Win32:Adloader-AC [trj] is this a false positive ?

[justalice]

Hi ... Using Vista sp1 , under my pagefile i'm getting a trojan found by Avast >>

Win32:Adloader-AC [trj] has been found in E:\pagefile.sys

I'm using 4.8 home free version build July2008 4.8.1229 everything is I believe up to date , same with Vista .

Question: Should Avast scan the pagefile ? If not ? Then how does it find something that it shouldn't scan ? Can someone explain this so I have a better understanding ?

Thanks

[DavidR]

Well as far as I'm aware avast shouldn't scan the pagefile.sys, however your pagefile.sys is outside the normal c:\pagefile.sys location so only that may be being excluded.

I used to have my pagefile.sys split over two HDDs and used ?:\pagefile.sys in both the:
Program Settings, Exclusions and
Standard Shield, Advanced, Add, list of exclusions.

The question mark ? is a single character wildcard so if you have the pagefile.sys in multiple or a different location that should cater for that.

[justalice]

Hi , Thanks for responding . I have 2 hard drives with Vista and XP . When I boot into XP that were the E: comes for Vista . I am doing an Avast scan while using XP and that when I would get the alert . I did added the pagefile into Exclusions , What I don't understand is why does Avast come out with this alert in the first place ?

Thanks

[DavidR]

You're welcome.

The pagefile.sys is a somewhat strange file in that it is constantly changing as data is swapped in and out from memory to this file and it is possible in doing so that it just happens to match a signature.

I don't fully understand it either, I'm an avast user just like yourself.

[justalice]

Okay , thanks any ways . I do hope a Avast tech person would answer my question .

[ibell63]

Hi, I have windows 7 installed on my machine with a wubi installation of Ubuntu and avast linux home edition running in Ubuntu and I also have this false positive when scanning the windows files with the scanner from within Ubuntu.

Path:  /host/pagefile.sys
Virus Name : Win32:Adloader-AC[Trj]
VPS Version: 100929-1, 9/29/2010

[DavidR]

I suggest that you exclude that file in the same way as outlined in my Reply #1 above. This will obviously be slightly different in the avast 4 Linux version as this topic/forum related to the windows version of avast.