new to using avast and a new trojan...

Hi all. im new to using avast and so far i like it. its fast and very efficient. i scanned today on my new pc that hasn’t had any antivirus protection in about 4 months and i got a trojan showing up in my C:\pagefile.sys so i clicked chest, but it said the disk wasn’t big enough. i thought, o well, ill just look it up and see if i can just delete it. but it seems that the specific trojan i have (Win32:Adloader-AC) has almost never been encountered before. it only brings up about 4 pages of search results on Yahoo. i was about to delete it, but i wanted to make sure… so i came here and i noticed a post that was saying to not delete your pagefile.sys and put it in exclusions. i go to check exclusions… and it IS excluded, yet it was still scanned?

just to make things clear: i have 2 harddrives and dualboot setup.
C:\ has Vista Home Premium
D:\ has XP

i conducted the scan from within XP, but as i said the trojan was found in C:\pagefile.sys (vista)

i also heard that avast will sometimes incorrectly call things trojans/viruses/ect. when they are in fact not. so is this Adloader-AC really a trojan? and how do i really exclude the pagefile.sys from my scans?

Hi, jasonhtml.
You can turn off your’s computer behavior to make pagefile.sys (it’s system file) for a while. It will erase pagefile.sys with trojan in it. After it you may make a boot-scan to be sure that Win32:Adloader-AC was deleted. Then you can turn it on (but I don’t know how to do it; and I will not install Vista until Microsoft release SP1 or better SP2 :)).

The Program Settings, Chest allows for the size of the chest and file to be added to be increased.

However I have seen a number of pagefile.sys detections and I’m not sure about its validity, unfortunately because of the size of the pagefile.sys you can’t really upload it to be scanned by VirusTotal or Jotti, multi-engine scanners.

I would say the best way to deal with it is to clear the pagefile.sys on exit

[b]Shutdown: Clear virtual memory pagefile[/b]

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

This setting determines whether the virtual memory Pagefile is cleared when the system is shut down. On a running system, the Pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system Pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the Pagefile is not available to an unauthorized user who manages to directly access the Pagefile.

When this policy is enabled, it causes the system Pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled on a portable computer system.

Default: Disabled

You can reverse (change to Disable)this change after the reboot where the detected pagefile.sys is cleared, hopefully the newly created one won’t have the detection.

These instructions should work for XP though there should be a corresponding action in Vista.

thx ill try that out tomorrow as its a bit late now.

No problem, let us know how you get one and if there are any differences for Vista.

Welcome to the forums.