Pagefile infected by win32:notre

system · 2007-12-03T10:42:42.000Z

VLK as you suggested : I got a warning that on the HD, which is not in use, the pagefile is infected … what to do to get rid of this pest ??? It seems that I’m not the only one who got this warning when using Avast! http://help.com/post/12362-pagefilesys-has-been-infected-with

Lisandro · 2007-12-03T14:56:32.000Z

For this particular false positive (pagefile), as a workaround, you can add the file to the Standard Shield provider (on-access scanning) exclusion list (if it is not still there by default).
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…

Maxx_original · 2007-12-03T21:26:42.000Z

scanning of pagefile.sys is excluded by default afaik…

RejZoR · 2007-12-03T21:31:31.000Z

Thats correct. With mask:

?:\PAGEFILE.SYS

This will apply the exclusion rule to any drive…

Lisandro · 2007-12-04T00:21:05.000Z

Tech post:2:

if it is not still there by default

It should…

system · 2007-12-04T08:54:21.000Z

strange but yesterday evening I rescanned my 2 HD’s and the result was : nada, nothing found !! So maybe it was a “mistake” made by the prog or by the pc or …by me … :

Maxx_original · 2007-12-04T09:55:16.000Z

nope… it’s only a randomness of “dumping” to swapfile… pagefile contains many footprints of swapped processes and it’s quite possible, that some part of many times rewritten area looks “viral” ;)… that’s the reason why pagefile.sys is excluded by default…

DavidR · 2007-12-04T14:35:18.000Z

How then is the pagefile.sys being scanned if it is excluded by default, my only though is that the exclusions don’t have it. This was detected by an on-demand scan by insider.

On my system it is in the standard shield exclusions but not in the Program Settings, Exclusions, so it would be scanned by the on-demand scan and ashquick.exe if used.

So if it is in the Standard Shield exclusions by default, why not the the Program Settings, Exclusions ?

Announcements