How to Remove PUP:Win32-perflogger-CG [PUP]

Viruses and worms
1

My PC running slow on Win 7. I Removed Disk and Scan with Avast5 PC and found a PUP:Win32-perflogger-CG [PUP] in Pagefile.sys , which it deleted. Install disk and boot to win 7. Then Remove and scan again and found the virus again. Do you guys know how to clean this, so it does not come back ?? Thanks -M

2

Read This - http://forum.avast.com/index.php?topic=39794.0

3

When you opt to scan for PUPs (Potentially Unwanted Program), then expect some unusual results. Perfect Keylogger (or a keylogger), to which I believe this relates would be classed as unwanted if you hadn’t installed it.

So have you installed a keylogger on your system, as it would be running all the time and may well be in the pagefile.sys ?

4

no I did not install any Key loggers

5

Is the PC yours, e.g. not purchased by someone else or shared by someone else ?
Some put keyloggers on to monitor user activity (parents, etc.)

So I’m a little surprised that it is only detected in the pagefile.sys file, if it is indeed installed on your system.

6

My PC, not shared. Im as surprise as you that only the page file. I’m in the middle of runnig another scan (from another PC). After, I will put the Drive back in the PC and Start on Safe mode and Run a Scan (Avast) to see what happens. I have multiple PCs, so I have run Scans with McAfee, Avira, MalwareBytes and it comes out clean, it only report it in Avast. Starting to suspect is a Faulse positive.

7

The pagefile.sys is a pretty strange beast and it changes as files/memory data is swapped in and out, so there could be some strange blocks of data that may match a signature. Normally the pagefile.sys is excluded from scans.

So I don’t know what your scan was (Custom most likely), but the inclusion of a) PUP option, which is also normally off by default (in Quick, Full System scan) may be why. Also if you elect to have all files scanned, that would over-ride the pagefile.sys exclusion I guess.

I too suspect it may be a false positive, but given the file, there really is no to check as you can hardly send a file that would be at lease as large as your memory for analysis.

I would ensure that you have the page file excluded from this custom scan, after all for it to have gotten in there it would first have to have been loaded/run and I would have though it would be detected at that point and not later on an on-demand scan.