Dear All,

After scanning with Avast v4.8 yesterday it detected this Win32:WinSpy-CK [trj] in D:\pagefile.sys. I have tried to remove it & move to chest but cannot. I am using windows vista. Should i schedule a boot time scan & remove it then or is there any other method. Your help is very much appreciated. Thanks in advance.

Regards,
Lam

This is the memory swap file. It’s renewed each time you use
It should be excluded by default into avast settings.
?:\pagefile.sys

I think it will be too big to be moved to Chest (and won’t worth anyway).

Dear Tech,

Is this Win32:WinSpy-CK [trj] in D:\pagefile.sys a false alarm cause i want to make sure if it is a nasty trojan in my pc. If it is a trojan then i would like some recommendation in getting rid of it. Thank you.

pagefile.sys is a temporary file. Seems a false positive detection in it.
To be sure you’re clean, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.