it is not still there by default).
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...

[Maxx_original]

scanning of pagefile.sys is excluded by default afaik...

[RejZoR]

Thats correct. With mask:

?:\PAGEFILE.SYS

This will apply the exclusion rule to any drive...

[Lisandro]

if it is not still there by default

It should...

[insider]

strange but yesterday evening I rescanned my 2 HD's and the result was : nada, nothing found !! So maybe it was a "mistake" made by the prog or by the pc or ...by me ....

[Maxx_original]

nope.. it's only a randomness of "dumping" to swapfile.. pagefile contains many footprints of swapped processes and it's quite possible, that some part of many times rewritten area looks "viral" .. that's the reason why pagefile.sys is excluded by default...

[DavidR]

How then is the pagefile.sys being scanned if it is excluded by default, my only though is that the exclusions don't have it. This was detected by an on-demand scan by insider.

On my system it is in the standard shield exclusions but not in the Program Settings, Exclusions, so it would be scanned by the on-demand scan and ashquick.exe if used.

So if it is in the Standard Shield exclusions by default, why not the the Program Settings, Exclusions ?