Author Topic: Win32:Adloader-AC [trj] is this a false positive ?  (Read 11477 times)

0 Members and 1 Guest are viewing this topic.

Offline justalice

  • Jr. Member
  • **
  • Posts: 20
Win32:Adloader-AC [trj] is this a false positive ?
« on: September 29, 2008, 02:37:11 PM »
Hi ... Using Vista sp1 , under my pagefile i'm getting a trojan found by Avast >>

Win32:Adloader-AC [trj] has been found in E:\pagefile.sys

I'm using 4.8 home free version build July2008 4.8.1229 everything is I believe up to date , same with Vista .

Question: Should Avast scan the pagefile ? If not ? Then how does it find something that it shouldn't scan ? Can someone explain this so I have a better understanding ?

Thanks
« Last Edit: September 29, 2008, 04:28:01 PM by justalice »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #1 on: September 29, 2008, 04:51:22 PM »
Well as far as I'm aware avast shouldn't scan the pagefile.sys, however your pagefile.sys is outside the normal c:\pagefile.sys location so only that may be being excluded.

I used to have my pagefile.sys split over two HDDs and used ?:\pagefile.sys in both the:
Program Settings, Exclusions and
Standard Shield, Advanced, Add, list of exclusions.

The question mark ? is a single character wildcard so if you have the pagefile.sys in multiple or a different location that should cater for that.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline justalice

  • Jr. Member
  • **
  • Posts: 20
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #2 on: September 29, 2008, 07:12:59 PM »
Hi , Thanks for responding . I have 2 hard drives with Vista and XP . When I boot into XP that were the E: comes for Vista . I am doing an Avast scan while using XP and that when I would get the alert . I did added the pagefile into Exclusions , What I don't understand is why does Avast come out with this alert in the first place ?

Thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #3 on: September 29, 2008, 07:24:30 PM »
You're welcome.

The pagefile.sys is a somewhat strange file in that it is constantly changing as data is swapped in and out from memory to this file and it is possible in doing so that it just happens to match a signature.

I don't fully understand it either, I'm an avast user just like yourself.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline justalice

  • Jr. Member
  • **
  • Posts: 20
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #4 on: September 29, 2008, 10:56:40 PM »
Okay , thanks any ways . I do hope a Avast tech person would answer my question .

Offline ibell63

  • Jr. Member
  • **
  • Posts: 73
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #5 on: September 30, 2010, 06:27:42 AM »
Hi, I have windows 7 installed on my machine with a wubi installation of Ubuntu and avast linux home edition running in Ubuntu and I also have this false positive when scanning the windows files with the scanner from within Ubuntu.

Path:  /host/pagefile.sys
Virus Name : Win32:Adloader-AC[Trj]
VPS Version: 100929-1, 9/29/2010
OS: Windows 8.1 Pro x64.  Antivirus: Avast! Free
Broswer: Chrome Beta  w/ AdBlockPlus, LastPass, and WOT.
On demand scanners: MBAM, SAS, Spybot, and HitmanPro.
Other: EMET

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84901
  • No support PMs thanks
Re: Win32:Adloader-AC [trj] is this a false positive ?
« Reply #6 on: September 30, 2010, 03:28:30 PM »
I suggest that you exclude that file in the same way as outlined in my Reply #1 above. This will obviously be slightly different in the avast 4 Linux version as this topic/forum related to the windows version of avast.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security