OK so i knew i had a virus because my explorer.exe was appearing and disappearing then it terminate by its self so i scan with my other OS (ubunto) using avast Win32:Virtumonde-GN [AWR] appear i have virtumonde before but this one appear at hiberfil.sys i don’t know if thats save to remove.Then in pagefile.sys i found win32:VB-EIJ.
After a while avast for Linux crash.Then i started win xp and scheduled a boot scan they seem pretty useful but…
So here are some bad news for us Avast user even after waiting a few hours for they boot scan in windows it didn’t detected no even one thing nothing, Nada, zero viruses.
So what should i do about hiberfil.sys and pagefile.sys.Also pagefile is use as RAM so my memory could also be infected even though every time you turn of you PC the memory is deleted right.
So windows editions are not scanning some files right>?
MAybe to protect because they are system files but how will you fix a virus that cant be detected.
I know pagefile.sys is suppose to be renewed but it didn’t because i could find it after rebooting with linux.
Avast didnt finished but i guest i could run another scan it probably crash because im using hardy heron(beta) if you tell me were the linux report file is i could post it here.Also i also found some virtumonde entries that avast didn’t found with malwarebytes anti-malware how can i post them to avast.
Update: ok so every time i scan my windows disk it avastgui crash at a point but in the log viewer i found this
2008-04-06 20:30:47 Found virus ‘Win32:Virtumonde-GN [Adw]’ in file ‘/media/disk-6/hiberfil.sys’.
2008-04-06 20:55:09 Found virus ‘Win32:VB-EIJ [trj]’ in file ‘/media/disk-6/pagefile.sys’.
2008-04-07 19:23:31 Found virus ‘Win32:Virtumonde-GN [Adw]’ in file ‘/media/disk-7/hiberfil.sys’.
2008-04-07 20:00:15 Found virus ‘Win32:VB-EIJ [trj]’ in file ‘/media/disk-7/pagefile.sys’.
they are the same entry only since today i didnt mount my external hdd its disk-7
the report file isnt been created because of the crashes in avast