Latest edition of Avast Home edition free. Ran scan in safe mode. Avast found trojan, Win32:Agent-CoH[tri] in G:\pagefile.sys on external hard drive, used to check an malfunctioning O/S.(Can’t find much on the web on this virus for some reason) Wanted to move to quarantine in virus chest but virus chest would not work, stating error. The only option available was to delete the file.
Two Questions:
How do I restore chest function for safe mode? Or perhaps the chest function does not work when external hard drive is being scanned?
Pagefile.sys seems to be an important file. What are the consequences from having deleted this file, if any, and how do I restore the proper file?
What’s the exactly reason? Too big for the Chest? The Chest is full? The file is being used (most probably)?
Chest works on normal Windows boot and at boot time. It does not work in Safe Mode (I can’t remember exactly…) due to services are not running.
But I think the pagefile.sys is not a file to be sent to Chest: it’s a memory swap file, there is no interest on keep them. You can delete it.
I suggest you disable the virtual memory on the usb drive.
This will delete that file. Boot. Delete if it still there. Enable virtual memory on that disk again and it will be recreated.
Hello Tech. Thank you for your comments. If I understand you correctly, we can run avast in safe mode, but the virus chest will not work in safe mode. That seems odd to me. The whole idea of running a virus check in safe mode is to be able to be more thorough. It’s not always a good idea to delete files, ie. in case of a false positive on an important file.
Anyways, since Avast said the pagefile.sys had that trojan I listed, I took the gamble and deleted it. I will follow your ideas and see what happens. Regards.
Sorry… not sure, need to test. But I think your assertment is right.
Safe mode is a reduced, very reduced, Windows environment. There are a lot of services that can’t run in Safe Mode. It’s an operational system restriction, not an avast one.
I’ve just recently had that problem. I got the same virus, but it was in \memory.dmp and it was on my actual computer’s harddrive, not an external hard drive.
I tried to move it to the chest, but it would’t let me. It said there wasn’t enough disk space… so I deleted it. I dunno why it said that though. I have tons of disk space. I didn’t even run it in safe mode! So I don’t think that’s the reason as to why. And if it’s windows inability to do that while in safe mode, shouldn’t avast know this problem and have it fixed somehow? Like remember the data and allow you to boot to normal mode so you can then chest it er something?
Try having a look at the file in question. It could well be big, very big. A pagefile.sys file could easy run to 2Gb, and the default maximum in the Avast chest is rather less than that…256Mb I think.
You can change the chest maximum size via program settings.
The pagefile can be set to delete automatically on shutdown via a simple registry adjustment. Shutdown will then take 1-2 min longer, but any malware within should also be deleted with it.
Let me know (anyone) if you want the reg setting to modify.
The memory.dmp file is created as a result of a crash and depending on how much memory you have and your OS settings this file could be quite large as Targ57 said. At the time of the crash the contents of memory are saved to disk so if there happened to be a virus in memory it would be in the memory.dmp file.
Fortunately the memory.dmp file is redundant seconds after it is created, unless you have the knowledge, tools, or a friend to analyse the dump to see if it can reveal anything. I assume you have neither of these and the memory.dmp file is likely to be old (creation date) which makes of even less worth. So I would delete it (going against my normal advice to send it to the chest) as if you have a crash in the future it would make a new memory.dmp file.