My computer has a dual boot of w2k and w98. After a crash (perhaps caused by the virus), I scan the entire computer from the w98 boot. When scanning the w2k partition, it detects RedArc-1594 in my PAGEFILE.SYS.
I clear it and boot back up to w2k, When scanning again in W2k no virus is found, but afther a while the computer hangs again, and a wirus can be detected in the PAGEFILE.SYS same as before.
Ive been trying to find information about this virus RedArc-1594 on the net, and info about how it infects, and how to clear it. But cant find anything usefull.
Does anyone know what to do and where to look? I really dont want to reformat the entire drive.
If the “virus” is found only in the swap file and nowhere else, you don’t have to be worried. The content of the swap file is not reused after restart, so it cannot do any harm to you.
Of course, it doesn’t answer the question how did the signature get there… ???
Reading about similar issues with the PAGEFILS.SYS, leads me to think that this issue is caused by having the RedArc-1594 signature from the AV program in memory/swap file when crashing the computer in W2K. This makes AV detect it as a virus when scanning form W98.
Ergo; - no viruses on my computer anymore… for now… perhaps…
The only problem I see, is why is it that the only virus it detects is this RedArc-1594 in the pagefile.sys file?
I mean that there should be other signatures in there as well no?
If anyone has some kind of information on this RedArc-1594 virus, i would so much apreciate it, but its not really reported somewhere i can find it with google or other search engines.
:-\
I think avast does not report more, because it stops scanning the file if found a Virus. If they remove the signature for that Virus, it would report an other one.
The reason you can not find any infos on google is, that it is a real old dos virus and was never ITW. It is a Zoo Virus.
avast! 4 doesn’t keep the virus signatures in plaintext (not even in memory) - so the signature could not get into the swap file this way.
With avast32, it may happen occasionally.
Sorry to go on abut this, but im not really able to rest my mind untill i know wether this is a false alarm or not. I thought i was but im clearly not.
Pherhaps a total restore (FORMAT C:) is the best way after all… :-\